fleetspeak client is unable to communicate with the server
Ibrahim-cmd1 opened this issue · comments
Environment
- How did you install GRR? [e.g. from release DEB, HEAD DEB, PIP package, source] from release DEB
- What GRR version are you running?: [e.g. 3.1.2.3] 3.4.5.1
- What operating system does the GRR server run on? [e.g. Ubuntu 18.04] Ubuntu 18.04
- What operating system does the affected GRR client run on, if applicable? [e.g. Windows 10] Windows 10
Describe the issue
I am testing the ability of making fleetspeak client communicate with fleetspeak server through a load balancer.
However when I run the clients I get an error related to the certificate "x509: certificate is valid for 192.168.100.100, not 192.168.100.102"
noting that:
192.168.100.100 ==> GRR server ip
192.168.100.102 ==> loadbalancer ip
Please let me know what could be done to solve this issue? or if anything need to be done on the client or the server to make it loadbalancer aware.
Error logs
E1124 11:28:01.524626 596 system_service.go:250] Unable to get revoked certificate list: unable to retrieve file, last attempt failed with: Get "https://192.168.100.102:443/files/system/RevokedCertificates": x509: certificate is valid for 192.168.100.100, not 192.168.100.102
Hi @Ibrahim-cmd1
Quick question: what load balancer do you use? Does it implement the proxy protocol? If so, would adding proxy_protocol: true
to /etc/fleetspeak-server/server.components.config
help? (see https://grr-doc.readthedocs.io/en/latest/fleetspeak/scaling.html#running-the-fleetspeak-server-component)