Channels
- s
Scott Lampert
1 year agoWe’re currently running fleet behind a load balancer that handles https and fleet itself listens on http on the back end. I notice I can’t seem to use fleetctl pointing to localhost because it demands an https connection. Is there currently a flag to override that? I don’t see one. 
Noah Talerman
1 year agoI believe what you’re looking for is the
flag in this command:--tls-skip-verify
More information about the fleetctl config command can be found in the docs here.fleetctl config set --address <https://localhost:8080> --tls-skip-verify
Please let me know if this helps solve your issue.- s
Scott Lampert
1 year agoIt doesn’t. I still get
when I try to doerror creating Fleet API client handler: Address must start with https://fleetctl login
the fleet server runs http, not https
the load balancer handles the ssl
I think it’s this code here: https://github.com/fleetdm/fleet/blob/6b1ba2be5c29ee5da331075929c3e27811f795d2/server/service/client.go#L39 
zwass
1 year agoYep, that looks to be it. @Scott Lampert can you hit the LB url as a workaround and file an issue for http support if you'll need that?- s
Scott Lampert
1 year agoWell I noticed it when I was having issues with LB 🙂 zwass
1 year agoHeh, seems we've put you in a bit of a bind then- s
Scott Lampert
1 year agoIt’s not currently a blocker, but it would be nice to have. Also for all the init stuff our container does so it can talk locally instead of having to go out and back in through the LB zwass
1 year agoMakes sense. Please file an issue and we'll look at adding that.- s
Scott Lampert
1 year ago@zwass I made a PR for this. https://github.com/fleetdm/fleet/pull/489
It seems to work fine locally
@zwass I update the PR to only allow localhost. Hopefully it can get into the next release so I don’t need a custom binary. 🙂
View count: 2