tls-check | Check the TLS protocol support of one or more web servers | TLS library
kandi X-RAY | tls-check Summary
kandi X-RAY | tls-check Summary
Check the TLS protocol support of one or more web servers
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Check a TLS tunnel .
- Formats the current server version .
- Entry point .
tls-check Key Features
tls-check Examples and Code Snippets
Community Discussions
Trending Discussions on tls-check
QUESTION
- Istio: 1.3 (also tried 1.1 before update to 1.3)
- K8s: 1.16.2
- Cloud provider: DigitalOcean
I have a cluster setup with Istio. I have enabled grafana/kiali and also installed kibana and RabbitMQ management UI and for all of those I have gateways and virtual services configured (all in istio-system namespace) along with HTTPS using SDS and cert-manager and all works fine. It means I can access these resources in the browser over HTTPS with a sub domain.
Then I deployed a microservice (part of a real application) and created Service, VirtualService and Gateway resources for it (for now it is the only one service and gateway except rabbitmq which uses different sub domain and differend port). And it is located in default namespace.
ANSWER
Answered 2019-Nov-22 at 13:21Issue was really simple and silly. I had enabled global.k8sIngress.enabled = true in Istio values.yml. After changing it to false all starts working.
QUESTION
I am trying to enable mTLS in my mesh that I have already working with istio's sidecars. The problem I have is that I just get working connections up to one point, and then it fails to connect.
This is how the services are set up right now with my failing implementation of mTLS (simplified):
Istio IngressGateway -> NGINX pod -> API Gateway -> Service A -> [ Database ] -> Service B
First thing to note is that I was using a NGINX pod as a load balancer to proxy_pass my requests to my API Gateway or my frontend page. I tried keeping that without the istio IngressGateway but I wasn't able to make it work. Then I tried to use Istio IngressGateway and connect directly to the API Gateway with VirtualService but also fails for me. So I'm leaving it like this for the moment because it was the only way that my request got to the API Gateway successfully.
Another thing to note is that Service A first connects to a Database outside the mesh and then makes a request to Service B which is inside the mesh and with mTLS enabled.
NGINX, API Gateway, Service A and Service B are within the mesh with mTLS enabled and "istioctl authn tls-check" shows that status is OK.
NGINX and API Gateway are in a namespace called "gateway", Database is in "auth" and Service A and Service B are in another one called "api".
Istio IngressGateway is in namespace "istio-system" right now.
So the problem is that everything work if I set STRICT mode to the gateway namespace and PERMISSIVE to api, but once I set STRICT to api, I see the request getting into Service A, but then it fails to send the request to Service B with a 500.
This is the output when it fails that I can see in the istio-proxy container in the Service A pod:
...ANSWER
Answered 2019-Sep-15 at 08:35General tips for debugging Istio service mesh:
- Check the requirements for services and pods.
- Try a similar task to what you are trying to perform from the list of Istio tasks. See if that task works and find the differences with your task.
- Follow the instructions in Istio troubleshooting section.
QUESTION
I've installed Istio 1.1 RC on a fresh GKE cluster, using Helm, and enabled mTLS (some options omitted like Grafana and Kiali):
...ANSWER
Answered 2019-Feb-22 at 01:07If you are using Istio 1.1 RC, you should be looking at the docs at https://preliminary.istio.io/ instead of https://istio.io/. The preliminary.istio.io site is always the working copy of the docs, corresponding to the next to be Istio release (1.1 currently).
That said, those docs are currently changing a lot day-to-day as they are being cleaned up and corrected during final testing before 1.1 is released, probably in the next couple of weeks.
A possible explanation for the plain text http request returning 200 in you test is that you may be running with permissive mode.
QUESTION
I have a bash script as follows:
...ANSWER
Answered 2017-Mar-13 at 17:10I figure form the error that your file contains lines like: www.need_help.com/xyz (with xyz beeing anything, doesn't matter what)
Which means that in the end "$file".txt expends to www.need_help.com/xyz.txt.
So your script tryed to write the output to a file xyz.txt in the folder www.need_help.com and fails because the folder does not exist.
The error message was confusing but accurate: www.need_help.com: No such file or directory
You might want to replace all unwanted characters with something else, as an example only keeping letters numbers and dots
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install tls-check
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
