Docker Fluent bit客户端和Fluentd服务器之间的TLS问题
我正在尝试将一个fluent位客户端(在Docker容器中运行)连接到一个运行Fluentd和TLS的服务器 Fluent位客户端配置:Docker Fluent bit客户端和Fluentd服务器之间的TLS问题,docker,fluentd,fluent-bit,Docker,Fluentd,Fluent Bit,我正在尝试将一个fluent位客户端(在Docker容器中运行)连接到一个运行Fluentd和TLS的服务器 Fluent位客户端配置: [SERVICE] Flush 2 Daemon Off Log_level debug [INPUT] Name Dummy [OUTPUT] Name forward Host SERVER_IP Port PORT tls on tls.
[SERVICE]
Flush 2
Daemon Off
Log_level debug
[INPUT]
Name Dummy
[OUTPUT]
Name forward
Host SERVER_IP
Port PORT
tls on
tls.ca_file /tls/certs/ca.crt.pem
tls.crt_file /tls/certs/client.crt.pem
tls.key_file /tls/private/client.key.pem
tls.key_passwd PASSWORD
tls.debug 3
Fluentd服务器配置:
<source>
@type forward
@id input_forward
port PORT
# tls
<transport tls>
version TLSv1_2
ca_path /etc/td-agent/tls/certs/ca.crt.pem
cert_path /etc/td-agent/tls/certs/server.crt.pem
private_key_path /etc/td-agent/tls/private/server.key.pem
private_key_passphrase PASSWORD
ca_private_key_passphrase PASSWORD
</transport>
</source>
但是,当我使用openssl命令行工具手动尝试将客户端连接到Fluentd服务器时,连接会起作用:
openssl s_client -connect IPADDR:PORT -CAfile certs/ca.crt.pem -cert certs/client.crt.pem -key private/client.key.pem -tls1_2 -state -quiet
因此,我假设服务器正在强制执行openssl CL客户端正在执行的一些检查,但Docker容器中运行的fluent位没有执行
非常感谢您的建议。在fluentd方面,我必须添加一个ca_private_key_路径
<transport tls>
#min_version TLSv1_1
version TLSv1_2
ca_path /etc/td-agent/tls/certs/ca.crt.pem
cert_path /etc/td-agent/tls/certs/server.crt.pem
# ADD CA PRIVATE KEY
ca_private_key_path /etc/td-agent/tls/private/ca.key.pem
private_key_path /etc/td-agent/tls/private/server.key.pem
</transport>
#最小版本TLSv1\U 1
版本TLSv1_2
ca_path/etc/td-agent/tls/certs/ca.crt.pem
证书路径/etc/td-agent/tls/certs/server.crt.pem
#添加CA私钥
ca_private_key_path/etc/td-agent/tls/private/ca.key.pem
private\u key\u path/etc/td-agent/tls/private/server.key.pem
<transport tls>
#min_version TLSv1_1
version TLSv1_2
ca_path /etc/td-agent/tls/certs/ca.crt.pem
cert_path /etc/td-agent/tls/certs/server.crt.pem
# ADD CA PRIVATE KEY
ca_private_key_path /etc/td-agent/tls/private/ca.key.pem
private_key_path /etc/td-agent/tls/private/server.key.pem
</transport>