I am using outboundTrafficPolicy.mode ALLOW_ANY global option in Istio but any HTTPS requests are failing with a server certificate error:
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.execute-api.<my-region>.amazonaws.com
* start date: Jul 22 00:00:00 2021 GMT
* expire date: Aug 20 23:59:59 2022 GMT
* subjectAltName does not match www.google.com
* SSL: no alternative certificate subject name matches target host name 'www.google.com'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.google.com'
More details here: https://curl.se/docs/sslcerts.html
Shouldn't it bypass all outbound traffic HTTP or HTTPS? Is there another configuration I'm missing here?
PS: I am using Istio with ingress-nginx with the traffic.sidecar.istio.io/includeInboundPorts: "" annotation, which bypasses envoy in the cluster's entrance. The test was made in another pod inside the service mesh.
Istio configuration: istioctl install --set profile=minimal --set meshConfig.outboundTrafficPolicy.mode=ALLOW_ANY --set meshConfig.enableTracing=true --set revision=canary
Ingress-Nginx configuration:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx-4
labels:
app.kubernetes.io/component: controller
annotations:
ingressclass.kubernetes.io/is-default-class: 'false'
spec:
controller: "k8s.io/ingress-nginx"
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx-4
labels:
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
istio.io/rev: canary
---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx-4
automountServiceAccountToken: true
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx-4
data:
proxy-real-ip-cidr: <my_cluster_range>
use-forwarded-headers: "true"
enable-real-ip: "false"
use-proxy-protocol: "false"
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx-4
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx-4
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx-4
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx-4
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx-4
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
app: ingress-nginx-4
name: ingress-nginx-controller-admission
namespace: ingress-nginx-4
spec:
type: ClusterIP
ports:
- name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/component: controller
app: ingress-nginx-4
---
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
app: ingress-nginx-4
service: ingress-nginx-4
name: ingress-nginx-controller
namespace: ingress-nginx-4
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
nodePort: 30008
protocol: TCP
targetPort: http
- name: https
port: 443
nodePort: 30009
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/component: controller
app: ingress-nginx-4
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
app: ingress-nginx-4
version: v1
name: ingress-nginx-controller-2
namespace: ingress-nginx-4
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/component: controller
app: ingress-nginx-4
version: v1
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
sidecar.istio.io/inject: "true"
traffic.sidecar.istio.io/includeInboundPorts: ""
labels:
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/component: controller
app: ingress-nginx-4
version: v1
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: k8s.gcr.io/ingress-nginx/controller:v0.46.0#sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx-4
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 80
protocol: TCP
- name: tohttps
containerPort: 2443
protocol: TCP
- name: webhook
containerPort: 8443
protocol: TCP
volumeMounts:
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
resources:
requests:
cpu: 100m
memory: 90Mi
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission-4
webhooks:
- name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- ingresses
failurePolicy: Fail
sideEffects: None
admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
namespace: ingress-nginx-4
name: ingress-nginx-controller-admission
path: /networking/v1beta1/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx-4
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx-admission-4
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx-4
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx-4
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-nginx-admission
annotations:
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx-4
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx-4
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-create
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx-4
spec:
template:
metadata:
name: ingress-nginx-admission-create
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: create
image: docker.io/jettech/kube-webhook-certgen:v1.5.1
imagePullPolicy: IfNotPresent
args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-patch
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
namespace: ingress-nginx-4
spec:
template:
metadata:
name: ingress-nginx-admission-patch
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx-4
app.kubernetes.io/instance: ingress-nginx-4
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: patch
image: docker.io/jettech/kube-webhook-certgen:v1.5.1
imagePullPolicy: IfNotPresent
args:
- patch
- --webhook-name=ingress-nginx-admission-4
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
The problem was caused by what probably is a bug on Istio: services on the Kubernetes cluster that had 443 ports (https) and didn't contain a port name as "https" seemed to be getting in the way of external https requests.
To solve the issue I just identified these services using the istioctl proxy-config routes <my-pod> --name 443 -o json command and added the "https" port name.
I also deleted a ServiceEntry from a previous Istio version that was also impacting routing.
