Open kajogo777 opened 5 years ago
same for versions 3.0.2 & 3.0.0
what :3080
is supposed to mean? --proxy accepts host:port
address, we should probably prohibit the form you are passing.
i am using --proxy=domain:443, what wrong form am i passing? i am not using 3080
the included logs show that after i type in my password and 2nd factor OTP, the clients try to authenticate by connecting to 3080 instead of 443 which i specified via host:port
i substituted my domain name with "domain" in the log snippets i included, and ip with "ip"
That's probably because port 3080
is specified in your configuration file, can you post it here without secrets?
443 is specified in my proxy configuration file as well this worked perfectly well with 2.6.7, and the web interface 3.1.1 also works (i am able to login and ssh)
... proxy_service: enabled: yes listen_addr: ip:3023 tunnel_listen_addr: 127.0.0.1:3024 web_listen_addr: ip:443 public_addr: domain ...
which configuration file are you referring to?
same issue +1
Teleport v3.2.2 git: go1.12.5
I fix it by make teleport behind the Traefik,
and reverse the traffic from traefik:443 -> teleport:3080 traefik:3080 -> teleport:3080
@kajogo777
I think this is a bug
Got a similar problem: installed teleport cluster helm chart (Version: 8.3.4) with the following values:
clusterName: "teleport.example.com"
kubeClusterName: prod-rke-cluster
authenticationType: local
labels:
environment: prod
type: k8s
tenant: admin
acme: false
highAvailability:
certManager:
addCommonName: true
enabled: true
issuerName: letsencrypt-<issuername>
issuerKind: ClusterIssuer
Exposed the https service via loadbalancer service of our citrix netscaler over the port 3080.
Now when I try to login via tsh the following error occurs:
$ tsh --proxy=teleport.example.com:3080 --auth github login
ERROR: Post "https://teleport.example.com:443/v1/webapi/github/login/console": remote error: tls: unrecognized name
why does it try on port 443??
Now when I try another port, the correct port for the POST request was chosen:
$ tsh --proxy=teleport.example.com:3081 --auth github login
ERROR: Get "https://teleport.example.com:3081/webapi/ping/github": context canceled
Probably a CLI bug imo
Such a shame this is still an issue after all these years..... Essentially the only way we can make this work is by deploying it behind a loadbalancer (aws, traefik, nginx etc.). Which creates a bunch of other unsolved TLS issues..
+1 Same problem Teleport v11.1.1
What happened:
tsh login --proxy=domain:443
error timeout trying to connect to port 3080 instead of 443
What you expected to happen:
be able to login
How to reproduce it (as minimally and precisely as possible):
tsh login --proxy=domain:443
Environment:
teleport version
): 3.1.1tsh version
): 3.1.1Relevant Debug Logs If Applicable
INFO [CLIENT] no host login given. defaulting to client/api.go:700
INFO [CLIENT] [KEY AGENT] Connected to the system agent: "/run/user/1000/keyring/ssh" client/api.go:1907
DEBU [CLIENT] not using loopback pool for remote proxy addr: domain:443 client/api.go:1868
DEBU [CLIENT] HTTPS client init(proxyAddr=domain:443, insecure=false) client/weblogin.go:531
DEBU [CLIENT] not using loopback pool for remote proxy addr: domain:3080 client/api.go:1868
Enter password for Teleport user user_name: Enter your OTP token:
DEBU [CLIENT] HTTPS client init(proxyAddr=domain:3080, insecure=false) client/weblogin.go:531
ERROR REPORT: Original Error: *trace.ConnectionProblemError dial tcp ip:3080: i/o timeout