Hi! I have been following the complete guide to deploying your rasa assistant, and I was unable to get the SSL certificate to work. I was able to access Rasa X through the Load Balancer’s external IP address 34.87.xxx.xx:8000 .
After following the instructions as to:
creating an A record with my domain registrar, pointing to Load Balancer’s external IP address.
applying letsencrypt-issuer-production.yml
applying cert-request.yml
updating the ingress in the Helm chart settings (values.yml) and running helm upgrade.
When I visit my domain, the error message ERR_CONNECTION_CLOSED is shown.
I have tried other methods as well but have been facing multiple issues as well (trying to configure Nginx reverse proxy to use SSL, using Google-managed certificates)
After you apply the domain name in step 1, is Rasa X available at the new URL? Curious whether the error is there before you apply the SSL, or only after all steps have been completed.
Hi Karen! Thanks so much for the reply!
Yes, currently the domain name only works with http when I point it to the LoadBalancer’s external IP and Rasa X is available, but it doesn’t work with https.
This is how the log for the nginx pod looks:
PS C:\Users\AidenKoh> kubectl logs rasa-nginx-5785765c89-jcgww --namespace rasa
←[38;5;6mnginx ←[38;5;5m09:50:38.39 ←[0m
←[38;5;6mnginx ←[38;5;5m09:50:38.41 ←[0m←[1mWelcome to the Bitnami nginx container←[0m
←[38;5;6mnginx ←[38;5;5m09:50:38.42 ←[0mSubscribe to project updates by watching ←[1mhttps://github.com/bitnami/bitnami-docker-nginx←[0m
←[38;5;6mnginx ←[38;5;5m09:50:38.43 ←[0mSubmit issues and feature requests at ←[1mhttps://github.com/bitnami/bitnami-docker-nginx/issues←[0m
←[38;5;6mnginx ←[38;5;5m09:50:38.43 ←[0m
SSL encryption is not used since no certificates were provided.
>>exec docker CMD
/opt/bitnami/scripts/nginx/run.sh
←[38;5;6mnginx ←[38;5;5m09:50:38.54 ←[0m←[38;5;2mINFO ←[0m ==> ** Starting NGINX **
2020/12/11 09:50:38 [notice] 1#1: using the "epoll" event method
2020/12/11 09:50:38 [notice] 1#1: nginx/1.19.4
2020/12/11 09:50:38 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
2020/12/11 09:50:38 [notice] 1#1: OS: Linux 4.19.112+
2020/12/11 09:50:38 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2020/12/11 09:50:38 [notice] 1#1: start worker processes
2020/12/11 09:50:38 [notice] 1#1: start worker process 16
and this is how it looks when I run kubectl describe certificates:
PS C:\Users\AidenKoh> kubectl describe certificates --namespace rasa
Name: letsencrypt-prod
Namespace: rasa
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1alpha3
Kind: Certificate
Metadata:
Creation Timestamp: 2020-12-10T05:47:06Z
Generation: 1
Resource Version: 240854
Self Link: /apis/cert-manager.io/v1alpha3/namespaces/rasa/certificates/letsencrypt-prod
UID: .......
Spec:
Common Name: .......
Dns Names:
.......
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: .......
Status:
Conditions:
Last Transition Time: 2020-12-10T05:47:06Z
Message: Waiting for CertificateRequest "letsencrypt-prod-190842314" to complete
Reason: InProgress
Status: False
Type: Ready
Events: <none>
I’m not sure if its because the certificate request is still in progress. (It’s already been a day).
Hello ! I ran into this error when I was trying to figure to configure SSL on my Kubernetes deployment. Thought I’d share how I dealt with it just in case anyone else is struggling but still want to stick to GCP.
When I tried the certification on my own Kubernetes deployment it didn’t work. This was because I wasn’t able to reroute the traffic from port 80 to 8000. Because the connection between my domain and deployment was not working the SSL certification did not work. I tried changing ports in the ngnix service in the values.yml but couldn’t properly set up a reverse proxy without breaking other stuff!
When I did the one-line deployment and followed this guide on connecting GCloud VM with a Domain Name. Something I did not pick up earlier is that the one-line deployment is a pretty good option because you can configure the values.yml and add whenever you want. Just make sure to export KUBECONFIG=/etc/rancher/k3s/k3s.yaml before helm upgrade --values values.yml --namespace rasa --reuse-values rasa rasa-x/rasa-x after following @karen-white 's really clear blog post!