Closed nnothing1 closed 1 year ago
PrivatePuffin
commented
1 year ago I see no indication that this is related to TrueCharts helm charts. It looks more like mpv shim is using outdated TLS, as that is literally what the error tells you.
There is also a boatload of information missing from this report: Traefik versions (before and after) configuration copy (all defaults, yet you start talking about ingress which is definately not a default) complete logs
nnothing1
commented
1 year ago I apologize for not providing enough information. I retested the process locally and regenerated the certificates. I found that rsa certificates work in some situations, but ecc certificates always cause problems . Please let me know if there is any other information I can provide.
before : App Version: 2.10.5, Chart Version: 21.1.7 ( No problem ) after: App Version: 2.10.5, Chart Version: 22.1.0
I also test App Version: 2.10.5, Chart Version: 22.0.2 and App Version: 2.10.5, Chart Version: 22.0.3. Chart Version 22.0.2 is no problem but Chart Version 22.0.3 has this problem.
2023-12-03T20:38:50.030059013+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Configuration loaded from flags."
2023-12-03T20:38:50.030106503+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Traefik version 2.10.5 built on 2023-10-11T13:54:02Z"
2023-12-03T20:38:50.030962565+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"main\":{\"address\":\":9000/tcp\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"metrics\":{\"address\":\":9180/tcp\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":9080/tcp\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\":9443\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":9443/tcp\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"tls\":{}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"kubernetesIngress\":{\"ingressEndpoint\":{\"publishedService\":\"ix-traefik/traefik-tcp\"},\"allowExternalNameServices\":true},\"kubernetesCRD\":{}},\"api\":{\"dashboard\":true},\"ping\":{\"entryPoint\":\"traefik\",\"terminatingStatusCode\":503},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"}}"
2023-12-03T20:38:50.030993257+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
2023-12-03T20:38:50.031759573+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
2023-12-03T20:38:50.031836557+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Starting TCP Server" entryPointName=websecure
2023-12-03T20:38:50.031849602+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Starting TCP Server" entryPointName=traefik
2023-12-03T20:38:50.031857582+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Starting TCP Server" entryPointName=main
2023-12-03T20:38:50.031870602+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Starting TCP Server" entryPointName=metrics
2023-12-03T20:38:50.031878497+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Starting TCP Server" entryPointName=web
2023-12-03T20:38:50.031951059+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Starting provider *traefik.Provider"
2023-12-03T20:38:50.031964006+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="*traefik.Provider provider configuration: {}"
2023-12-03T20:38:50.032044789+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Starting provider *crd.Provider"
2023-12-03T20:38:50.032058224+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="*crd.Provider provider configuration: {}"
2023-12-03T20:38:50.032108886+08:00 time="2023-12-03T20:38:50+08:00" level=warning msg="CRDs API Group \"traefik.containo.us\" is deprecated, and its support will end starting with Traefik v3. Please use the API Group \"traefik.io\" instead." providerName=kubernetescrd
2023-12-03T20:38:50.032126248+08:00 time="2023-12-03T20:38:50+08:00" level=warning msg="CRDs API Version \"traefik.io/v1alpha1\" will not be supported in Traefik v3 itself. However, an automatic migration path to the next version will be available." providerName=kubernetescrd
2023-12-03T20:38:50.032134608+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="label selector is: \"\"" providerName=kubernetescrd
2023-12-03T20:38:50.032146345+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Creating in-cluster Provider client" providerName=kubernetescrd
2023-12-03T20:38:50.036707616+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"ping\":{\"entryPoints\":[\"traefik\"],\"service\":\"ping@internal\",\"rule\":\"PathPrefix(`/ping`)\",\"priority\":2147483647},\"web-to-9443\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-9443\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{},\"ping\":{}},\"middlewares\":{\"redirect-web-to-9443\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"9443\",\"permanent\":true}}},\"models\":{\"websecure\":{\"tls\":{}}},\"serversTransports\":{\"default\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
