arno/gencert
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update readme

Browse Source
This commit is contained in:
Andy 2018-07-15 19:14:59 +02:00
parent 265f66c3bf
commit 97099b3742
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -88,8 +88,10 @@ services:
### helloworld with socat ### helloworld with socat
socat could be handy when you need to see the TLS flow between the reverse socat could be handy when you need to see the TLS flow between the reverse
proxy and a backend. It may also let you secure the traffic between them in proxy and a backend.
case when the backend application does not support TLS on its own.
It may also help you secure the traffic between the reverse proxy and a backend
in case when the latter service does not support TLS on its own.
> Minimum socat version should be [1.7.3.2](https://fossies.org/linux/privat/socat-1.7.3.2.tar.gz/socat-1.7.3.2/CHANGES) so it will work with the > Minimum socat version should be [1.7.3.2](https://fossies.org/linux/privat/socat-1.7.3.2.tar.gz/socat-1.7.3.2/CHANGES) so it will work with the
> ECDHE- OpenSSL ciphers. > ECDHE- OpenSSL ciphers.
@ -115,6 +117,12 @@ services:
traefik.protocol: 'https' traefik.protocol: 'https'
``` ```
If you get ``sslv3 alert bad certificate`` error, then make sure you have
either updated the CA bundle with your CA file which was used to sign your x509
certificates at the reverse proxy server or disable TLS verification between
the reverse proxy and your backend (e.g. Traefik has a global option
``insecureSkipVerify = true``)
## Testing ## Testing
I have added a simplistic script [testme.sh](testme.sh) that helps to test this I have added a simplistic script [testme.sh](testme.sh) that helps to test this