Istio issue comment that helped me identify the problem: https://github.com/istio/istio/issues/14264#issuecomment-496774533
Related
How do I add OAuth2 into swagger jsdoc security? here is my current code it was modify from bearer auth but after trying to use oauth2 it nolonger works and says "oktaAuth HTTP authentication: unsupported scheme 'oauth2'
".
if possible I would want to use okta after implementing oauth2
private initializeSwagger() {
const options = {
swaggerDefinition: {
openapi: '3.0.1',
basePath: '/',
info: {
title: 'REST API',
version: '1.0.0',
description: '',
license: {
name: '',
url: '',
},
},
servers: [
{
url: 'http://localhost:8080',
description: 'Development server',
},
],
components: {
securitySchemes: {
oktaAuth: {
type: 'http',
scheme: 'oauth2',
bearerFormat: 'JWT',
},
},
},
security: [
{
oktaAuth: [],
},
],
},
apis: ['./src/docs/**/*.yaml'],
};
I have followed the meta tag guidelines for my application and used the Facebook, LinkedIn & Twitter validators but its not working as expected.
Facebook is showing the correct tags but throwing the warning The 'og:image' property should be explicitly provided, even if a value can be inferred from other tags.
LinkedIn is not reading the og:image or og:type correctly.
Twitter is not showing the twitter:image.
Is there a problem within my code or maybe an error on the validator scraping the site?
meta: [
{ charset: 'utf-8' },
{ name: 'viewport', content: 'width=device-width, initial-scale=1' },
{ name: 'format-detection', content: 'telephone=no' },
{ name: 'msapplication-TileColor', content: "#da532c" },
{ name: 'theme-color', content: "#0a192f" },
{
hid: 'og:title',
name: 'og:title',
content: 'Thomas Bell - Developer',
},
{
hid: 'description',
name: 'description',
content:
'A self taught developer who loves to code and problem solve. I have a passion for learning and building useful tools to help people while promoting conservation for the planet. Check out my portfolio and get in touch!',
},
{
hid: 'og:description',
name: 'og:description',
content:
'A self taught developer who loves to code and problem solve. I have a passion for learning and building useful tools to help people while promoting conservation for the planet. Check out my portfolio and get in touch!',
},
{
hid: 'og:url',
name: 'og:url',
content: 'https://thomasbell.dev/',
},
{ hid: 'og:locale', name: 'og:locale', content: 'en_US' },
{ hid: 'og:type', name: 'og:type', content: 'website' },
{
hid: 'og:site_name',
name: 'og:site_name',
content: 'Thomas Bell - Web Developer',
},
{
hid: 'og:image',
name: 'og:image',
itemprop: 'image',
content: 'https://thomasbell.dev/images/portfolio.png',
},
{ hid: "og:image:width", name: "og:image:width", content: "1200" },
{ hid: "og:image:height", name: "og:image:height", content: "630" },
{
hid: 'twitter:card',
name: 'twitter:card',
content: 'summary_large_image',
},
{
hid: 'twitter:description',
name: 'twitter:description',
content:
'A self taught developer who loves to code and problem solve. I have a passion for learning and building useful tools to help people while promoting conservation for the planet. Check out my portfolio and get in touch!',
},
{
hid: 'twitter:title',
name: 'twitter:title',
title: 'Thomas Bell - Developer',
},
{
hid: 'twitter:image',
name: 'twitter:image',
content: 'https://thomasbell.dev/images/portfolio.png',
},
{
hid: 'twitter:site',
name: 'twitter:site',
content: '#tombell_95',
},
{
hid: "twitter:creator",
name: "twitter:creator",
content: "#tombell_95",
},
],
I have had some trouble using socket.io client in Nuxt. When i create a socket.io client instance, multiple connections are created. I'm working with vue-socket.io, I had no problems until I needed to add options and create a socket.io client instance. I have tried other libraries and had the same problems.
