我正在
dockerdocker-compose我不想更改此域名结构。
docker 容器名称和
consulconsul.hello.comconsul[ERROR] agent.server.rpc: failed to read byte: conn=from=127.0.0.1:56931 error="remote error: tls: bad certificate"
[WARN] agent: [core][Channel #1 SubChannel #5] grpc: addrConn.createTransport failed to connect to {Addr: "dc1-127.0.0.1:8300", ServerName: "agent-one", }. Err: connection error: desc = "transport: Error while dialing: tls: failed to verify certificate: x509: certificate is valid for consul.hello.com, not server.dc1.consul.hello.com"
[WARN] agent: error getting server health from server: server=agent-one error="rpc error getting client: failed to get conn: tls: failed to verify certificate: x509: certificate is valid for consul.hello.com, not server.dc1.consul.hello.com"
[ERROR] agent.server.rpc: failed to read byte: conn=from=127.0.0.1:59375 error="remote error: tls: bad certificate"
这是我的
Consul{
"domain": "hello.com",
"bootstrap": true,
"server": true,
"log_level": "debug",
"datacenter": "consul",
"encrypt": "f502FprfDugOXiWqZUJpyAwgeXH+6qs6VNFjPxX8TgU=",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"node_name": "agent-one",
"data_dir": "/tmp/consul-data",
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"ui_config": {
"enabled": true
},
"addresses": {
"https": "0.0.0.0"
},
"ports": {
"http": -1,
"https": 8501
},
"tls": {
"defaults": {
"key_file": "/tmp/consul.hello.com.plain-key",
"cert_file": "/tmp/consul.hello.com.crt",
"ca_file": "/tmp/ca.crt",
"verify_incoming": true,
"verify_outgoing": true,
"verify_server_hostname": true
}
}
}
但是这个配置不起作用。我可以覆盖配置中的
domaindatacenterfailed to verify certificate: x509:
certificate is valid for consul.hello.com, not server.consul.hello.com"
领事仍然坚持使用
server我需要将
verify_server_hostnametrue如何从
consulConsulSAN我使用 OpenVPN easy-rsa 所以我的案例的解决方案是添加以下参数:
--subject-alt-name="DNS:server.$FQDN"我的环境中
FQDN=consul.hello.com