Docker EE UCP - How to resolve x509 error when deploying stack?
I have installed and configured UCP with 3 manager nodes behind an external load balancer. There are also 6 workder nodes. I can run the UCP Web UI, but when I try to deploy a stack, I get an error. Deploying a stack via the command line on a manager node also works fine.
Here is my setup screen:
docker-compse.yml
version: "3.5"
services:
nginx:
image: nginx:1-alpine
ports:
- 8000:80
And then I get the following error message within the Web UI "console" output:
error during connect: Get https://<myucp-load-balancer>:443/v1.39/info: x509: certificate signed by unknown authority
I am running on RHEL7 and have trusted the self-signed cert/ca at the system level on ALL nodes in the cluster. Does docker or UCP have its own trust store?
Is there another way to tell UCP to trust the self-signed cert for its own load balancer?
I found my solution. UCP has to manage SSL. The external load balancer had to be set to passthrough SSL.
āSince UCP does all of the auth management it requires that the SSL certificate be installed in UCP and the load balancer pass through connections to UCP for SSL termination. You can install the Certificate from the UI by logging into UCP as an admin user and going to Admin Settings -> Certificates . The steps are outlined here in the docs: https://docs.docker.com/ee/ucp/admin/configure/use-your-own-tls-certificates/ā
- Consul and Tomcat in the same docker container
- Allocate configuration for the cluster in ECS, where each instance receives a unique value
- Missing parameter name in MongoDB repository causing MappingException
- Untrusted Certificate Error when connecting to SQL Server running in Docker from .NET 7 API in VS2022
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- Docker: "no matching manifest for windows/amd64 in the manifest list entries"
- Running PostgreSQL docker image on a different Port
- Docker bind mount directory vs named volume performance comparison
- AWS InvalidSignatureException, Signature expired when running from docker container
- Error copying file to container using Podman on Windows 11
- Adding postgress connections to pgadmin in docker file
- Bytedeco Tesseract API not working inside Docker
- Can I install Docker on Synology DS418?
- Docker build pull access denied, repository does not exist or may require
- Default encryption key in Nexus Sonatype 3.73
- VS Code Docker dev container error at end of process
- How to allow image pull from one project to another in openshift?
- How to use Puppeteer in 2nd gen Cloud Functions?
- Kubernetes Deployment populates wrong Persistent Volume
- Set the 'start-interval' of a healthcheck in docker-compose.yml
- Adding New Database Drivers in Docker
- npm package.json and docker (mounting it...)
- Docker Desktop 1node Kubernetes Jenkins share docker.sock from host into agent docker container
- Docker health check always returning as unhealthy
- Docker-compose can't import Django (ModuleNotFoundError)
- Docker compose on cross-platform environment
- Angular does not retrieve objects nor messages from django endpoints on docker
- At least one invalid signature was encountered
- Installing docker-compose-plugin on amazon linux 2
- Configure reverse-proxy for Keycloak docker with custom base URL