How can I use Ambassador Emissary -ingress for TLS?
I have a really quick question. To clarify something I have to share with you my postman result.
I am using 2 articles to be successful for that:
https://www.getambassador.io/docs/emissary/pre-release/topics/install/
https://www.getambassador.io/docs/emissary/pre-release/howtos/tls-termination/
I am trying to add TLS for my Ambassador Ingress. Everything looks good. Please look below
But When I am sending a request over https (look above postman) it returns to me error : "Error: Client network socket disconnected before secure TLS connection was established"
My deployment.yaml will be usefull for solving my issue:
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: echo-server
template:
metadata:
labels:
app: echo-server
spec:
containers:
- name: echo-server
image: jmalloc/echo-server
ports:
- name: http-port
containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: echo-service
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8443
selector:
app: echo-server
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: echo-backend
namespace: default
spec:
hostname: "*"
prefix: /echo/
service: echo-service
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorListener
metadata:
name: emissary-ingress-listener-8080
namespace: emissary
spec:
port: 8080
protocol: HTTPPROXY
securityModel: XFP
hostBinding:
namespace:
from: ALL
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorHost
metadata:
name: wildcard-host
spec:
hostname: "*"
acmeProvider:
authority: none
tlsSecret:
name: tls-cert
selector:
matchLabels:
hostname: wildcard-host
also I am using curl to be sure
```C
curl -Lk https://143.198.247.222/echo/
{
"server": "trim-kumquat-fccjxh8x",
"quote": "Abstraction is ever present.",
"time": "2019-07-24T16:36:56.7983516Z"
}
Emissary and Edge Stack actually handle TLS identically – given that curl works, I'm inclined to think that what you're seeing here is that you're following the directions to get a self-signed TLS certificate, and Postman is simply being stricter about certificates than curl is.
If you drop the -k from curl, I would expect it to fail too. Likewise, if you're doing HTTPS from a browser, most browsers are very picky about proper certificates. So I'd recommend that you start by getting a properly-signed certificate (perhaps from Let's Encrypt?), and try that.
- Best practices for developing scalable video transcoding server on Amazon Web Services?
- Upload via presigned request - 403 forbidden for Unicode Filename
- Enable compression for AWS SQS Java API or how to tell if it's already on?
- Getting no basic auth credential from AWS ECR when pulling image
- How to load npm modules in AWS Lambda?
- Amazon EFS vs S3: Which is better for appending small chunks of data to large files?
- Is there a way to delay DynamoDB stream emissions while nearly parallel data is upserted to a record?
- Push docker image to amazon ecs repository
- AWS SSM Agent - Using the aws cli, is there a way to list all the AWS instances that are missing the SSM agent?
- CloudFormation is not authorized to perform: iam:PassRole on resource
- S3 - Access-Control-Allow-Origin Header
- How to run AWS codeartifact login and keep default registry
- aws s3api restore-object permission error
- AWS Amplify Functions allow.resource() not working
- Is it possible to enrich a message on an sqs queue
- Does EKS Auto Mode use AWS Load Balancer Controller?
- kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
- AWS Elasticache -- How to flush node from console?
- How to parameterize prevent_destroy lifecycle configuration in Terraform?
- RDS instance start: which subnet/AZ is selected?
- Connection refused error (127.0.0.1:4566) for Localstack S3
- Problem with file directory link in amazon s3
- Can I use aws-advanced-jdbc-wrapper with MySQL?
- Creating Lambda Snapstart with Typescript CDK
- How to force SQL Server container to immediately update MDF file in Docker volume?
- AWS Cloudwatch agent config file removed after startup
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function