[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift v3 now running in HTTPS mode by default



----- Original Message -----
> From: "Jordan Liggitt" <jliggitt redhat com>
> To: "Dan Mace" <dmace redhat com>, "Clayton Coleman" <ccoleman redhat com>
> Cc: "[PUBLIC] Openshift Dev" <dev lists openshift redhat com>
> Sent: Thursday, January 22, 2015 9:44:17 AM
> Subject: Re: OpenShift v3 now running in HTTPS mode by default
> 
> Add "https://"; to your curl request urls?


LOL. That was it. Thanks.

 
> On 01/22/2015 09:42 AM, Dan Mace wrote:
> > I have yet to get the HTTPS enabled server working with either curl or
> > httpie using our origin vagrant VM. Some example errors:
> >
> > $ curl --cacert ./openshift.local.certificates/master/root.crt -X POST -d
> > @hello-deployment.json localhost:8443/osapi/v1beta1/deploymentConfigs
> >
> > 2015/01/22 09:39:33 http: TLS handshake error from [::1]:41917: tls:
> > oversized record received with length 21536
> >
> > $ http --verify=openshift.local.certificates/master/root.crt
> > localhost:8443/osapi/v1beta1/deploymentConfigs < hello-deployment.json
> >
> > 2015/01/22 09:39:38 http: TLS handshake error from [::1]:41918: tls:
> > oversized record received with length 21536
> >
> > $ openssl s_client -connect localhost:8443 -cipher RC4-SHA -tls1
> >
> > CONNECTED(00000003)
> > depth=1 CN = 10 0 2 15 1421878442
> > verify error:num=19:self signed certificate in certificate chain
> > verify return:0
> > ---
> > Certificate chain
> >  0 s:/CN=10.0.2.15
> >    i:/CN=10 0 2 15 1421878442
> >  1 s:/CN=10 0 2 15 1421878442
> >    i:/CN=10 0 2 15 1421878442
> > ---
> > -----BEGIN CERTIFICATE-----
> > <snip>
> > -----END CERTIFICATE-----
> > subject=/CN=10.0.2.15
> > issuer=/CN=10 0 2 15 1421878442
> > ---
> > No client certificate CA names sent
> > ---
> > SSL handshake has read 1812 bytes and written 389 bytes
> > ---
> > New, TLSv1/SSLv3, Cipher is RC4-SHA
> > Server public key is 2048 bit
> > Secure Renegotiation IS supported
> > Compression: NONE
> > Expansion: NONE
> > SSL-Session:
> >     Protocol  : TLSv1
> >     Cipher    : RC4-SHA
> >     Session-ID:
> >     3AD45DE66C0987AAA84B7E1E9D653163389756474AED7307C81E5BBF82A704CF
> >     Session-ID-ctx:
> >     Master-Key:
> >     46B924FE4FE33E7BC9F9E32D52BCD540610DE9624CC0011E7AEF1C49E256E9DF3CCBE67BF62BA015298949A0DF578F00
> >     Key-Arg   : None
> >     Krb5 Principal: None
> >     PSK identity: None
> >     PSK identity hint: None
> >     TLS session ticket:
> >
> > <snip>
> >  Start Time: 1421937519
> >     Timeout   : 7200 (sec)
> >     Verify return code: 19 (self signed certificate in certificate chain)
> >
> >
> > Any clue what I'm doing wrong?
> >
> >
> > ----- Original Message -----
> >> From: "Clayton Coleman" <ccoleman redhat com>
> >> To: "Jordan Liggitt" <jliggitt redhat com>
> >> Cc: "[PUBLIC] Openshift Dev" <dev lists openshift redhat com>
> >> Sent: Thursday, January 22, 2015 9:31:53 AM
> >> Subject: Re: OpenShift v3 now running in HTTPS mode by default
> >>
> >> We should probably default the protocol on master to listen. The original
> >> goal was for people not to specify master - instead, to give just enough
> >> info to make the right decisions. I've noticed people starting to hardcode
> >> those, but we should make the function more intuitive.
> >>
> >> --listen= http://:0.0.0.0:8080 should be all most people need
> >>
> >>
> >> On Jan 22, 2015, at 9:26 AM, Jordan Liggitt < jliggitt redhat com > wrote:
> >>
> >>
> >>
> >>
> >> On 01/21/2015 01:52 PM, Jordan Liggitt wrote:
> >>
> >>
> >> How do I go back to HTTP?
> >> Why would you even ask that? You're making the EFF cry :-(
> >>
> >> If you really need to, you can do the following to get the old default
> >> behaviour back:
> >>
> >> openshift start: pass "--master= http://:8080 "
> >> osc: pass "--server= http://localhost:8080 "
> >>
> >>
> >> Follow-up: To run in http, you'll also need to pass "--listen=
> >> http://0.0.0.0:8080 " to openshift start
> >>
> >> --master controls what address things should contact the API server on,
> >> and
> >> defaults to https:// <detected IP>:8443
> >>
> >> --listen controls what the API server actually binds to on startup, and
> >> defaults to https://0.0.0.0:8443
> >>
> >>
> >> If you change the scheme or port using --master, you also need to specify
> >> --listen to match. So to get back to a completely unsecured state:
> >>
> >> openshift start --master= http://:8080 --listen= http://0.0.0.0:8080
> >>
> >> osc --server= http://localhost:8080
> >>
> >>
> >>
> >> _______________________________________________
> >> dev mailing list
> >> dev lists openshift redhat com
> >> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> >>
> >> _______________________________________________
> >> dev mailing list
> >> dev lists openshift redhat com
> >> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> >>
> 
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]