Briefly the same config pattern that works with http protocol listener fails sozu from running when it is instead with https:
# Proxy HTTP
[[listeners]]
protocol = "http"
address = "[::]:80"
# Proxy HTTPS
[[listeners]]
protocol = "https"
address = "[::]:443"
[clusters]
[clusters.http]
protocol = "http"
frontends = [
{ address = "[::]:80", hostname = "subdomain.domain.tld" },
]
backends = [
{ address = "[::1]:8080" },
]
[clusters.https]
protocol = "http"
frontends = [
{ address = "[::]:443", hostname = "subdomain.domain.tld" },
]
backends = [
{ address = "[::1]:8443" },
]
The above fails sozu from running:
systemd[1]: Starting sozu.service - Sozu - A HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust....
sozu[21310]: failed to load config: Can not set this frontend on a Https listener
sozu[21310]: Error: Cli(LoadConfig(WrongFrontendProtocol(Https)))
systemd[1]: sozu.service: Control process exited, code=exited, status=1/FAILURE
systemd[1]: sozu.service: Failed with result 'exit-code'.
But why? It is unclear from log output and https://github.com/sozu-proxy/sozu/blob/main/bin/config.toml if I am missing some required parameter:
# Proxy HTTP
[[listeners]]
protocol = "http"
address = "[::]:80"
# Proxy HTTPS
[[listeners]]
protocol = "https"
address = "[::]:443"
[clusters]
[clusters.http]
protocol = "http"
frontends = [
{ address = "[::]:80", hostname = "subdomain.domain.tld" },
]
backends = [
{ address = "[::1]:8080" },
]
[clusters.https]
protocol = "http"
frontends = [
{ address = "[::]:443", hostname = "subdomain.domain.tld", certificate = "cert.pem", key = "privkey.pem", certificate_chain = "chain.pem" },
]
backends = [
{ address = "[::1]:8443" },
]
...does permit sozu to start successfully. So the documentation does not make clear what "https" listener needs, and the error log assumes that the user will have this knowledge.
# Proxy HTTP
[[listeners]]
protocol = "http"
address = "[::]:80"
# Proxy HTTPS
[[listeners]]
protocol = "https"
address = "[::]:443"
certificate = "cert.pem"
key = "privkey.pem"
certificate_chain = "chain.pem"
[clusters]
[clusters.http]
protocol = "http"
frontends = [
{ address = "[::]:80", hostname = "subdomain.domain.tld" },
]
backends = [
{ address = "[::1]:8080" },
]
[clusters.https]
protocol = "http"
frontends = [
{ address = "[::]:443", hostname = "subdomain.domain.tld" },
]
backends = [
{ address = "[::1]:8443" },
]
The above variation is also valid. It is explained piecemeal in the documentation. The documentation should be clearer that https listeners must have certain conditions met (the presence of configured certificate data?) from either the https listener configuration itself or any of the http frontends individually to be valid with any given http protocol frontend.
Briefly the same config pattern that works with http protocol listener fails sozu from running when it is instead with https:
The above fails sozu from running:
But why? It is unclear from log output and https://github.com/sozu-proxy/sozu/blob/main/bin/config.toml if I am missing some required parameter:
...does permit sozu to start successfully. So the documentation does not make clear what "https" listener needs, and the error log assumes that the user will have this knowledge.
The above variation is also valid. It is explained piecemeal in the documentation. The documentation should be clearer that https listeners must have certain conditions met (the presence of configured certificate data?) from either the https listener configuration itself or any of the http frontends individually to be valid with any given http protocol frontend.