Comments (4)
You're trying to send unencrypted http requests/traffic from Traefik to UniFi on a https port that requires SSL/TLS, thus the error.
Either send the requests to the UniFi standard http port 8080 or if UniFi is configured to redirect to https, configure Traefik to use https when communicating with the UniFi container(s). In that instance you might also need to set Traefik serversTransport
to insecureSkipVerify
to disable internal SSL certificate validation.
from unifi.
Hello @goofball222 i have allready sent it :/
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
labels:
kustomize.toolkit.fluxcd.io/name: unifi
kustomize.toolkit.fluxcd.io/namespace: unifi
name: traefik-insecureskipverify
namespace: unifi
spec:
insecureSkipVerify: true
My Chart :
Port => 8443
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: ${name}
annotations:
fluxcd.io/automated: "true"
spec:
releaseName: ${name}
timeout: 1m
interval: 10m
chart:
spec:
chart: app-template
version: 2.0.3
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-infra
interval: 1m
values:
#
# DEFAULT VALUE YAML
# https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
#
service:
main:
type: LoadBalancer
loadBalancerIP: ${loadBalancerIP}
ports:
http:
port: ${port}
targetPort: ${port}
inform:
# controller:
enable: true
port: 8080
protocol: TCP
targetPort: 8080
portail-http:
enabled: true
port: 8880
protocol: HTTP
targetPort: 8880
portail-https:
enable: true
port: 8843
protocol: TCP
targetPort: 8843
android:
enable: true
port: 6789
protocol: TCP
targetPort: 6789
stun:
enable: true
port: 3478
protocol: UDP
targetPort: 3478
syslog:
enable: true
port: 5514
protocol: UDP
targetPort: 5514
discovery:
enable: true
port: 10001
protocol: UDP
targetPort: 10001
defaultPodOptions:
dnsConfig:
options:
- name: ndots
value: "1"
nodeSelector:
kubernetes.io/arch: amd64
controllers:
main:
enabled: true
type: statefulset
replicas: 1
strategy: RollingUpdate
rollingUpdate:
unavailable: 1
surge: 1
revisionHistoryLimit: 3
containers:
main:
image:
repository: ${docker_image}
tag: 8.0.28 # {"$imagepolicy": "unifi:unifi:tag"}
pullPolicy: Always
resources:
limits:
memory: 1024Mi
requests:
env:
TZ: Europe/Paris
RUNAS_UID0: "true"
UNIFI_UID: "0"
UNIFI_GID: "0"
JVM_INIT_HEAP_SIZE:
JVM_MAX_HEAP_SIZE: 1024M
UNIFI_DB_NAME: ${name}
DB_MONGO_LOCAL: false
DB_MONGO_URI: mongodb://${name}-mongodb/${name}
STATDB_MONGO_URI: mongodb://${name}-mongodb/${name}_stat
UNIFI_HTTPS_REDIRECT: false
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
ingress:
main:
enabled: true
annotations:
external-dns.alpha.kubernetes.io/target: ${external_domain}
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt-cloudflare
traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia@kubernetescrd
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
gethomepage.dev/enabled: "true"
gethomepage.dev/name: "${name_beautiful}"
gethomepage.dev/description: "${description}"
gethomepage.dev/group: "${group}"
gethomepage.dev/icon: "${icon}"
hosts:
- host: ${subdomain}.${external_domain}
paths:
- path: /
pathType: Prefix
service:
name: ${service_name}
port: ${port}
- host: ${subdomain}.${internal_domain}
paths:
- path: /
pathType: Prefix
service:
name: ${service_name}
port: ${port}
tls:
- secretName: ${name}-tls
hosts:
- ${subdomain}.${external_domain}
- ${subdomain}.${internal_domain}
persistence:
cert:
enabled: true
accessMode: ReadWriteOnce
size: 1Gi
globalMounts:
- path: /usr/lib/unifi/cert
data:
enabled: true
accessMode: ReadWriteOnce
size: 1Gi
globalMounts:
- path: /usr/lib/unifi/data
logs:
enabled: true
accessMode: ReadWriteOnce
size: 1Gi
globalMounts:
- path: /usr/lib/unifi/logs
from unifi.
I have found solution :)
Add this annotation to service (not ingress) to configure destination service in https.
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: https
from unifi.
@goofball222 with this solution you keep TLS in full road.
from unifi.
Related Issues (20)
- 6.5.55 RC is out HOT 1
- something wrong after a while HOT 1
- goofball222/unifi:latest-beta 7.2.92 - "DBServer stopped" HOT 3
- f_chown() should not run if group has access HOT 1
- Current alpine images are missing shared library libsystemd.so.0 HOT 1
- "docker-entrypoint.sh": executable file not found in $PATH: unknown. HOT 4
- Cannot login after switch from internal to external MongoDB HOT 2
- Will there be an update to 7.4.156? HOT 1
- Failure upgrading to 7.4.156 HOT 4
- Beta images incorrectly tagged (7.4.165 vs 7.5.165) and failing due to JDK mismatch (11 vs 17) HOT 2
- Failed to upgrade from 1.1.3 (7.5.176) to 1.2.1 (8.0.7) on TrueNAS Scale 23.10.0.1 HOT 1
- DEBUG set to false, but DEBUG tasks are still filling the log HOT 2
- Question about versioning / tagging of containers
- Debian base - MongoDB 3.6 Release Signing Key EXPKEYSIG HOT 2
- Alow disabling log output to stdout HOT 2
- Version 8.1.104 breaks external Mongo DB support HOT 6
- Need 8.1.113 non-beta please :) HOT 1
- 8.1.127 promoted to stable
- latest-alpine fails to start due to erroneous shared library search paths for JVM
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unifi.