You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/05/27 09:04:18 UTC
[GitHub] [apisix] Uangski opened a new issue #4322: request help: etcd TLS 模式疑问
Uangski opened a new issue #4322:
URL: https://github.com/apache/apisix/issues/4322
你好,我有 etcd集群,设置了 tls 方式连接,有 ca-file、key-file 以及 cert-file 三个文件,如何配置 apisix .conf 呢?
模板里是这么配置的
etcd:
host:
- "https://admin.apisix.dev:22379"
prefix: "/apisix"
tls:
cert: t/certs/mtls_client.crt
key: t/certs/mtls_client.key
模板里只有 cert和key 。没有ca选项,最终连接不了 etcd集群。请问下我这种情况,该如何配置呢?
### Issue description
### Environment
Request help without environment information will be ignored or closed.
* apisix version (cmd: `apisix version`):
* OS (cmd: `uname -a`):
* OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
* etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
* apisix-dashboard version, if have:
* luarocks version, if the issue is about installation (cmd: `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Uangski commented on issue #4322: request help: etcd TLS 模式疑问
Posted by GitBox <gi...@apache.org>.
Uangski commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-849515007
设置相关参数,如下:
ssl_trusted_certificate: "/opt/etcd/ssl/ca.pem"
tls:
key: "/opt/etcd/ssl/client-key.pem"
cert: "/opt/etcd/ssl/client.pem"
verify: true
日志报错:
2021/05/27 10:09:13 [error] 44#44: *16 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
2021/05/27 10:09:13 [error] 44#44: *24 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
2021/05/27 10:09:13 [error] 45#45: *34 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
2021/05/27 10:09:13 [error] 45#45: *49 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
请问有可能是哪里出问题了呢?用 etcdctl --endpoints="https://192.168.58.128:2379" --cacert="/opt/etcd/ssl/ca.pem" --key="/opt/etcd/ssl/client-key.pem" --cert="/opt/etcd/ssl/client.pem" get /apisix/plugins 是可以返回内容的。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4322: request help: etcd TLS
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-851323949
Closed as lack of response.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #4322: request help: etcd TLS 模式疑问
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-849493740
@Uangski You should set `ssl_trusted_certificates` item, see https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L116 for the details.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #4322: request help: etcd TLS
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #4322:
URL: https://github.com/apache/apisix/issues/4322
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] waringid commented on issue #4322: request help: etcd TLS
Posted by GitBox <gi...@apache.org>.
waringid commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-962813808
> 设置相关参数,如下: ssl_trusted_certificate: "/opt/etcd/ssl/ca.pem" tls: key: "/opt/etcd/ssl/client-key.pem" cert: "/opt/etcd/ssl/client.pem" verify: true 日志报错: 2021/05/27 10:09:13 [error] 44#44: *16 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer 2021/05/27 10:09:13 [error] 44#44: *24 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer 2021/05/27 10:09:13 [error] 45#45: *34 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer 2021/05/27 10:09:13 [error] 45#45: *49 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer 请问有可能是哪里出问题了呢?用 etcdctl --endpoints="https://
192.168.58.128:2379" --cacert="/opt/etcd/ssl/ca.pem" --key="/opt/etcd/ssl/client-key.pem" --cert="/opt/etcd/ssl/client.pem" get /apisix/plugins 是可以返回内容的。
这个问题解决了吗?我也遇到同样的情况。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #4322: request help: etcd TLS 模式疑问
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-849546522
@Uangski See https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L210, you should use the OpenResty for APISIX.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org