search

krakend / krakend-ce

KrakenD Community Edition: High-performance, stateless, declarative, API Gateway written in Go.
https://www.krakend.io
Apache License 2.0
1.94k stars 453 forks source link

TLS handshake error #878

Closed sehnemvinicius closed 5 months ago

sehnemvinicius commented 5 months ago

Environment info:

Describe what are you trying to do: i created an application to run on an EC2 instance using krakend, i self-signed the certificate and i am getting the following error when making a request from my frontend to krakend: http: TLS handshake error from IP:PORT: remote error: tls: unknown certificate.

Your configuration file:

{
  "$schema": "https://www.krakend.io/schema/krakend.json",
  "version": 3,
  "name": "My app name",
  "timeout": "3000ms",
  "cache_ttl": "300s",
  "output_encoding": "json",
  "port": 8080,
  "endpoints": [
    {
      "endpoint": "/login",
      "method": "POST",
      "output_encoding": "json",
      "backend": [
        {
          "url_pattern": "/login",
          "encoding": "json",
          "sd": "static",
          "method": "POST",
          "host": [
            "node:3000"
          ],
          "disable_host_sanitize": false
        }
      ]
    }
  ],
  "extra_config": {
    "security/cors": {
      "allow_origins": [
        "my-frontend-dns"
      ],
      "expose_headers": [
        "Content-Length",
        "Content-Type"
      ],
      "allow_headers": [
        "Origin",
        "Authorization",
        "Content-Type"
      ],
      "max_age": "12h",
      "allow_methods": [
        "GET",
        "POST",
        "PUT",
        "DELETE",
        "OPTIONS"
      ]
    }
  },
  "tls": {
    "public_key": "/etc/ssl/cert.crt",
    "private_key": "/etc/ssl/key.key"
  },
  "client_tls": {
    "allow_insecure_connections": true
  }
}

Configuration check output: Result of krakend check -dtc krakend.json --lint command

Parsing configuration file: krakend.json
ERROR compiling the schema:     jsonschema https://www.krakend.io/schema/v2.6/krakend.json compilation failed: Get "https://www.krakend.io/schema/v2.6/krakend.json": tls: failed to verify certificate: x509: certificate signed by unknown authority

Commands used: i have used docker-compose

services:
  krakend:
      image: devopsfaith/krakend
      ports:
        - 8080:8080
      volumes:
        - ./krakend:/etc/krakend
        - ./ssl:/etc/ssl
      command: ["krakend", "run", "-c", "/etc/krakend/krakend.json"]
      networks:
        - my-network
  ...

Logs: Logs you saw in the console and debugging information

Additional comments:

taik0 commented 5 months ago

Hi @sehnemvinicius

I think you are missing the ca-certificates package in your system. Also, since you are overwriting /etc/ssl you are removing the ca-certificates that are already installed in the krakend container.

Install ca-certificates or remove the volume for /etc/ssl and should work.