Consul connect with a built-in proxy doesn't work well

Hi,
I’d like to execute the consul connect with a built-in proxy, but it doesn’t work well.

Environment

  • macos(as localhost)
  • consul v1.16.2

Steps

  1. Launch consul agent with a config below. It works well.
$ consul agent -server -config-dir=./consul-config-sidecar

consul-config.hcl

datacenter = "dc1"
data_dir  = "sidecar-car-data"
server = true

bootstrap_expect = 1
ui_config{
  enabled = true
}

bind_addr   = "127.0.0.1"
client_addr = "127.0.0.1"

connect {
  enabled = true
}
  1. Register a service dummy-2 with a config below. It works well.
$ consul reload

dummy-2.json

{
  "service": {
    "name": "dummy-2",
    "port": 4321
  }
}
  1. Register a service dummy-1 and execute the consul connect with a config below. It doesn’t work well.
$ consul reload
$ consul connect proxy -sidecar-for dummy-1
{
  "service": {
    "name": "dummy-1",
    "port": 1234,
    "connect": {
      "sidecar_service": {
        "port": 19001,
        "check": {
          "name": "Connect Built-in Sidecar",
          "tcp": "0.0.0.0:19001",
          "interval": "10s"
        },
        "proxy": {
	        "upstreams": [
	          {
	            "destination_name": "dummy-2",
	            "local_bind_port": 9191
	          }
	      ]
        }
      }
    }
  }
}

The error message is the following. Would you tell me the cause if figured out?

$ consul connect proxy -sidecar-for dummy-1
==> Consul Connect proxy starting...
    Configuration mode: Agent API
        Sidecar for ID: dummy-1
              Proxy ID: dummy-1-sidecar-proxy

==> Log data will now stream in as it occurs:

    2024-09-20T18:08:01.691+0900 [INFO]  proxy: Starting listener: listener=127.0.0.1:9191->service:default/default/dummy-2 bind_addr=127.0.0.1:9191
    2024-09-20T18:08:01.692+0900 [INFO]  proxy: Proxy loaded config and ready to serve
    2024-09-20T18:08:01.692+0900 [INFO]  proxy: Parsed TLS identity: uri=spiffe://5d6fda93-1a35-ece1-8c04-2ea4bfca88a1.consul/ns/default/dc/dc1/svc/dummy-1
    2024-09-20T18:08:01.692+0900 [INFO]  proxy: Starting listener: listener="public listener" bind_addr=0.0.0.0:19001
    2024-09-20T18:08:06.567+0900 [ERROR] proxy.inbound: failed to dial: error="dial tcp 127.0.0.1:1234: connect: connection refused"
2024-09-20T18:08:16.570+0900 [ERROR] proxy.inbound: failed to dial: error="dial tcp 127.0.0.1:1234: connect: connection refused"
    2024-09-20T18:08:26.573+0900 [ERROR] proxy.inbound: failed to dial: error="dial tcp 127.0.0.1:1234: connect: connection refused"
...

Hi @breezin_ahimusa,

It is not working because the proxy is unable to talk to the application on port 1234 on 127.0.0.1.

Please note that the built-in proxy is not recommended for any real production use-case. You should be using Envoy proxy instead.

Note: The built-in proxy is not supported for production deployments. It does not support many of Consul’s service mesh features, and is not under active development. The Envoy proxy should be used for production deployments.
ref: Built-in Proxy Configuration | Service Mesh | Consul | HashiCorp Developer

Hi @Ranjandas,

Thank you for your reply. I replaced built-in proxy to Envoy, and then it worked well.

1 Like