fix(meshcentral): use service port 80→443 to prevent Traefik HTTPS
Root cause: Traefik v3 auto-detects HTTPS for backend port 443, ignoring the port name "http" and serversscheme annotations. MeshCentral serves HTTP on 443 (TLSOffload mode), but Traefik connected via HTTPS causing TLS handshake failure → 500. Fix: Change K8s service port from 443 to 80 with target_port 443. Traefik sees port 80 → uses HTTP → reaches MeshCentral correctly. Also disables anti-AI scraping (internal tool behind Authentik).
This commit is contained in:
Viktor Barzin
parent
2ced1e8fb5
commit
9349d5d566
1 changed files with 5 additions and 4 deletions
|
|
@ -224,9 +224,10 @@ resource "kubernetes_service" "meshcentral" {
|
|||
app = "meshcentral"
|
||||
}
|
||||
port {
|
||||
name = "http"
|
||||
port = 443
|
||||
protocol = "TCP"
|
||||
name = "http"
|
||||
port = 80
|
||||
target_port = 443
|
||||
protocol = "TCP"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -236,7 +237,7 @@ module "ingress" {
|
|||
namespace = kubernetes_namespace.meshcentral.metadata[0].name
|
||||
name = "meshcentral"
|
||||
tls_secret_name = var.tls_secret_name
|
||||
port = 443
|
||||
port = 80
|
||||
protected = true
|
||||
anti_ai_scraping = false
|
||||
extra_annotations = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue