-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL certificate verification issue #127
Comments
You should be able to register your service under https://mydomain.com as long as fabio can resolve that name to 1.2.3.4. From your setup I'm assuming that you are forwarding to an HTTPS backend. I've never tested that. |
Yes that is correct, if the service is registered under the domain using HTTPS the problem goes away. The SSL certificate and site responds to just one domain (mydomain.com) and doesn't work against the hostname of the server (site just redirects to mydomain.com). This is a problem when there is more than 1 backend. I was looking for a workaround, maybe the solution is an option to ignore SSL verification. |
I think this could also be solved with issue #1 being implemented, and just use TCP with passthrough direct to the backend |
Yes, #1 will fix that. |
@discobean #1 has bee merged to master and is in 1.3. Can we close this one? |
Closing it now, thanks so much! |
Hi,
The endpoint of my backend is like so: https://1.2.3.4
And whenever I request this I get an error:
2016/07/12 16:56:22 http: proxy error: x509: cannot validate certificate for 10.90.12.10 because it doesn't contain any IP SANs
I know this is because the cert verification issue. (The server does not have a cert for 1.2.3.4, but has one for mydomain.com)
Is there some way I can pass in a hostname, or use the hostname that the client requested (mydomain.com) when passing the request to the backend? Alternatively, is there a way to disable the verification of the cert (prefer not to)?
Both the fabio server and the backend are using the same server certificate.
The text was updated successfully, but these errors were encountered: