Channels
#fleet
Title
# fleet
s
Scott Lampert
03/17/2021, 2:54 PMWe’re currently running fleet behind a load balancer that handles https and fleet itself listens on http on the back end. I notice I can’t seem to use fleetctl pointing to localhost because it demands an https connection. Is there currently a flag to override that? I don’t see one.
n
Noah Talerman
03/17/2021, 3:59 PMI believe what you’re looking for is the
--tls-skip-verify Copy code
fleetctl config set --address <https://localhost:8080> --tls-skip-verifyPlease let me know if this helps solve your issue.
s
Scott Lampert
03/17/2021, 4:19 PMIt doesn’t. I still get
error creating Fleet API client handler: Address must start with https://fleetctl loginthe fleet server runs http, not https
the load balancer handles the ssl
I think it’s this code here: https://github.com/fleetdm/fleet/blob/6b1ba2be5c29ee5da331075929c3e27811f795d2/server/service/client.go#L39
z
zwass
03/17/2021, 4:51 PM
Yep, that looks to be it. @Scott Lampert can you hit the LB url as a workaround and file an issue for http support if you'll need that?
s
Scott Lampert
03/17/2021, 4:52 PMWell I noticed it when I was having issues with LB 🙂
z
zwass
03/17/2021, 4:52 PM
Heh, seems we've put you in a bit of a bind then
s
Scott Lampert
03/17/2021, 4:53 PMIt’s not currently a blocker, but it would be nice to have. Also for all the init stuff our container does so it can talk locally instead of having to go out and back in through the LB
z
zwass
03/17/2021, 4:55 PM
Makes sense. Please file an issue and we'll look at adding that.
👍 1
s
Scott Lampert
03/17/2021, 6:30 PM@zwass I made a PR for this. https://github.com/fleetdm/fleet/pull/489
It seems to work fine locally
@zwass I update the PR to only allow localhost. Hopefully it can get into the next release so I don’t need a custom binary. 🙂
z
zwass
03/18/2021, 7:01 PM
You got it 🙂
4 Views