2023-12-03T20:38:50.048761697+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
2023-12-03T20:38:50.048806189+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
2023-12-03T20:38:50.061461848+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Starting provider *ingress.Provider"
2023-12-03T20:38:50.061491265+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="*ingress.Provider provider configuration: {\"ingressEndpoint\":{\"publishedService\":\"ix-traefik/traefik-tcp\"},\"allowExternalNameServices\":true}"
2023-12-03T20:38:50.061555618+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="ingress label selector is: \"\"" providerName=kubernetes
2023-12-03T20:38:50.061567513+08:00 time="2023-12-03T20:38:50+08:00" level=info msg="Creating in-cluster Provider client" providerName=kubernetes
2023-12-03T20:38:50.067059814+08:00 time="2023-12-03T20:38:50+08:00" level=warning msg="ExternalName service loading is enabled, please ensure that this is expected (see AllowExternalNameServices option)" providerName=kubernetes
2023-12-03T20:38:50.137719679+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"ix-traefik-traefik-dashboard-d012b7f875133eeab4e5\":{\"entryPoints\":[\"main\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/dashboard`) || PathPrefix(`/api`)\"}},\"middlewares\":{\"ix-traefik-basic-ratelimit\":{\"rateLimit\":{\"average\":600,\"period\":\"1s\",\"burst\":400}},\"ix-traefik-basic-secure-headers\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"},\"customResponseHeaders\":{\"server\":\"\"},\"accessControlAllowMethods\":[\"GET\",\"OPTIONS\",\"HEAD\",\"PUT\"],\"accessControlMaxAge\":100,\"stsSeconds\":63072000,\"forceSTSHeader\":true,\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\"}},\"ix-traefik-chain-basic\":{\"chain\":{\"middlewares\":[\"ix-traefik-basic-ratelimit\",\"ix-traefik-basic-secure-headers\",\"ix-traefik-compress\"]}},\"ix-traefik-compress\":{\"compress\":{}},\"ix-traefik-tc-closedcors-chain\":{\"chain\":{\"middlewares\":[\"ix-traefik-basic-ratelimit\",\"ix-traefik-tc-closedcors-headers\",\"ix-traefik-compress\"]}},\"ix-traefik-tc-closedcors-headers\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"},\"customResponseHeaders\":{\"server\":\"\"},\"accessControlAllowMethods\":[\"GET\",\"OPTIONS\",\"HEAD\",\"PUT\"],\"accessControlMaxAge\":100,\"sslRedirect\":true,\"sslForceHost\":true,\"stsSeconds\":63072000,\"forceSTSHeader\":true,\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\"}},\"ix-traefik-tc-nextcloud-chain\":{\"chain\":{\"middlewares\":[\"ix-traefik-tc-nextcloud-redirectregex-dav\"]}},\"ix-traefik-tc-nextcloud-redirectregex-dav\":{\"redirectRegex\":{\"regex\":\"https://(.*)/.well-known/(card|cal)dav\",\"replacement\":\"https://${1}/remote.php/dav/\"}},\"ix-traefik-tc-opencors-chain\":{\"chain\":{\"middlewares\":[\"ix-traefik-basic-ratelimit\",\"ix-traefik-tc-opencors-headers\",\"ix-traefik-compress\"]}},\"ix-traefik-tc-opencors-headers\":{\"headers\":{\"customRequestHeaders\":{\"X-Forwarded-Proto\":\"https\"},\"customResponseHeaders\":{\"server\":\"\"},\"accessControlAllowHeaders\":[\"*\"],\"accessControlAllowMethods\":[\"GET\",\"OPTIONS\",\"HEAD\",\"PUT\",\"POST\"],\"accessControlAllowOriginList\":[\"*\"],\"accessControlMaxAge\":100,\"sslRedirect\":true,\"sslForceHost\":true,\"stsSeconds\":63072000,\"forceSTSHeader\":true,\"contentTypeNosniff\":true,\"browserXssFilter\":true,\"referrerPolicy\":\"same-origin\"}}}},\"tcp\":{},\"udp\":{},\"tls\":{\"options\":{\"default\":{\"minVersion\":\"VersionTLS12\",\"cipherSuites\":[\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\",\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305\",\"TLS_AES_128_GCM_SHA256\",\"TLS_AES_256_GCM_SHA384\",\"TLS_CHACHA20_POLY1305_SHA256\"],\"curvePreferences\":[\"CurveP521\",\"CurveP384\"],\"clientAuth\":{},\"alpnProtocols\":[\"h2\",\"http/1.1\",\"acme-tls/1\"]}}}}" providerName=kubernetescrd
2023-12-03T20:38:50.281591169+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping ingress status update" namespace=ix-jellyfin ingress=jellyfin
2023-12-03T20:38:50.281600860+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"ix-jellyfin-jellyfin-jellyfin-{domain name}\":{\"entryPoints\":[\"websecure\"],\"middlewares\":[\"ix-traefik-chain-basic@kubernetescrd\"],\"service\":\"ix-jellyfin-jellyfin-8096\",\"rule\":\"Host(`jellyfin.{domain name}`) \\u0026\\u0026 PathPrefix(`/`)\"}},\"services\":{\"ix-jellyfin-jellyfin-8096\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.16.0.240:8096\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=kubernetes
