Hi,
I’m trying to connect two services web and db(mysql) use the tutorial in Secure Service Communication with Consul Service Mesh and Envoy | Consul - HashiCorp Learn as model.
When I try to connect from web into db got this lines on web proxy:
2021-04-07T20:56:29.207Z [ERROR] proxy.upstream: failed to dial: error="peer certificate mismatch got spiffe://b350502d-bd86-a715-6595-9260183bb7c2.consul/ns/default/dc/dc1/svc/web, want spiffe:///ns/default/dc/dc1/svc/db"
and this line on db proxy:
2021-04-07T20:56:36.991Z [ERROR] proxy.inbound: connection failed: error=EOF
I use this line to run the proxy on web:
consul connect proxy -sidecar-for web
And this line for db:
consul connect proxy -sidecar-for db_service
Thanks in advance
Nomar
Hi @kalimalrazif,
Welcome to the Forums.
Could you please share the service definitions of both web and db that you are using? Also, what version of Consul are you running?
Hi @kalimalrazif,
Thanks for sharing this.
You are facing this issue because in your db
service definition you have set the address
to 127.0.0.1
.
When the web
proxy looks up for the db
service from the Consul catalog, it will get the loopback IP and the traffic will end up hitting the same machine instead of the db
service instance on the db host.
To fix this issue, please remove "address": "127.0.0.1"
from your db
service definition and re-register the service. When you do this, the service will get the IP address of the Consul agent of the host from where you registered the service (in this case your db
host)
Hope this helps.
Thanks!!! I will do so. I defined the ip address to 127.0.0.1 because the db service is bound to that address. There is no problem because of that?
Thanks again
Nomar
That’s ok and that’s how it should be. This is because only your sidecar proxy should be exposed outside the host and consul connect proxy
will do the same for you. The sidecar proxy will proxy the traffic to your DB listening on 127.0.0.1
.
1 Like