SSL connection to Kong in Docker

I am trying to setup a TLS connection from my angular app to Kong to proxy my node backend services. I cannot successfully get a HTTPS connection to port 8443 on Kong, although everything works fine on the HTTP session on port 8000. The code for the Kong docker-compose startup is below

kong:
    image: kong:latest
    restart: always
    environment:
      KONG_PG_HOST: kong-database
      KONG_PROXY_LISTEN: 0.0.0.0:8000
      KONG_PROXY_LISTEN_SSL: 0.0.0.0:8443
      KONG_ADMIN_LISTEN: 0.0.0.0:8001
      KONG_SSL: "on"
      KONG_SSL_CERT: /certs/minica.pem
      KONG_SSL_CERT_KEY: /certs/minica.key
    depends_on:
      - kong-database
    healthcheck:
      test: ["CMD", "curl", "-f", "http://kong:8001"]
      interval: 5s
      timeout: 2s
      retries: 15
    volumes:
      - /Users/jamesbissett/repo/backend/infra/kong/logs:/usr/local/kong/logs
      - /Users/jamesbissett/Documents/GitHub/minica:/certs
    ports:
      - "8001:8001"
      - "8000:8000"
      - "8443:8443"

When i try the url with insomnia I get the following results

* Preparing request to https://kong:8443/check
* Using libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.39.2
* Current time is 2020-01-06T12:47:00.336Z
* Disable timeout
* Enable automatic URL encoding
* Disable SSL validation
* Enable cookie sending with jar of 0 cookies
* Hostname kong was found in DNS cache
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to kong (127.0.0.1) port 8443 (#129)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
*   CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to kong:8443 
* Closing connection 129

The above url resolves and proxies to the correct service with HTTP on port 8000. I am at a loss where to look next any help would be appreciated. I would also like to connect the admin port through SSL as well to secure this communication (everything works fine currently on port 8001).

Going through the same issue. Did you find a resolution to your problem jbiss?

Yes,
I gave up trying with self signed certs and setup a new server with a subdomain, then I used LetsEncrpyt to generate CA signed certs for this. sub domain.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