Open greedy52 opened 1 year ago
The other possibility is that we try both 443 and 3080 like tsh
does when no port is provided, but this will make joining more complex. I think that technically as https:
implies :443
, using that port by default when the schema is provided would be a better idea.
I looked into this a little bit more.
There are a few other places making the assumption the default port is 3080 (e.g. public_addrs). And the defaults span multiple layers too (fileconf, servicecfg, etc). It will be a lot of work to update all of them to also check for https:
schema.
Also, if we do change the default port to 443 for https:
, it may break some existing environments where 3080 is expected.
Thus, instead of updating the default port based on https:
, I am considering printing a warning when no port is provided. And in a few releases, maybe we can require the port to be always specified.
The other possibility is that we try both 443 and 3080 like tsh does when no port is provided, but this will make joining more complex.
I think this way is the most robust. But we will have to keep all our client implementations up-to-date.
-1 for trying both. I'd like to get away from that. Explicit with a clear error message is much easier to work with than "magic".
We have a lot of complicated behavior that's hard to test for due to the fact that we just try a bunch of things and hope that one works. It also creates a troubleshooting nightmare as we spit out error messages for all the things we tried.
Expected behavior: Sample config:
Agent should join successfully to Proxy
exmaple.teleport.com:443
.Current behavior: Agent attempts port
:3080
and failsBug details:
Workaround: Specify
:443
manually