Coder Social home page Coder Social logo

Comments (4)

goofball222 avatar goofball222 commented on June 21, 2024

You're trying to send unencrypted http requests/traffic from Traefik to UniFi on a https port that requires SSL/TLS, thus the error.

Either send the requests to the UniFi standard http port 8080 or if UniFi is configured to redirect to https, configure Traefik to use https when communicating with the UniFi container(s). In that instance you might also need to set Traefik serversTransport to insecureSkipVerify to disable internal SSL certificate validation.

from unifi.

m4dm4rtig4n avatar m4dm4rtig4n commented on June 21, 2024

Hello @goofball222 i have allready sent it :/

apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/name: unifi
    kustomize.toolkit.fluxcd.io/namespace: unifi
  name: traefik-insecureskipverify
  namespace: unifi
spec:
  insecureSkipVerify: true

My Chart :
Port => 8443

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: ${name}
  annotations:
    fluxcd.io/automated: "true"
spec:
  releaseName: ${name}
  timeout: 1m
  interval: 10m
  chart:
    spec:
      chart: app-template
      version: 2.0.3
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-infra
      interval: 1m
  values:
    #
    #    DEFAULT VALUE YAML
    #    https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
    #
    service:
      main:
        type: LoadBalancer
        loadBalancerIP: ${loadBalancerIP}
        ports:
          http:
            port: ${port}       
            targetPort: ${port}     
          inform:
            # controller:
            enable: true
            port: 8080
            protocol: TCP
            targetPort: 8080
          portail-http:
            enabled: true
            port: 8880
            protocol: HTTP
            targetPort: 8880
          portail-https:
            enable: true
            port: 8843
            protocol: TCP
            targetPort: 8843
          android:
            enable: true
            port: 6789
            protocol: TCP
            targetPort: 6789
          stun:
            enable: true
            port: 3478
            protocol: UDP
            targetPort: 3478
          syslog:
            enable: true
            port: 5514
            protocol: UDP
            targetPort: 5514
          discovery:
            enable: true
            port: 10001
            protocol: UDP
            targetPort: 10001
    defaultPodOptions:
      dnsConfig:
        options:
          - name: ndots
            value: "1"
      nodeSelector:
        kubernetes.io/arch: amd64
    controllers:
      main:
        enabled: true
        type: statefulset
        replicas: 1
        strategy: RollingUpdate
        rollingUpdate:
          unavailable: 1
          surge: 1
        revisionHistoryLimit: 3
        containers:
          main:
            image:
              repository: ${docker_image}
              tag: 8.0.28 # {"$imagepolicy": "unifi:unifi:tag"}
              pullPolicy: Always
            resources:
              limits:
                memory: 1024Mi
              requests:
            env:
              TZ: Europe/Paris
              RUNAS_UID0: "true"
              UNIFI_UID: "0"
              UNIFI_GID: "0"
              JVM_INIT_HEAP_SIZE:
              JVM_MAX_HEAP_SIZE: 1024M
              UNIFI_DB_NAME: ${name}
              DB_MONGO_LOCAL: false
              DB_MONGO_URI: mongodb://${name}-mongodb/${name}
              STATDB_MONGO_URI: mongodb://${name}-mongodb/${name}_stat            
              UNIFI_HTTPS_REDIRECT: false
            probes:
              liveness:
                enabled: false
              readiness:
                enabled: false
              startup:
                enabled: false
    ingress:
      main:
        enabled: true
        annotations:
          external-dns.alpha.kubernetes.io/target: ${external_domain}
          kubernetes.io/ingress.class: traefik
          cert-manager.io/cluster-issuer: letsencrypt-cloudflare
          traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia@kubernetescrd
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.tls: "true"
          gethomepage.dev/enabled: "true"
          gethomepage.dev/name: "${name_beautiful}"
          gethomepage.dev/description: "${description}"
          gethomepage.dev/group: "${group}"
          gethomepage.dev/icon: "${icon}"
        hosts:
          - host: ${subdomain}.${external_domain}
            paths:
              - path: /
                pathType: Prefix
                service:
                  name: ${service_name}
                  port: ${port} 
          - host: ${subdomain}.${internal_domain}
            paths:
              - path: /
                pathType: Prefix
                service:
                  name: ${service_name}
                  port: ${port} 
        tls:
          - secretName: ${name}-tls
            hosts:
              - ${subdomain}.${external_domain}
              - ${subdomain}.${internal_domain}
    persistence:
      cert:
        enabled: true
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /usr/lib/unifi/cert
      data:
        enabled: true
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /usr/lib/unifi/data
      logs:
        enabled: true
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /usr/lib/unifi/logs

from unifi.

m4dm4rtig4n avatar m4dm4rtig4n commented on June 21, 2024

I have found solution :)
Add this annotation to service (not ingress) to configure destination service in https.

        annotations:
          traefik.ingress.kubernetes.io/service.serversscheme: https

image

from unifi.

m4dm4rtig4n avatar m4dm4rtig4n commented on June 21, 2024

@goofball222 with this solution you keep TLS in full road.

from unifi.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.