SSL in cluster
Closed this issue · 3 comments
Hi there,
I have deployed this on a kubernetes cluster.
I have a working SSL wildcard certificate on the cluster.
I have deployed this service on a subdomain and I am receiving an SSL error for this subdomain. http only is working
curl -iv subdomain.domain.io
url -iv --tlsv1.2 https://subdomain.domain.io 35 ↵
* Trying xxx.xx.xxx.xx:443...
* Connected to subdomain.domain.io (xxx.xx.xxx.xx) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
* Closing connection 0
curl: (35) error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
Could this be a conflict with the SSL that is provided out of the box?
Have you set this up before?
Hi @willnjl
The container doesn't currently expose the Web interface over HTTPS.
Port 1936 is the RTMPS (RTMP over SSL) port. The container will generate a Self Signed CA the first time it's run and then generate a certificate for the domain passed through the SSL_DOMAIN env variable and sign it with the CA.
Full explanation here
You can use your own certificates by placing them in the /assets/ssl directory within the container and updating the nginx.conf file accordingly.
None the less, the error you provided above appears to be due to the server trying to use TLSv1 which i believe is disabled by default on most recent OS's and Browsers.
Brill thanks Jamie.
I have it working now by mounting my tls certificate secret to the /assets/ssl directory and setting the SSL_DOMAIN env to my subdomain url.
glad you managed to get it working :)