SSL connection to Kong in Docker

I am trying to setup a TLS connection from my angular app to Kong to proxy my node backend services. I cannot successfully get a HTTPS connection to port 8443 on Kong, although everything works fine on the HTTP session on port 8000. The code for the Kong docker-compose startup is below

    image: kong:latest
    restart: always
      KONG_PG_HOST: kong-database
      KONG_SSL: "on"
      KONG_SSL_CERT: /certs/minica.pem
      KONG_SSL_CERT_KEY: /certs/minica.key
      - kong-database
      test: ["CMD", "curl", "-f", "http://kong:8001"]
      interval: 5s
      timeout: 2s
      retries: 15
      - /Users/jamesbissett/repo/backend/infra/kong/logs:/usr/local/kong/logs
      - /Users/jamesbissett/Documents/GitHub/minica:/certs
      - "8001:8001"
      - "8000:8000"
      - "8443:8443"

When i try the url with insomnia I get the following results

* Preparing request to https://kong:8443/check
* Using libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.39.2
* Current time is 2020-01-06T12:47:00.336Z
* Disable timeout
* Enable automatic URL encoding
* Disable SSL validation
* Enable cookie sending with jar of 0 cookies
* Hostname kong was found in DNS cache
*   Trying
* Connected to kong ( port 8443 (#129)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
*   CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to kong:8443 
* Closing connection 129

The above url resolves and proxies to the correct service with HTTP on port 8000. I am at a loss where to look next any help would be appreciated. I would also like to connect the admin port through SSL as well to secure this communication (everything works fine currently on port 8001).

Going through the same issue. Did you find a resolution to your problem jbiss?

I gave up trying with self signed certs and setup a new server with a subdomain, then I used LetsEncrpyt to generate CA signed certs for this. sub domain.

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