I'm kinda new to the kubernetes technology, sorry if I'm asking something really dumb. I've been trying to install orangehrm with helm, with no major problems actually and the http works fine but when I try to acces through the https url, it shows me the error of bad request.
It's been installed with a modify value.yaml for the db configuration and also for user and password to login. But the rest is just as the github repositoy is. Secret and login were set apart in my kubernetes configuration from this value.yaml file because the secret wasn't working.
image:
registry: docker.io
repository: bitnami/orangehrm
tag: 4.3.1-0-debian-9-r8
pullPolicy: IfNotPresent
orangehrmUsername: admin
orangehrmPassword: admin
externalDatabase:
host: [REDACTED]
user: [REDACTED]
password: [REDACTED]
database: [REDACTED]
mariadb:
enabled: false
replication:
enabled: true
db:
name: orangehrm
user: [REDACTED]
password: [REDACTED]
master:
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 8Gi
service:
type: NodePort
port: 80
httpsPort: 443
nodePorts:
http: ""
https: ""
externalTrafficPolicy: Cluster
persistence:
enabled: true
orangehrm:
storageClass: slow
accessMode: ReadWriteOnce
size: 8Gi
apache:
storageClass: slow
accesMod: ReadWriteOnce
size: 16Gi
resources:
requests:
memory: 512Mi
cpu: 300m
podAnnotations: {}
ingress:
enabled: true
certManager: false
annotations:
kubernetes.io/ingress.class: nginx
hosts:
- name: [REDACTED].com
path: /
tls: false
tlsSecret: orangehrm-orangehrm
secrets:
metrics:
enabled: false
image:
registry: docker.io
repository: lusotycoon/apache-exporter
tag: v0.5.0
pullPolicy: IfNotPresent
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9117"Bad Request
Your browser sent a request that this server could not understand. Reason: >You're speaking plain HTTP to an SSL-enabled server port.
curl -v output
* About to connect() to orangehrm.[REDACTED].com port 443 (#0)
* Trying 192.168.20.250...
* Connected to orangehrm.[REDACTED].com ([REDACTED]) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=orangehrm.[REDACTED].com,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU
* start date: Jun 07 13:01:54 2019 GMT
* expire date: Jun 04 13:01:54 2029 GMT
* common name: orangehrm.[REDACTED].com
* issuer: O=[REDACTED],L=C.A.B.A.,ST=Buenos Aires,C=AR
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: orangehrm.[REDACTED].com
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.15.8
< Date: Wed, 12 Jun 2019 13:49:43 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 362
< Connection: keep-alive
< Strict-Transport-Security: max-age=15724800; includeSubDomains
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
* Connection #0 to host orangehrm.[REDACTED].com left intact
kubectl get -o yaml pods -l chart output:
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2019-06-12T13:41:42Z"
generateName: orangehrm-orangehrm-76dfdf78f4-
labels:
app: orangehrm-orangehrm
chart: orangehrm-4.1.0
pod-template-hash: 76dfdf78f4
release: orangehrm
name: orangehrm-orangehrm-76dfdf78f4-hdnj9
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: orangehrm-orangehrm-76dfdf78f4
uid: d02765de-8d17-11e9-88b3-00155d00973f
resourceVersion: "19055796"
selfLink: /api/v1/namespaces/default/pods/orangehrm-orangehrm-76dfdf78f4-hdnj9
uid: d04480cd-8d17-11e9-88b3-00155d00973f
spec:
containers:
- env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MARIADB_HOST
value: 192.168.0.132
- name: MARIADB_PORT_NUMBER
value: "3306"
- name: ORANGEHRM_DATABASE_NAME
value: orangehrm
- name: ORANGEHRM_DATABASE_USER
value: orangehrm_user
- name: ORANGEHRM_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: db-password
name: orangehrm-externaldb
- name: ORANGEHRM_USERNAME
value: admin
- name: ORANGEHRM_PASSWORD
valueFrom:
secretKeyRef:
key: orangehrm-password
name: orangehrm-orangehrm
- name: SMTP_HOST
- name: SMTP_PORT
- name: SMTP_USER
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
key: smtp-password
name: orangehrm-orangehrm
- name: SMTP_PROTOCOL
value: none
image: docker.io/bitnami/orangehrm:4.3.0-0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /symfony/web/index.php
port: http
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: orangehrm-orangehrm
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /symfony/web/index.php
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 300m
memory: 512Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /bitnami/orangehrm
name: orangehrm-data
- mountPath: /bitnami/apache
name: apache-data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-r2gbm
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostAliases:
- hostnames:
- status.localhost
ip: 127.0.0.1
nodeName: l004
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: orangehrm-data
persistentVolumeClaim:
claimName: orangehrm-orangehrm-orangehrm
- name: apache-data
persistentVolumeClaim:
claimName: orangehrm-orangehrm-apache
- name: default-token-r2gbm
secret:
defaultMode: 420
secretName: default-token-r2gbm
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:41:49Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:42:52Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:42:52Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-06-12T13:41:42Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://725ddef8da29d353006996d95b248f4ee5cea0bed2542350fc7d63d4dfb0fecb
image: bitnami/orangehrm:4.3.0-0
imageID: docker-pullable://bitnami/orangehrm@sha256:2f0bd90d975a22c7a6237c6fd86c7939df856cf74edd8dcf839df440a5c62606
lastState: {}
name: orangehrm-orangehrm
ready: true
restartCount: 0
state:
running:
startedAt: "2019-06-12T13:41:50Z"
hostIP: 192.168.0.137
phase: Running
podIP: 10.40.0.65
qosClass: Burstable
startTime: "2019-06-12T13:41:49Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""Pod startup log
Welcome to the Bitnami orangehrm container
Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-orangehrm
Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-orangehrm/issues
nami INFO Initializing apache
apache INFO ==> Patching httpoxy...
apache INFO ==> Configuring dummy certificates...
nami INFO apache successfully initialized
nami INFO Initializing php
nami INFO php successfully initialized
nami INFO Initializing mysql-client
nami INFO mysql-client successfully initialized
nami INFO Initializing libphp
nami INFO libphp successfully initialized
nami INFO Initializing orangehrm
orangeh INFO Configuring permissions
orangeh INFO Creating the database...
mysql-c INFO Trying to connect to MySQL server
mysql-c INFO Found MySQL server listening at 192.168.0.132:3306
mysql-c INFO MySQL server listening and working at 192.168.0.132:3306
orangeh INFO Preparing webserver environment...
orangeh INFO Passing wizard, please be patient
orangeh INFO Configuring SMTP...
orangeh INFO Setting OrangeHRM version...
orangeh INFO
orangeh INFO ########################################################################
orangeh INFO Installation parameters for orangehrm:
orangeh INFO Username: admin
orangeh INFO Password: **********
orangeh INFO Site URL: http://127.0.0.1/
orangeh INFO (Passwords are not shown for security reasons)
orangeh INFO ########################################################################
orangeh INFO
nami INFO orangehrm successfully initialized
I have a nginx loadbalancer which Ingress is this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
name: https
spec:
rules:
- host: orangehrm.[REDACTED].com
http:
paths:
- backend:
serviceName: orangehrm-orangehrm
servicePort: 443
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- orangehrm.[REDACTED].com
secretName: orangehrm-httpsAs best I can tell, you are terminating TLS at the Ingress controller, which is then proxying upstream as HTTP but on port 443; so you'll want to update your Ingress to say servicePort: 80 not :443
If you really want to connect TLS all the way through to the Pod, you'll need to either enable SSL passthrough or perhaps switch to use the HTTPS backend