mirror of
https://github.com/juanfont/headscale.git
synced 2026-01-11 20:00:28 +01:00
CertManager's 10s TLS handshake error EOF #487
Closed
opened 2025-12-29 02:18:59 +01:00 by adam
·
11 comments
No Branch/Tag Specified
main
update_flake_lock_action
gh-pages
kradalby/release-v0.27.2
dependabot/go_modules/golang.org/x/crypto-0.45.0
dependabot/go_modules/github.com/opencontainers/runc-1.3.3
copilot/investigate-headscale-issue-2788
copilot/investigate-visibility-issue-2788
copilot/investigate-issue-2833
copilot/debug-issue-2846
copilot/fix-issue-2847
dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
dependabot/go_modules/github.com/docker/docker-28.3.3incompatible
kradalby/cli-experiement3
doc/0.26.1
doc/0.25.1
doc/0.25.0
doc/0.24.3
doc/0.24.2
doc/0.24.1
doc/0.24.0
kradalby/build-docker-on-pr
topic/docu-versioning
topic/docker-kos
juanfont/fix-crash-node-id
juanfont/better-disclaimer
update-contributors
topic/prettier
revert-1893-add-test-stage-to-docs
add-test-stage-to-docs
remove-node-check-interval
fix-empty-prefix
fix-ephemeral-reusable
bug_report-debuginfo
autogroups
logs-to-stderr
revert-1414-topic/fix_unix_socket
rename-machine-node
port-embedded-derp-tests-v2
port-derp-tests
duplicate-word-linter
update-tailscale-1.36
warn-against-apache
ko-fi-link
more-acl-tests
fix-typo-standalone
parallel-nolint
tparallel-fix
rerouting
ssh-changelog-docs
oidc-cleanup
web-auth-flow-tests
kradalby-gh-runner
fix-proto-lint
remove-funding-links
go-1.19
enable-1.30-in-tests
0.16.x
cosmetic-changes-integration
tmp-fix-integration-docker
fix-integration-docker
configurable-update-interval
show-nodes-online
hs2021
acl-syntax-fixes
ts2021-implementation
fix-spurious-updates
unstable-integration-tests
mandatory-stun
embedded-derp
prtemplate-fix
v0.28.0-beta.1
v0.27.2-rc.1
v0.27.1
v0.27.0
v0.27.0-beta.2
v0.27.0-beta.1
v0.26.1
v0.26.0
v0.26.0-beta.2
v0.26.0-beta.1
v0.25.1
v0.25.0
v0.25.0-beta.2
v0.24.3
v0.25.0-beta.1
v0.24.2
v0.24.1
v0.24.0
v0.24.0-beta.2
v0.24.0-beta.1
v0.23.0
v0.23.0-rc.1
v0.23.0-beta.5
v0.23.0-beta.4
v0.23.0-beta3
v0.23.0-beta2
v0.23.0-beta1
v0.23.0-alpha12
v0.23.0-alpha11
v0.23.0-alpha10
v0.23.0-alpha9
v0.23.0-alpha8
v0.23.0-alpha7
v0.23.0-alpha6
v0.23.0-alpha5
v0.23.0-alpha4
v0.23.0-alpha4-docker-ko-test9
v0.23.0-alpha4-docker-ko-test8
v0.23.0-alpha4-docker-ko-test7
v0.23.0-alpha4-docker-ko-test6
v0.23.0-alpha4-docker-ko-test5
v0.23.0-alpha-docker-release-test-debug2
v0.23.0-alpha-docker-release-test-debug
v0.23.0-alpha4-docker-ko-test4
v0.23.0-alpha4-docker-ko-test3
v0.23.0-alpha4-docker-ko-test2
v0.23.0-alpha4-docker-ko-test
v0.23.0-alpha3
v0.23.0-alpha2
v0.23.0-alpha1
v0.22.3
v0.22.2
v0.23.0-alpha-docker-release-test
v0.22.1
v0.22.0
v0.22.0-alpha3
v0.22.0-alpha2
v0.22.0-alpha1
v0.22.0-nfpmtest
v0.21.0
v0.20.0
v0.19.0
v0.19.0-beta2
v0.19.0-beta1
v0.18.0
v0.18.0-beta4
v0.18.0-beta3
v0.18.0-beta2
v0.18.0-beta1
v0.17.1
v0.17.0
v0.17.0-beta5
v0.17.0-beta4
v0.17.0-beta3
v0.17.0-beta2
v0.17.0-beta1
v0.17.0-alpha4
v0.17.0-alpha3
v0.17.0-alpha2
v0.17.0-alpha1
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.16.0-beta7
v0.16.0-beta6
v0.16.0-beta5
v0.16.0-beta4
v0.16.0-beta3
v0.16.0-beta2
v0.16.0-beta1
v0.15.0
v0.15.0-beta6
v0.15.0-beta5
v0.15.0-beta4
v0.15.0-beta3
v0.15.0-beta2
v0.15.0-beta1
v0.14.0
v0.14.0-beta2
v0.14.0-beta1
v0.13.0
v0.13.0-beta3
v0.13.0-beta2
v0.13.0-beta1
upstream/v0.12.4
v0.12.4
v0.12.3
v0.12.2
v0.12.2-beta1
v0.12.1
v0.12.0-beta2
v0.12.0-beta1
v0.11.0
v0.10.8
v0.10.7
v0.10.6
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.1
v0.7.0
v0.6.1
v0.6.0
v0.5.2
v0.5.1
v0.5.0
v0.4.0
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.2
v0.2.1
v0.2.0
v0.1.1
v0.1.0
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: starred/headscale#487
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ventsislav-georgiev on GitHub (Apr 28, 2023).
Version: 0.22.1
Usage: Kubernetes
When using the LetsEncrypt auto certificate provisioning. There is a constant error in the logs.
Seems to be related to this issue: https://github.com/cert-manager/cert-manager/issues/4594
Is it expected or there is a way around it?
@loprima-l commented on GitHub (Apr 28, 2023):
Is the connection with 10.36.2.1 working well ? Have you tried that (https://github.com/cert-manager/cert-manager/issues/4594#issuecomment-997164924) ?
@ventsislav-georgiev commented on GitHub (Apr 28, 2023):
@loprima-l There is no such pod in the cluster. Isn't in headscale the certmanager server started internally in the same process?
As for the 10.36.2.1 connectivity. That is the default gateway and all our things work as expected.
I forgot to mention an important detail.. The logs above don't break any functionality. The SSL certificate is provisioned successfully and connections from tailscale clients work as expected. All is working, except it constantly logs this EOF error.
@loprima-l commented on GitHub (Apr 29, 2023):
Thanks for your reply I'm just starting on Headscale so TLS wasn't the first thing I checked. I will look at it when I've got the time as it's not a major outage.
@loprima-l commented on GitHub (May 1, 2023):
@ventsislav-georgiev Hi, have you created your instance based on the example directory ?
@ventsislav-georgiev commented on GitHub (May 1, 2023):
@loprima-l What do you mean exactly? I've deployed headscale to a Kubernetes cluster using a helm chart from gabe565 and the configuration used is based in the examples yes.
@loprima-l commented on GitHub (May 1, 2023):
The version of cert-manager in this file is responsible for the bug you've described I think, I'm not familiar with Kubernetes but maybe updating it would fix your issue, can you try it ?
@ventsislav-georgiev commented on GitHub (May 1, 2023):
Hmm.. I haven't deployed cert manager at all and I don't think it is part of the helm chart as I don't see any deployment in the cluster related to cert manager. That is why I think it is used internally by headscale.
@loprima-l commented on GitHub (May 1, 2023):
I can't find it in the dependencies ...
@juanfont any idea ?
@ventsislav-georgiev commented on GitHub (May 1, 2023):
@loprima-l it seems autocert is used. Here is the code: https://github.com/juanfont/headscale/blob/main/app.go#L843
The ref to certmanager issue I provided is matching the error message. I'm not sure if autocert and certmanager are related.
@github-actions[bot] commented on GitHub (Oct 29, 2023):
This issue is stale because it has been open for 180 days with no activity.
@github-actions[bot] commented on GitHub (Nov 12, 2023):
This issue was closed because it has been inactive for 14 days since being marked as stale.