Hello We are in the process of upgrading from 0 8 10 gt 0 8 DataHub #troubleshoot

Hello. We are in the process of upgrading from 0.8...

wonderful-quill-11255

11/23/2021, 12:59 PM

Hello. We are in the process of upgrading from 0.8.10->0.8.11 (yes...baby steps) and got hit by a limitation that the frontend can only talk

http

with the gms, not

https

. In our setup all datahub components talk with each other over SSL. However, if I change the scheme here to https I get a 400 Bad Request response back from the GMS. I was wondering if I'm missing something else that might have to be configured to make the connection work over SSL. I see that by coincidence, 12 hours ago some support for https was committed to master, but we prefer to stay a few releases behind latest. Perhaps @big-carpet-38439 you have a tip?

wonderful-quill-11255

11/23/2021, 1:58 PM

Don't spend any time on this yet. It might be caused by my test setup (docker frontend talking with our real gms).

big-carpet-38439

11/23/2021, 4:44 PM

Hey will get back soon

wonderful-quill-11255

11/24/2021, 10:07 AM

Just FYI, I got this to work (a bit hackish) by making the protocol configurable in combination with removing the 'host' http header. Since our components sit behind AWS LBs (with custom Route53 dns names), the value of the 'host' header as set by the frontend is probably considered corrupted by the metadata-service since it doesn't match the actual hostname of the frontend instance that makes the request.

big-carpet-38439

11/24/2021, 5:18 PM

Got it - so you were also able to configure a certificate at GMS so it can accept inbound https?

wonderful-quill-11255

11/24/2021, 5:47 PM

Not necessary. Incoming SSL termination is at the AWS LB. GMS only sees plain http.

big-carpet-38439

11/28/2021, 10:41 PM

Oh - then how are you making HTTPs authenticated requests to GMS? I guess it reroutes to the LB?

Open in Slack

Previous Next