Open JuneZhao opened 6 years ago
Port 443 TCP/UDP is needed to be compatible with Cisco AnyConnect.
If you are not using AnyConnect as the client you can change the port to any number you liked.
And you might need a root privilege to use 443 port.
@TommyLau Really appreciate your explanation so I would like to know below things:
-p 443:443 -p 443:443/udp
So can I change it to 443:443/tcp 8443:443/udp so that I can deploy to k8s since two same ports looks like impossible to be mapped in my k8s cluster.
By the way the certificate is integrated to the image right? Every time when I try to connect the credentials is the only thing needed right? :)
@TommyLau I have successfully deployed to my k8s cluster, just would like to know where can I find the certificate so that I dont need to input credentials everytime?
Under certs I see below /etc/ocserv/certs # ls ca-key.pem ca.pem ca.tmpl server-cert.pem server-key.pem server.tmpl
Wher is p12?
You should reference the documentation from Docker here: https://docs.docker.com/engine/reference/commandline/run/
The default setting ocserv
will run on port 443
only, and the first number is the port to be exposed in the container, you should change the latter one but not the first one if you really like to provide the services in different ports other than 443.
for eg: -p 443:8443 -p 443:9443/udp
That's to say, it will listen on your host's 8443 TCP and 9443 UDP.
The certificate was no integrated, it will be generated the first time you create and run the container, you can check out the scripts, and only username / password is needed for the default setting. Or you can change to certificate authentication as you wish by modifying the config files.
You can generate your own certificate without using Docker nor ocserv.
ocserv
copy from the official websitefor eg:
docker run --name test -v /some/path:/etc/ocserv tommylau/ocserv
Make sure you have ocserv.conf
in directory /some/path
, change accordingly.
@TommyLau It is something different than I thought and here is my yaml file I thought the latter part is the container port....
apiVersion: v1 kind: Service metadata: name: ocservsrv labels: app: ocserv spec: type: NodePort ports:
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-ocserv spec: replicas: 1 template: metadata: labels: app: ocserv spec: containers:
Thanks for the certification part I will try that :)
Came across the image here and wonder whether you have the example yaml file to deploy it to k8s?
I noticed it needs two port 443 and 443/udp i find it impossible to expose the service on k8s?
Any help?