2023-12-03T20:38:50.367299844+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
2023-12-03T20:38:50.367739022+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-9443@internal middlewareName=tracing middlewareType=TracingForwarder
2023-12-03T20:38:50.367769997+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareName=redirect-web-to-9443@internal middlewareType=RedirectScheme entryPointName=web routerName=web-to-9443@internal
2023-12-03T20:38:50.367779285+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Setting up redirection to https 9443" entryPointName=web routerName=web-to-9443@internal middlewareName=redirect-web-to-9443@internal middlewareType=RedirectScheme
2023-12-03T20:38:50.367835238+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
2023-12-03T20:38:50.367875385+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Added outgoing tracing middleware ping@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=ping@internal
2023-12-03T20:38:50.367892532+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
2023-12-03T20:38:50.370923725+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Adding certificate for domain(s) *.{domain name},{domain name}"
2023-12-03T20:38:50.371326511+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping addition of certificate for domain(s) \"*.{domain name},{domain name}\", to TLS Store default, as it already exists for this store."
2023-12-03T20:38:50.519459246+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping ingress status update" namespace=ix-jellyfin ingress=jellyfin
2023-12-03T20:38:50.519469685+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
2023-12-03T20:38:50.521966851+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
2023-12-03T20:38:50.522354867+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Added outgoing tracing middleware ping@internal" entryPointName=traefik routerName=ping@internal middlewareType=TracingForwarder middlewareName=tracing
2023-12-03T20:38:50.523062808+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
2023-12-03T20:38:50.523102287+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-9443@internal middlewareName=tracing middlewareType=TracingForwarder
2023-12-03T20:38:50.523111922+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" routerName=web-to-9443@internal middlewareName=redirect-web-to-9443@internal middlewareType=RedirectScheme entryPointName=web
2023-12-03T20:38:50.523126806+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Setting up redirection to https 9443" routerName=web-to-9443@internal middlewareName=redirect-web-to-9443@internal middlewareType=RedirectScheme entryPointName=web
2023-12-03T20:38:50.523135207+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
2023-12-03T20:38:50.523143341+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Added outgoing tracing middleware api@internal" routerName=ix-traefik-traefik-dashboard-d012b7f875133eeab4e5@kubernetescrd middlewareName=tracing middlewareType=TracingForwarder entryPointName=main
2023-12-03T20:38:50.523155712+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=main middlewareName=traefik-internal-recovery
2023-12-03T20:38:50.523163563+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes serviceName=ix-jellyfin-jellyfin-8096 middlewareType=Pipelining middlewareName=pipelining entryPointName=websecure
2023-12-03T20:38:50.523178311+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating load-balancer" routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes serviceName=ix-jellyfin-jellyfin-8096 entryPointName=websecure
2023-12-03T20:38:50.523187198+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating server 0 http://172.16.0.240:8096" entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes serviceName=ix-jellyfin-jellyfin-8096 serverName=0
2023-12-03T20:38:50.523201645+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="child http://172.16.0.240:8096 now UP"
2023-12-03T20:38:50.523209843+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Propagating new UP status"
2023-12-03T20:38:50.523222009+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Added outgoing tracing middleware ix-jellyfin-jellyfin-8096" middlewareName=tracing middlewareType=TracingForwarder routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes entryPointName=websecure
2023-12-03T20:38:50.523229969+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareName=ix-traefik-chain-basic@kubernetescrd middlewareType=Chain entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523241895+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress entryPointName=websecure
