-
-
Notifications
You must be signed in to change notification settings - Fork 604
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] tls error when configuring a kafka client #915
Comments
Hello @bb-ha-melech , I think this may be caused by how Centrifugo now resolves TLS configuration: you have Try using whether |
thank you for answering so quickly |
I think no.. looking at Go function which is used by Centrifugo it seems it expects content to contain PEM-encoded cert. I suppose you can try converting your .crt if it's not PEM yet using sth like:
|
ok, i thing i got it. |
we tried what you said and we still get the bad certificate error even when we put tls true, and then dont put anything else, then we still get the bad certificate error |
We tried connecting using We tried every combination, using both the string and the file methods and it doesn't seem to change the end result Thank you very much for the help ! we really want to use centrifugo in our project but this is a serious blocker for us :( |
I think we can figure it out eventually, just not very handy since I don't have the local reproducer. And have only part of the information about your certs. I added TLS configuration debug logs to v6 branch (it was much easier for me at this stage), maybe you can try it? It uses a bit different configuration from v5 due to #832 but here are the instructions: You need Go installed. Then:
Where {
"log_level": "debug",
"consumers": [
{
"enabled": true,
"name": "mykafka",
"type": "kafka",
"kafka": {
"brokers": ["localhost:29092"],
"topics": ["postgres.public.chat_cdc"],
"consumer_group": "centrifugo",
"tls": {
"enabled": true,
"cert_pem_file": "/path/to/cert.pem",
"key_pem_file": "/path/to/key.pem",
"insecure_skip_verify": true
}
}
}
]
} Replace values in configuration above with your Kafka's. In v6 TLS for Kafka is configured using this object https://centrifugal.dev/docs/server/tls#unified-tls-config-object which will be used for all TLS configs in Centrifugo. After that on DEBUG log level you will see some information what is used for TLS config construction. Maybe it can give us some glue and we can proceed from there. At least if it does not work – we will see in logs that all necessary files were really used to create TLS config. |
We will try it with V6 and debug. |
hey,
i am experiencing some issues with the kafka client connection with centrifugo, while configuring it via
image.
The kafka itself if secured with SSL (there are self signed certificates that need to be sent), and the trusted root ca on the pod is updated. The kafka certificates themselves are also correct (i am able to connect with them if i try to do it using python kafka library).
When i am trying to run the centrifugo serer with the kafka i get:
error initializing consumers: error (consumer group): error init Kafka Client: error ping Kafka: remote error: tls: bad certificate
It could be because maybe i have some misunderstanding of the config.json structure :)
Is there maybe an example to file types/expected content for each key in the tls kafka config that are expected in the config.json?
...
Versions
Centrifugo version is 5.4.6
Operating system is docker alpine linux 3.18
Could there be any problem with self signed certificates in golang? we are using it as a deployed service and do not usually develop with go, so any help figuring this out will be amazing
The text was updated successfully, but these errors were encountered: