Closed Lawouach closed 6 years ago
Just, FYI, indeed, preventing my ingress from automatically redirecting to HTTPS did the trick. But I still would appreciate the possibility for self-signed certs/insecure connection support. Is this something you'd consider?
I'm confused by this issue. Why are you not using https://demo.foo.bar
as the gateway URL?
Is it correct to say the actual problem is that you want OpenFaaS to accept invalid SSL certs and right now it won't? Seems like a reasonable feature request.
For your scenario why don't you install your CA on your client and the Docker/Kubernetes node? I would think that would make the cert acceptable?
Also you'll need to fill in the issue template.
1. 2. 3. 4.
FaaS-CLI version ( Full output from: faas-cli version
):
Docker version ( Full output from: docker version
):
Are you using Docker Swarm (FaaS-swarm ) or Kubernetes (FaaS-netes)?
Operating System and version (e.g. Linux, Windows, MacOS):
Link to your project or a code example to reproduce issue:
Derek add label: question
Is it correct to say the actual problem is that you want OpenFaaS to accept invalid SSL certs and right now it won't? Seems like a reasonable feature request.
It is indeed the request.
For your scenario why don't you install your CA on your client and the Docker/Kubernetes node? I would think that would make the cert acceptable?
Well, to be fair, those are throw aways so that could be tedious. It is common to have a flag on the client side.
Add a flag to disable client certificate check and allow insecure communication.
Currently, faas-cli will not accept to perform insecure communication and throw
Put https://demo.foo.bar/system/functions: x509: certificate signed by unknown authority
Add a flag such as: --no-tls-verify
I'm running a demo so I generate self-signed certs and use a dummy domain. The OpenFaaS gateway is served on HTTPs with that certificate.
faas-cli is: Commit: ae7390005a2fe13873f2cb6fcfa2d830dad4a40b Version: 0.6.5
On Ubuntu 17.10
OpenFaas runs in Kubernetes 1.9.4.
Derek add label: proposal
@alexellis I will take this on :)
@alexellis I spent some time proofing this as a solution, Super easy to implement and would provide alot of value to alot of users at very little cost.
Derek close
@alexellis I am facing the same issue. TLS certificate is generated but it's still showing not secure in the browser .
Expected Behaviour Whenever we search for api.devnm.es/api, it should redirect from HTTP to HTTPS and must be secure as TLS certificate is applied. OpenFaas UI must there on this API.
Current Behaviour Whenever I am searching for api.devnm.es/api, it's getting redirected from HTTP to HTTPS but showing not secure even though TLS certificate is applied.
Your Environment FaaS-CLI version ( Full output from: faas-cli version ): 0.12.1
Docker version ( Full output from: docker version ): 19.0.3
Are you using Docker Swarm (FaaS-swarm ) or Kubernetes (FaaS-netes)? : OpenFaas Kubernetes on Digital Ocean
Operating System and version (e.g. Linux, Windows, MacOS): Centos 7
When I am ddoing loging from fass-cli, it's giving me the following error. Cannot connect to OpenFaaS on URL: https://api.devnm.es. Get https://api.devnm.es/system/functions: x509: certificate signed by unknown authority
Please help me on this issue. @alexellis Thanks
Hi all,
I have deployed OpenFaaS on a cluster and made the gateway accessible via an Ingress that accepts both HTTP and HTTPS. The latter is using a self-signed cert as this is a demo only cluster.
When I try to deploy, I'm getting:
With the config as follows:
I don't see a flag telling faas-cli to accept insecure connections.
I could also try to reconfigure my ingress to not redirect to HTTPS I guess.
Is there a way to support insecure connections? Much like the
-k
flag in curl :)Thanks,