Develop Reference

Can't complete HTTP challenge for letsencrypt on Kubernetes

I have a k3s cluster and I'm trying to configure it to get a SSL certificate from let's encrypt. I have followed many guides, and I think I'm really near to manage it, but the problem is that the Challenge object in Kubernetes reports this error:
Waiting for HTTP-01 challenge propagation: failed to perform self check GET request 'http://devstore.XXXXXXX.com/.well-known/acme-challenge/kVVHaQaaGU7kbYqnt8v7LZGaQvWs54OHEe2WwI_MOgk': Get "http://devstore.XXXXXXX.com/.well-known/acme-challenge/kVVHaQaaGU7kbYqnt8v7LZGaQvWs54OHEe2WwI_MOgk": dial tcp: lookup devstore.XXXXXXX.com on 10.43.0.10:53: no such host
It seems that the in some way cert manager is trying to resolve my public DNS name internally, and is not managing to do it, so the challenge is not working. Can you help me on that, I googled it but I cannot find a solution for it...
Thank you

It is probable that the DNS record for the domain you want the certificate does not exist.
If if does, and you are using a split horizon DNS config (hijacking the .com domain in your local network) make sure it points out to your public ip (e.g. your home gateway)
[Edit]
Also, you have to figure out LE getting to your cluster in the network, so port-forward 80/443 to your cluster's IPs.
You can get away with it because k3s will default to cluster traffic policy in the load balancer

This can be caused by multiple different reasons. If you find that it is a transient issue (or possibly if you have misconfigured coredns before), you might want to double-check your coredns configmap (in the kube-system namespace).
E.g. you could remove/reduce caching, or point to different DNS nameservers.
Here's a description of the issue, where a switch to Google DNS + cache removal helped clear the issue.

Thank you DarthHTTP, I finally manage to make it work! The problem was, as I mentioned on the comment, that the firewall was not routing correctly the HTTP request using the public IP from the private network side. I solved configuring an internal DNS server that is resolving the name with the private IP address of the K3S node, and using that server as the DNS server for the K3S node. Eventually my HTTP web app got a valid let's encrypt certificate!

Mounting Google Cloud network locally

We have a Google Cloud project with several VM instances and also Kubernetes cluster.
I am able to easily access Kubernetes services with kubefwd and I can ping them and also curl them. The problem is that kubefwd works only for Kubernetes, but not for other VM instances.
Is there a way to mount the network locally, so I could ping and curl any instance without it having public IP and with DNS the same as inside the cluster?

I would highly recommend rolling a vpn server like openvpn. You can also run this inside of the Kubernetes Cluster.
I have a make install ready repo for ya to check out at https://github.com/mateothegreat/k8-byexamples-openvpn.
Basically openvpn is running inside of a container (inside of a pod) and you can set the routes that you want the client(s) to be able to see.
I would not rely on kubefwd as it isn't production grade and will give you issues with persistent connections.
Hope this help ya out.. if you still have questions/concerns please reach out.

unable to ping/send http requests to RHEL tomcat server on Azure

Note - I am fully aware that there are lot of similar issues posted before, but I tried NSG settings, psping but nothing seem to work
All, I brought up a RHEL7.3 server on Azure and installed JDK1.8 and Tomcat8. After starting Tomcat, I tried an http request from my browser:
http://XX.yy.zz.abc:8080/ but I was unable to get the index page
I also created an inbound security rule to allow HTTP and also allow IP range from our company.
Even worse is, when I tried pinging to this IP from my desktop computer, I am unable to ping the same - it is timing out.
Please note that in the past, I've been able to bring up servers and be able to connect from desktops without any issues - in a similar azure-companynetwork setup.
Am I missing anything here?

Ok, so pings do not work, you shouldn't even try that. What you should check is the firewall on you RHEL VM and check you've allowed port 8080 on you NSG, also your VM should have a PublicIP attached

According to your description, you had better check as the following ways:
1.Please ensure you could access your web by using 127.0.0.1:8080 on your VM.
2.Check your service listening.
netstat -ant|grep 8080
Please ensure 8080 is listening on tcp not tcp6.
3.Open firewall port on RHEL.
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
More information about RHEL firewall please refer to this link.
4.Open port on Azure NSG.
NSG could be associated with NIC and subnet, you should check all of them.

All,
It looks like there is an input firewall inside of RHEL7.3 that is preventing connections. I just stopped it using
service firewalld stop
I am able to get the home page.

Make Laravel Homestead Accessible via the Internet

How can I make Laravel Homestead (a Vagrant vm) accessible via the internet? Currently, I have set my router to port-forward to my host machine's local IP. However, that causes the Laravel site to think that all incoming requests are coming from 10.0.2.2.
What would be the correct way to make the site accessible via the internet? Would I have to get the VM to be assigned an IP from the routers DHCP? If so, how do I do that?

The correct answer these days would be to use Homestead's share alias on the command line via ssh.
eg. share acme.app
Behind the scenes, this uses ngrok and is documented in the Laravel documentation.

You can make it work with xip.io service. More details here: http://christoph-rumpel.com/2014/10/access-laravel-homestead-projects-through-other-devices-in-three-little-steps/

Chances are you need to tell Laravel to trust the router as a proxy:
Request::setTrustedProxies([
'10.0.2.2',
]);
This will work if the router correctly sets X-Forwarded-For sort of headers.

How to set up a virtual host in WebLogic?

Is it possible to set a virtual host in WebLogic only ?
In my development machine, I have a WebLogic instance with two servers, listening to ports 7002 and 7003; the deployed application contains EJBs and MDBs.
I want to point a Java client outside of the container to a single url, which I know will be served by the cluster, instead of pointing the class to a direct server. This java client will talk to EJBs and JMS queues in the cluster.
Most of the Google searches with the terms weblogic and "virtual host" give me answers involving Apache. Now, correct me if I'm wrong but I understand that the apache server works with HTTP. The cluster being weblogic, the protocol for the ejb will be T3; if it were JBoss, the protocol would be jnp.
So here are the questions:
Is it possible to set a virtual host with WebLogic ?
If so, do I need Apache server to do the virtual host ?
Is this the solution to the wrong problem ? All I need is for the cluster to answer to a single URL. Is there any other solution than virutal hosts ? Is it simpler ?
Also, this is on a Windows machine.

All I need is for the cluster to answer to a single URL. Is there any other solution than virutal hosts ? Is it simpler ?
Yes, simply declare a "cluster URL" in your JNDI environment settings:
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
java.naming.provider.url=t3://host1:7002,host2:7003
java.naming.security.principal=
java.naming.security.credentials=
The Apache plugin, virtual hosts, etc are HTTP things and have nothing to do with EJB or JMS clients.

Yes you can set up a virtual host in ur weblogic server.
The first file we'll need to edit is the Apache httpd.conf
file. For example, mine is here:
C:\Program Files\Apache Group\Apache\conf\httpd.conf
o to the very bottom of your httpd.conf file in your text
editor. It means that Apache is required.
Yes Setting up a virtual host with apache will solve ur problem.