I have the problem that I get a 404 when I want to call my portainer-container via traefik
These are my labels for portainer:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.domain.de`)"
- "traefik.port=9000"
- "traefik.docker.network=traefik_proxy"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls.certresolver=myresolver"
Traefik works just fine because other containers with similar config working perfectly
This is the same question as this thread Traefik v2.5 not redirecting to portainer container. 404 Not Found
Answer is Portainer doesnt support subpaths yet but it can be a feature request for the future.
Although late, I hope this might be helpful to others: I found that the documentation around Portainer+Traefik v2 is inconsistent at best. Even the official Portainer Documentation is not presenting a valid solution.
If you are at the beginning and are trying for the first time to make them works, this is what got me through:
traefik.enable=true
traefik.http.routers.portainer.rule=Host(`yourown.url.extension`)
traefik.http.routers.portainer.entrypoints=websecure
traefik.http.routers.portainer.tls.certresolver=myresolver
traefik.http.routers.portainer.service=portainer
traefik.http.services.portainer.loadbalancer.server.port=9000
traefik.http.routers.portainer-edge.rule=Host(`yourownedge.url.extension`)
traefik.http.routers.portainer-edge.entrypoints=websecure
traefik.http.routers.portainer-edge.tls.certresolver=myresolver
traefik.http.routers.portainer-edge.service=portainer-edge
traefik.http.services.portainer-edge.loadbalancer.server.port=8000
Please note: in my configuration "myresolver" is the name of the certresolver service. You should change it appropriately.
Related
I am trying to setup monitoring in local as mentioned in https://cadenceworkflow.io/docs/operation-guide/monitor/#instructions
Having these errors for http://host.docker.internal:9098/metrics, http://cadence:9090/metrics as shown in below image.
Can please let me know how we can resolve this, Thanks
Endpoints state
9090 is Prometheus itself. Are you configuring a different port? https://github.com/uber/cadence/blob/68fb2e60d1a2bff77c66acf60c954c9d19f9e5f5/docker/docker-compose-es-v7.yml#L14
But anyway, this is not something important so if you like, you can ignore this error.
9098 is the client sdk . The doc is assuming that you are setting it up correctly: https://github.com/uber/cadence-java-samples/blob/cdd43b6a65bf537ef6c77262a56cd22308d75e06/src/main/java/com/uber/cadence/samples/hello/HelloMetric.java#L53
https://github.com/uber-common/cadence-samples/blob/beacf223ab727c7fd114236f40806497c6d0aabd/config/development.yaml#L7
Created ECS cluster let's call it tools.
tools cluster have 2 services:
sso-proxy
grafana - opensource
Going through sso-proxy to get grafana.
when trying to enter credentials to grafana i got the following error:
When incognito mode the login working for the first time.
This is the ECS logs:
Please someone can help.
Grafana must receive proper Host header in the request header. I guess your "sso-proxy" doesn't do that. You didn't provide reproducible example (why not, when you want to help), so it is only a guess.
Lazy and insecure workaround will be Grafana downgrade to version 8.3.4-, where CSRF fix for CVE-2022-21703 is not included.
I am having difficulty in understanding the rewrite annotation in k8s ingress. Can someone please help me in understanding it with an example.
For Eg:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
I checked this Link out but it's still not very clear how the slashes and arguments work out here.
Thanks !
Please refer to this stackoverflow post, this will be helpful for you.
In this post you can see that hostname/api points to backend service, and the rewrite actually makes the url to get converted from hostname/api to hostname.
Rewrite comes handy when frontend and backend services are to be mapped to one hostname only
I enabled modsecurity: "true" and enable-owasp-modsecurity-crs: "true" via the configmap of the nginx ingresss controller according to this link . In the annotation of the ingress I set SecRuleEngine On.
When I use nikto to do some scans and try to trigger the owasp rules I only see 400 responses in the ingress logging. I would expect 403 responses. Anyone any idea on what I am doing wrong or what to check?
Followed the instructions on:
https://karlstoney.com/2018/02/23/nginx-ingress-modsecurity-and-secchatops/
The only thing I had to change was "SecAuditLog /var/log/modsec/audit.log". Changed it to SecAuditLog /var/log/modsec_audit.log
This error is driving me nuts...
Situation:
I am trying to create a REST api and use a api-gateway proxy to access it. Proxy URL is HTTPS.
The deployment goes through fine. No errors reported in the logs. Worker assigned.
However when I try to access through browser get the "Uh-oh spaghettios! There's nothing here.".
Have tried all the usual things like making the https port dynamic using ${https.port} and using 0.0.0.0 instead of localhost in the http-listener config. But that does not help. Has this something to got to do with the proxy version ?
Any help or pointers will be great!
Make sure you follow Steps 2 from below link
Getting Started with Connectors
All,
Got the resolution. The problem was with the certificate chain. The keystore did not contain intermediate certificates. When added to the keystore the connectivity worked fine.
Only if Mulesoft provided correct errors or detailed logging, I would have saved lot of time over this.
Thanks for your inputs.