Them you for replying. I realised that tautulli.tanscloud.com does not work. I removed the entry. Sorry about not mentioning that. Plexmonitoring.tanscloud.com works but the cert is insecure. That is what i am trying to resolve.
I reread what you wrote. Thats interesting, I wrote https://plexmonitoring.tanscloud.com but I get an insecure sign.
Yet when I use https://kibana.tanscloud.com I get a proper cert....
I'll look at how to redirect to https. I dont think I set that up
For some reason, that redirects https->http, but then sends you to http://plexmonitoring.tanscloud.com/auth/login?redirect_uri=/. But if you manually change that to https, it stays:
3 Likes
Ah ha , ok , So i will have to look at what is going on with that. Its strange its redirecting like that. Thank you. I suspect its some funky rules going on.
It is. I'd look to your Ombi configuration, though I don't remember having to do anything special to mine when I put it behind HAProxy. Here's what curl -v shows:
dan@Dan-Hack-Mini ~ curl -v https://plexmonitoring.tanscloud.com
* Trying 27.252.93.28...
* TCP_NODELAY set
* Connected to plexmonitoring.tanscloud.com (27.252.93.28) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=plexmonitoring.tanscloud.com
* start date: Feb 10 09:12:04 2021 GMT
* expire date: May 11 09:12:04 2021 GMT
* subjectAltName: host "plexmonitoring.tanscloud.com" matched cert's "plexmonitoring.tanscloud.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fd60180d600)
> GET / HTTP/2
> Host: plexmonitoring.tanscloud.com
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 303
< content-type: text/html;charset=utf-8
< date: Wed, 10 Feb 2021 11:25:11 GMT
< location: http://plexmonitoring.tanscloud.com/auth/logout?redirect_uri=/
< server: CherryPy/unknown
< vary: Accept-Encoding
< vary: Accept-Encoding
< content-length: 170
<
* Connection #0 to host plexmonitoring.tanscloud.com left intact
This resource can be found at <a href="http://plexmonitoring.tanscloud.com/auth/logout?redirect_uri=/">http://plexmonitoring.tanscloud.com/auth/logout?redirect_uri=/</a>.* Closing connection 0
Did you maybe set the base URL? That shouldn't be needed in this case, but might explain what you're seeing if you set it to http://plexmonitoring...
1 Like
Missed this earlier. I'd expect this would be something you'd set up as a blanket thing in Traefik. I haven't worked with that proxy, but I know that's how HAProxy does it
1 Like
Thank you @danb35 and @rg305 . Through this exercise I learnt something new.
What we are looking for is this annotation in kubernetes:
traefik.ingress.kubernetes.io/redirect-entry-point: https
2 Likes
For posterity I applied this to the annotations of the ingress in Kubernetes
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.