2023-12-03T20:38:50.523249853+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Adding tracing to middleware" middlewareName=ix-traefik-compress@kubernetescrd entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523261708+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareName=ix-traefik-basic-secure-headers@kubernetescrd middlewareType=Headers entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523272127+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Setting up secureHeaders from {map[X-Forwarded-Proto:https] map[server:] false [] [GET OPTIONS HEAD PUT] [] [] [] 100 false [] [] false false map[] false 63072000 false false true false true true same-origin false}" middlewareName=ix-traefik-basic-secure-headers@kubernetescrd middlewareType=Headers entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523288014+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Setting up customHeaders/Cors from {map[X-Forwarded-Proto:https] map[server:] false [] [GET OPTIONS HEAD PUT] [] [] [] 100 false [] [] false false map[] false 63072000 false false true false true true same-origin false}" entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes middlewareName=ix-traefik-basic-secure-headers@kubernetescrd middlewareType=Headers
2023-12-03T20:38:50.523301393+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Adding tracing to middleware" middlewareName=ix-traefik-basic-secure-headers@kubernetescrd entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523314201+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareName=ix-traefik-basic-ratelimit@kubernetescrd middlewareType=RateLimiterType entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523322177+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Using IPStrategy" middlewareName=ix-traefik-basic-ratelimit@kubernetescrd middlewareType=RateLimiterType entryPointName=websecure routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes
2023-12-03T20:38:50.523336270+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Adding tracing to middleware" routerName=ix-jellyfin-jellyfin-jellyfin-{domain name}@kubernetes entryPointName=websecure middlewareName=ix-traefik-basic-ratelimit@kubernetescrd
2023-12-03T20:38:50.523344256+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=websecure middlewareName=traefik-internal-recovery
2023-12-03T20:38:50.523358645+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Adding route for jellyfin.{domain name} with TLS options default" entryPointName=websecure
2023-12-03T20:38:50.523366632+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
2023-12-03T20:38:50.525348094+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping ingress status update" namespace=ix-jellyfin ingress=jellyfin
2023-12-03T20:38:50.525494526+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
2023-12-03T20:38:50.525928454+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
2023-12-03T20:38:50.528792809+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping ingress status update" namespace=ix-jellyfin ingress=jellyfin
2023-12-03T20:38:50.528804819+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
2023-12-03T20:38:50.529858556+08:00 time="2023-12-03T20:38:50+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
2023-12-03T20:39:07.102868427+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping ingress status update" namespace=ix-jellyfin ingress=jellyfin
2023-12-03T20:39:07.102897841+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
2023-12-03T20:39:07.111404426+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
2023-12-03T20:39:07.111512541+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping ingress status update" namespace=ix-jellyfin ingress=jellyfin
2023-12-03T20:39:07.111528259+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
2023-12-03T20:39:07.111638885+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
2023-12-03T20:39:07.117144036+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping ingress status update" ingress=jellyfin namespace=ix-jellyfin
2023-12-03T20:39:07.117156562+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
2023-12-03T20:39:07.118225782+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
