Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS termination doesn't work #714

Closed
pleshakov opened this issue Jun 5, 2023 · 0 comments · Fixed by #718
Closed

TLS termination doesn't work #714

pleshakov opened this issue Jun 5, 2023 · 0 comments · Fixed by #718
Labels
bug Something isn't working refined Requirements are refined and the issue is ready to be implemented.
Milestone
v0.4.0

Comments

@pleshakov
Copy link
Contributor

pleshakov commented Jun 5, 2023
edited by mpstefan
Loading

Describe the bug
TLS termination doesn't work

To Reproduce

kubectl -n nginx-gateway logs nginx-gateway-7467544c5b-kbf2v -c nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/06/05 20:42:59 [notice] 40#40: using the "epoll" event method
2023/06/05 20:42:59 [notice] 40#40: nginx/1.25.0
2023/06/05 20:42:59 [notice] 40#40: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/06/05 20:42:59 [notice] 40#40: OS: Linux 5.15.49-linuxkit-pr
2023/06/05 20:42:59 [notice] 40#40: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/06/05 20:42:59 [notice] 40#40: start worker processes
2023/06/05 20:42:59 [notice] 40#40: start worker process 65
2023/06/05 20:43:35 [notice] 40#40: signal 1 (SIGHUP) received from 21, reconfiguring
2023/06/05 20:43:35 [notice] 40#40: reconfiguring
2023/06/05 20:43:35 [emerg] 40#40: cannot load certificate "/etc/nginx/secrets/default_cafe-secret": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/nginx/secrets/default_cafe-secret','r') error:2006D002:BIO routines:BIO_new_file:system lib)

(NGINX failed to reload)

Expected behavior

  • The example should have worked - NGINX should have succeeded to reload

Your environment

May be related to limiting permissions here:
8a19254
@pleshakov pleshakov mentioned this issue Jun 5, 2023
Merged
6 tasks
@pleshakov pleshakov added the bug Something isn't working label Jun 5, 2023
@pleshakov pleshakov added this to the v0.4.0 milestone Jun 5, 2023
@mpstefan mpstefan added the refined Requirements are refined and the issue is ready to be implemented. label Jun 6, 2023
@ciarams87 ciarams87 mentioned this issue Jun 6, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working refined Requirements are refined and the issue is ready to be implemented.
Projects
NGINX Gateway Fabric
Archived in project
Milestone
v0.4.0
Development

Successfully merging a pull request may close this issue.

Add in required capabilities for writing TLS secrets ciarams87/nginx-gateway-fabric
2 participants
@pleshakov @mpstefan