Hi everyone,
I’m currently exploring Nomad with Consul Connect. I’ve been working with it for 20 days now, and I absolutely love the ecosystem, even though it can be challenging at times. I’ve been reading tons of documentation and forum posts trying to understand everything.
Anyway, I have a cluster with 3 servers and 4 nodes, and I’ve successfully deployed most of my services using Nomad jobs, along with a service mesh set up with Consul Connect.
However, I’m currently facing an issue I can’t solve. I’m deploying a Docker task that only listens on HTTPS (there are no environment variables or parameters to override this). When I deploy the service, I get the following error:
“Bad Request. This combination of host and port requires TLS.”
From what I understand:
-
My browser sends a request to the address, which goes directly to Traefik.
-
Traefik forwards the request to the Envoy proxy.
-
The Envoy proxy redirects the request to my backend, but without TLS, which causes the app to throw an error.
Is there a way to configure the Envoy proxy to connect to the backend service using TLS but without verifying the certificate?
Thanks in advance for your help!
Here’s my hcl file :
# Unifi job definition for Nomad
job "myapp" {
# General job configuration
datacenters = ["dc1"] # Specify the datacenters where this job can run
group "myapp" {
count = 1
# Network configuration
network {
mode = "bridge" # Use bridge network mode
port "web" { }
}
# Service registration
service {
name = "myapp" # Service name
port = "8444" # Port for the Web service
tags = [ # Traefik integration via Consul Catalog
"traefik.enable=true",
"traefik.http.routers.myapp.rule=Host(`myapp.domain`)",
"traefik.http.routers.myapp.entrypoints=http",
"traefik.http.routers.myapp.tls=false"
]
provider = "consul" # Use Consul for service discovery
# Consul Connect sidecar configuration
connect {
sidecar_service {
}
}
}
# Task definition for the server
task "server" {
driver = "docker" # Use Docker as the task driver
# Container configuration
config {
image = "my-image-which-only-runs-in-https" # Latest Server image
ports = ["myapp"]
}
}
}
}