im following docs at https://docs.konghq.com/hub/kong-inc/acme/#example-config to install SSL certificate. But after i successfully installed it, i cant call any of my APIs anymore, it shows {"message":"no Route matched with those values"}. What am i missing here?
kong.yml
_format_version: "2.1"
_transform: true
services:
- name: acme-dummy
url: http://127.0.0.1:65535
routes:
- name: acme-dummy
protocols:
- http
paths:
- /.well-known/acme-challenge
- name: notification
url: https://notification-app:2030/
...
routes:
- name: notification-routes
service: notification
paths: ['/notification/*']
...
plugins:
- name: cors
route: notification-routes
config:
origins:
- http://localhost:3000
methods:
- GET
- POST
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-MD5
- Content-Type
- Date
- X-Auth-Token
exposed_headers:
- X-Auth-Token
credentials: true
max_age: 3600
preflight_continue: false
...
# ACME Plugin
- name: acme
config:
account_email: [email protected]
domains:
- "somehost.com"
tos_accepted: true
storage: postgres
storage_config:
redis:
host: kong-postgres
port: 6432
docker.compose.yml
version: "3.8"
networks:
kong-gateway:
external: false
name: kong-gateway
microservices:
external: true
name: microservices
volumes:
pg-volumes:
name: kong-postgres
services:
postgres:
image: postgres:13.3-alpine
container_name: kong-postgres
restart: unless-stopped
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
ports:
- "${POSTGRES_PORT}:5432"
volumes:
- pg-volumes:/var/lib/postgresql/data
networks:
- kong-gateway
kong:
container_name: kong-gateway
image: kong/kong-gateway:2.4.1.0-alpine
restart: unless-stopped
ports:
- "80:8000"
- "443:8443"
- "127.0.0.1:8001:8001"
- "127.0.0.1:8444:8444"
environment:
- KONG_DATABASE=postgres
- KONG_PG_HOST=kong-postgres
- KONG_PG_USER=${POSTGRES_USER}
- KONG_PG_PASSWORD=${POSTGRES_PASSWORD}
- KONG_PG_DATABASE=${POSTGRES_DB}
- KONG_LUA_SSL_TRUSTED_CERTIFICATE=system
- KONG_DECLARATIVE_CONFIG=/usr/local/kong/declarative/kong.yml
- KONG_PROXY_ACCESS_LOG=logs/access.log
- KONG_ADMIN_ACCESS_LOG=logs/access.log
- KONG_PROXY_ERROR_LOG=logs/error.log
- KONG_ADMIN_ERROR_LOG=logs/error.log
- KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl
volumes:
- ./kong-volume:/usr/local/kong/declarative
- ./kong.conf:/etc/kong/kong.conf:ro
networks:
- kong-gateway
- microservices
depends_on:
- postgres
# command: kong migrations bootstrap
also when i run docker logs no error shown. And when i try to get the certificate with curl http://localhost:8001/acme/certificates/{HOST} -XGET it return the certificate successfully. Any idea whats wrong?
CodePudding user response:
You configure your route to only listen on http
services:
- name: acme-dummy
url: http://127.0.0.1:65535
routes:
- name: acme-dummy
protocols:
- http
As said into the doc
Routes have a protocols property to restrict the client protocol they should listen for.
Just add https or replace http with https if you only want to listen on https
services:
- name: acme-dummy
url: http://127.0.0.1:65535
routes:
- name: acme-dummy
protocols:
- http
- https
or
services:
- name: acme-dummy
url: http://127.0.0.1:65535
routes:
- name: acme-dummy
protocols:
- https
CodePudding user response:
My workarround right now is to copy the certificate from the db and put it on kong.yml like this:
certificates:
- snis:
- name: site.com
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
still this not answering the question, but this method actually works...