I have configured tyk-dashboard to enable SSL and run on https://, please see the below configuration,
Have private certificate, concatenated, certificate and key into one pem file and used in the below configuration,
Now port issue is no more, but instead certificate issue is appearing when doing dashboard and gateway start
Both dashboard and gateway are on same machine
OS : Debian 9
Installation : On prem
Dashboard log:
http: TLS handshake error from XX.XX.XX.XXX:41052: remote error: tls: bad certificate
http: TLS handshake error from XX.XX.XX.XXX:41052: remote error: tls: bad certificate
Gateway Log:
level=error msg=“Request failed with error Get https://XX.XX.XX.XXX:3000/register/node: x509: cannot validate certificate for XX.XX.XX.XXX because it doesn’t contain any IP SANs; retrying in 5s”
level=error msg=“Request failed with error Get https://XX.XX.XX.XXX:3000/register/node: x509: cannot validate certificate for XX.XX.XX.XXX because it doesn’t contain any IP SANs; retrying in 5s”
level=error msg=“Request failed with error Get https://XX.XX.XX.XXX:3000/register/node: x509: cannot validate certificate for XX.XX.XX.XXX because it doesn’t contain any IP SANs; retrying in 5s”
If your certificates you are using are self signed you will need to add ssl_insecure_skip_verify: true to the http_server_options to both of your configs.
I think the connection between the dashboard and gateway being on the same machine means that they are trying to connect to each other on the localhost IP which is not listed in the cert and so it is considered invalid. Can you add the domain the cert is registered to your hosts file on the machine.
After adding ssl_insecure_skip_verify in dashboard and gateway server was still throwing error.
So have tried removing this configuration from dashboard conf only and restarted servers again.
Now both gateway and dashboard are up and running.
But when I am trying to open dashboard on browser, it is getting displayed as not secure site with https://
and while accessing API through postman, gateway is throwing below errors,
http: TLS handshake error from XX.XX.XX.XXX:49524: tls: first record does not look like a TLS handshake