2023-12-03T20:39:07.888288815+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.888375075+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.893719789+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.897480580+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.898562371+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.903033111+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.904158222+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.907194352+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.911025852+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.912823061+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.914872672+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.917680509+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.919347638+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.924014720+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.924471600+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:07.929236822+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.929709222+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.935498211+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:07.941068245+08:00 time="2023-12-03T20:39:07+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:13.919026922+08:00 time="2023-12-03T20:39:13+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:13.925385766+08:00 time="2023-12-03T20:39:13+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:13.930636801+08:00 time="2023-12-03T20:39:13+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:39:13.935843946+08:00 time="2023-12-03T20:39:13+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:39:32.165448053+08:00 time="2023-12-03T20:39:32+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:40:17.783839838+08:00 time="2023-12-03T20:40:17+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:40:17.808482622+08:00 time="2023-12-03T20:40:17+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:40:21.799529514+08:00 time="2023-12-03T20:40:21+08:00" level=debug msg="mime: no media type" middlewareType=Compress middlewareName=ix-traefik-compress@kubernetescrd
2023-12-03T20:40:25.054680242+08:00 time="2023-12-03T20:40:25+08:00" level=debug msg="mime: no media type" middlewareName=ix-traefik-compress@kubernetescrd middlewareType=Compress
2023-12-03T20:40:25.094991747+08:00 time="2023-12-03T20:40:25+08:00" level=debug msg="http: TLS handshake error from 192.168.31.1:55872: tls: no cipher suite supported by both client and server"Please utilise port 80 and 443 for traefik like adviced in the guides.
PrivatePuffin
commented
12 months ago Our code has not changed since the working version you tried, likely upstream issues.
nnothing1
commented
12 months ago After some testing I may have found the cause of the problem. It should be because my client doesn't support TLS1.3, but tlsOptions doesn't provide ECDSA's TLS1.2 cipher suites but only RSA's cipher suites. which explains why the RSA certificates play the video without problems. And I was able to play the video fine with jellyfin mpv shim after adding TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
As for why the problem started with version 22.0.3, this would be because tlsOptions hadn't been working until the rendering error was fixed in 22.0.3. This error allowed my clients to communicate properly using TLS 1.2.
If the TLS 1.2 cipher suites (e.g. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) are secure enough, could you add them to the cipherSuites in values.yaml?
Thank you very much.
PrivatePuffin
commented
12 months ago We're not going to lower our security standards for Jellyfin mpv, them not supporting good security practices is an upstream issue you should discuss with them.
nnothing1
commented
12 months ago Sorry for wasting time. Jellyfin MPV Shim has Already provided a version of the player that supports TLS 1.3. So this is a problem with my other mpv player. I'll try to submit an issue to other repository.
PrivatePuffin
commented
12 months ago v player. I'll try to submit an issue to other repository.
I've seen many time wasting issues, and this ain't one of them. IT was a solid report! :)
truecharts-admin
commented
4 weeks ago This issue is locked to prevent necro-posting on closed issues. Please create a new issue or contact staff on discord of the problem persists
App Name
traefik
Operating System
TrueNAS SCALE 23.10.0'or 23.10.0.1
App Version
App Version: 2.10.5, Chart Version: 22.1.0
Application Events
Application Logs
Application Configuration
All defaults except enabling Debug level Logs and Access Logs
Describe the bug
After enabling websecure for jellyfin, jellyfin mpv shim does not play properly and traefik logs shows "no cipher suite supported by both client and server”. I've tried both ECC certificates and RSA certificates and the player doesn't play properly. If I roll back to version 21.1.7 everything works fine.
To Reproduce
Installing jellyfin in truenas and enable ingress with tls. Installing jellyfin mpv shim in windows. Use jellyfin mpv shim play video.
Expected Behavior
jellyfin mpv shim play video properly.
Screenshots
Not applicable.
Additional Context
The same problem occurs with Findroid using the mpv playback enabled, and I'm not sure if it's a problem with the MPV player itself.
I've read and agree with the following