I generate and receive tls ssl certificate from cloudfront.
http works fine,
https will result in tls handshake error.
---
apiVersion: v1
kind: Service
metadata:
namespace: test
name: whoami
labels:
app: whoami
spec:
ports:
- port: 80
selector:
app: whoami
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: test
name: whoami
labels:
app: whoami
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: tlsoptions
namespace: test
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_FALLBACK_SCSV
curvePreferences:
- CurveP521
- CurveP384
sniStrict: false
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: transport
namespace: test
spec:
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami-web
namespace: test
spec:
entryPoints:
- web
routes:
- match: Host(`domain.com`)
kind: Rule
middlewares:
- name: headers-default@file
services:
- name: whoami
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami-websecure
namespace: test
spec:
entryPoints:
- websecure
routes:
- match: Host(`domain.com`)
kind: Rule
services:
- name: whoami
port: 80
serversTransport: transport
tls:
options:
name: tlsoptions
namespace: test
---
time="2022-03-25T23:34:24Z" level=debug msg="Serving default certificate for request: \"domain.com\""
time="2022-03-25T23:34:24Z" level=debug msg="http: TLS handshake error from 10.11.11.240:41668: read tcp 10.11.10.41:8443->10.11.11.240:41668: read: connection reset by peer"
Can you tell me which one is wrong ?