Betflop
Reputation: 85
Envoy Configuration Error When Proxying to Example.com: SSL Error
I have the following Envoy configuration (https://github.com/envoyproxy/examples/blob/main/tls/envoy-https-passthrough.yaml) that works perfectly when I proxy to an internal service:
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
cluster: service-https
stat_prefix: https_passthrough
clusters:
- name: service-https
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service-https
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: service-https
port_value: 443
This works fine, and I can make requests like:
curl -k https://10.0.0.1:10003/
However, when I change the cluster destination to example.com, like this:
address: example.com
I get the following SSL error:
curl -k https://10.0.0.1:10003/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.0.0.1:10003
I've confirmed that example.com is accessible from the Envoy instance (outside of Envoy).
Any ideas on why this might be happening, and how I can fix it?
Upvotes: 1
Views: 41
Answers (0)
Related Questions
- pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
- urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error
- cURL error 60: SSL certificate: unable to get local issuer certificate
- PHP - SSL certificate error: unable to get local issuer certificate
- Warning about SSL connection when connecting to MySQL database
- How to configure properly HTTPS from certificate chain, certificate and private key? Akka HTTP
- SSL InsecurePlatform error when using Requests package
- GET Request working in browser but giving error SSL_ERROR_SYSCALL in curl