在我的kubernetes Ingress控制器中,记录了很多这样的握手消息。如何停止此错误消息?它会发出请求,请求来自Pod 127.0.0.1中的
2018/09/15 13:28:28 [crit] 21472#21472: *323765 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:442
2018/09/15 13:28:28 [crit] 21472#21472: *323766 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:442
2018/09/15 13:28:28 [crit] 21472#21472: *323767 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:442
2018/09/15 13:28:28 [crit] 21472#21472: *323768 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:442
2018/09/15 13:28:28 [crit] 21472#21472: *323769 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:442
这里是入口参数。
- args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --enable-ssl-chain-completion=false
- --default-ssl-certificate=ingress-nginx/ingress-tls-secret
- --enable-ssl-passthrough
谢谢
答案 0 :(得分:2)
我的问题是我将HAPROXY健康检查配置设置为ssl-hello-chk,现在将其更改为tcp-check,错误消息已停止。
更改此内容:
mode tcp
balance leastconn
option ssl-hello-chk
到
mode tcp
balance leastconn
option tcp-check