Open GrayHatLabs opened 2 weeks ago
This issue may will help you:https://github.com/apache/apisix/issues/11657
Adding this config block to config.yaml:
apisix:
ssl:
ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt
This issue may will help you:#11657
Adding this config block to config.yaml:
apisix: ssl: ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt
Thank you I will try this.
I added this to the config.yml and confirmed that both files exist on the container. I am still seeing the same error.
Also, please note that the vault server certificate is a valid certificate signed by Godaddy, which has a CA chain that might be part of the issue.
Is there any way for me to tell APISIX to trust a certificate?
apisix:
ssl:
ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt
ssl_trusted_certificate: /usr/local/share/ca-certificates/vault-ca.crt
global_rules:
-
id: 1
plugins:
Key-auth:
header: "Authorization"
routes:
- id: "test_route"
uri: "/test"
plugins:
key-auth: {}
upstream:
type: roundrobin
scheme: "https"
nodes:
"postb.in:443": 1
consumers:
- username: nemus_dupper
plugins:
key-auth:
key: $secret://vault/1/nemus_dupper/auth-key
secrets:
- id: vault/1
ssl_verify: false
prefix: apisix
token: hvs.asdfasdfasdfasdfasdf
uri: https://vault.mydomain.com:8200
api-gateway-1 | 2024/11/22 22:57:04 [error] 39#39: *97758 [lua] secret.lua:180: fetch(): failed to fetch secret value: failed to retrtive data from vault kv engine: 20: unable to get local issuer certificate, client: 172.18.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:8080"
api-gateway-1 | 2024/11/22 22:57:04 [warn] 39#39: *97758 [lua] plugin.lua:1174: run_plugin(): key-auth exits with http status code 401, client: 172.18.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:8080"
api-gateway-1 | 172.18.0.1 - - [22/Nov/2024:22:57:04 +0000] 127.0.0.1:8080 "GET / HTTP/1.1" 401 52 0.006 "-" "curl/8.2.1" - - - "http://127.0.0.1:8080"
Current Behavior
I am running Api Six in stand-alone mode and want to use Vault for secret management.
I am using the Docker images, and I keep getting this error. I don't know how to add certificates to the trust.
Expected Behavior
I would like it to call the vault server I've specified in the config.
Error Logs
Steps to Reproduce
Environment
apisix version
):uname -a
):openresty -V
ornginx -V
):curl http://127.0.0.1:9090/v1/server_info
):luarocks --version
):