https://github.com/osquery/osquery logo
#fleet
Title
# fleet
s

Scott Lampert

03/17/2021, 2:54 PM
We’re currently running fleet behind a load balancer that handles https and fleet itself listens on http on the back end. I notice I can’t seem to use fleetctl pointing to localhost because it demands an https connection. Is there currently a flag to override that? I don’t see one.
n

Noah Talerman

03/17/2021, 3:59 PM
I believe what you’re looking for is the
--tls-skip-verify
flag in this command:
Copy code
fleetctl config set --address <https://localhost:8080> --tls-skip-verify
More information about the fleetctl config command can be found in the docs here.
Please let me know if this helps solve your issue.
s

Scott Lampert

03/17/2021, 4:19 PM
It doesn’t. I still get
error creating Fleet API client handler: Address must start with https://
when I try to do
fleetctl login
the fleet server runs http, not https
the load balancer handles the ssl
z

zwass

03/17/2021, 4:51 PM
Yep, that looks to be it. @Scott Lampert can you hit the LB url as a workaround and file an issue for http support if you'll need that?
s

Scott Lampert

03/17/2021, 4:52 PM
Well I noticed it when I was having issues with LB 🙂
z

zwass

03/17/2021, 4:52 PM
Heh, seems we've put you in a bit of a bind then
s

Scott Lampert

03/17/2021, 4:53 PM
It’s not currently a blocker, but it would be nice to have. Also for all the init stuff our container does so it can talk locally instead of having to go out and back in through the LB
z

zwass

03/17/2021, 4:55 PM
Makes sense. Please file an issue and we'll look at adding that.
👍 1
s

Scott Lampert

03/17/2021, 6:30 PM
@zwass I made a PR for this. https://github.com/fleetdm/fleet/pull/489
It seems to work fine locally
@zwass I update the PR to only allow localhost. Hopefully it can get into the next release so I don’t need a custom binary. 🙂
z

zwass

03/18/2021, 7:01 PM
You got it 🙂
4 Views