TLS docker-compose.yaml
Smithx10 opened this issue · 2 comments
Do you have an example of how to TLS the WebSessions ?
Struggling to get HAPRoxy + a docker-compose.yaml correct for this.
Was getting
tmate-docker-compose-master-1 | - {:bad_cert, :unable_to_match_altnames}
tmate-docker-compose-master-1 | 22:41:00.057 [error] Task #PID<0.2322.0> started from #PID<0.2320.0> terminating
tmate-docker-compose-master-1 | ** (Protocol.UndefinedError) protocol String.Chars not implemented for {:tls_alert, {:handshake_failure, 'TLS client: In state certify at ssl_handshake.erl:1783 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,unable_to_match_altnames}'}} of type Tuple. This protocol is implemented for the following type(s): Postgrex.Copy, Postgrex.Query, Decimal, Integer, BitString, Version, Time, List, Date, Atom, URI, Float, Version.Requirement, DateTime, NaiveDateTime
tmate-docker-compose-master-1 | (elixir) lib/string/chars.ex:3: String.Chars.impl_for!/1
tmate-docker-compose-master-1 | (elixir) lib/string/chars.ex:22: String.Chars.to_string/1
tmate-docker-compose-master-1 | (tmate) lib/tmate/ws_api.ex:7: Tmate.WsApi.simplify_response/2
tmate-docker-compose-master-1 | (tmate) lib/tmate/ws_api.ex:10: Tmate.WsApi.get_stale_sessions/2
tmate-docker-compose-master-1 | (tmate) lib/tmate/session_cleaner.ex:51: Tmate.SessionCleaner.check_for_disconnected_sessions/3
tmate-docker-compose-master-1 | (elixir) lib/enum.ex:789: anonymous fn/3 in Enum.each/2
tmate-docker-compose-master-1 | (stdlib) maps.erl:232: :maps.fold_1/3
tmate-docker-compose-master-1 | (elixir) lib/enum.ex:1964: Enum.each/2
tmate-docker-compose-master-1 | Function: #Function<7.12665260/0 in Quantum.Executor.run/4>
tmate-docker-compose-master-1 | Args: []
I haven't tried this, but you may check if your cerificates' alt name match what you have set as MASTER_BASE_URL and WEBSOCKET_BASE_URL:
openssl x509 -in <cert.pem> -noout -subject -ext subjectAltName