I have it written in a plugin and import it into my nuxt.config
import Vue from 'vue'
import VueSocketIO from 'vue-socket.io'
import SocketIO from 'socket.io-client'
const options = {
transport: ["polling", "websocket"],
transportOptions: {
polling: {
extraHeaders: {
Authorization: '', //'Bearer h93t4293t49jt34j9rferek...'
}
}
} };
//This code working
// export default function () {
// Vue.use(new VueSocketIO({
// debug: false,
// connection: 'http://localhost:3001',
// }))
// }
//This code not Working
export default function () {
Vue.use(new VueSocketIO({
debug: false,
connection: SocketIO('http://localhost:3001', options),
}))
}
This shows the console. The problem is not the back, I tried with public sockets and I also have problems
[Nest] 4796 - 25/06/2021 11:30:28 a. m. [MessageGateway] Client connected: A6TOQpVNSI_b-d5sAAAJ
[Nest] 4796 - 25/06/2021 11:30:29 a. m. [MessageGateway] Client connected: 7FZyW_K9VtgI3_p1AAAK
[Nest] 4796 - 25/06/2021 11:30:31 a. m. [MessageGateway] Client connected: TN1hvjkkEN5vC7xEAAAL
[Nest] 4796 - 25/06/2021 11:30:36 a. m. [MessageGateway] Client connected: X8HUyvr3iJtWvPY7AAAM
[Nest] 4796 - 25/06/2021 11:30:41 a. m. [MessageGateway] Client connected: MniYR9ketxpmUWBZAAAN
nuxt.config
plugins: [
{ src: '#/plugins/apexchart.plugin.client.ts', mode: 'client', ssr: false },
{ src: '#/plugins/element-ui.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/vue-cryptoicon.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/v-calendar.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/api.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/dashboard.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/coins.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/wallets.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/accounting.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/deposits.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/investments.plugin.client.ts', mode: 'client', ssr: false},
{ src: '#/plugins/investments.plugin.client.ts', mode: 'client', ssr: false},
{ src: '~/plugins/socket.client.ts'},
],
I don't understand why my app has meta robots set to noindex when I'm in production mode only ??
Here is my nuxt.config
import i18n from './config/i18n'
export default {
head: {
meta: [
{ charset: 'utf-8' },
{ name: 'viewport', content: 'width=device-width, initial-scale=1' },
{ hid: 'description', name: 'description', content: '' },
{ hid: 'robots', name: 'robots', content: 'index, follow' }
],
},
buildModules: ['nuxt-lazysizes',
[
'nuxt-i18n',
{
strategy: 'prefix_except_default',
defaultLocale: 'en',
seo: true,
baseUrl: envBaseUrl,
locales: [
{
code: 'en',
name: 'English',
iso: 'en-GB'
},
{
code: 'fr',
name: 'Français',
iso: 'fr-FR'
}
],
vueI18n: i18n
}
]
],
env: {
baseUrl: envBaseUrlAdmin
},
}
I even set the meta in the layout /default.vue just in case, but still the same.
This is driving me insane !!
It's perfectly fine in dev mode. Why would any one want production with no index and dev or staging with it ? This is absurd.
head () {
return {
meta: [{ hid: 'robots', name: 'robots', content: 'index, follow' }],
}
}
Ok, it was a conflict with my Yoast plugin. Haven't found why it was only doing this in prod, and not in dev, but it's fine now. Sorry for the dumb question.
I am having a problem get mediasoup_v3_example working.
I have created a remote server and deploy the code. From the terminal everything looks fine and I can see the clients connecting. I can load up the "html" pages and start the media, I'm able to hit publish but whenever people subscribed they only received an empty box.
Im testing with A Ubuntu laptop, a Macbook and an Android phone.
Here is the output from only trying to run the broadcast example
$ node mediasoup_v3_broadcast.js
socket.io server start. port=443
Web server start. https://178.128.128.151:443/
client connected. socket id=4LBBs9SvfrcviWiwAAAA , total clients=1
-- mediasoup worker start. --
client connected. socket id=9qXXNU8yctWouTFGAAAB , total clients=2
getRouterRtpCapabilities: {
codecs: [
{
kind: 'audio',
mimeType: 'audio/opus',
clockRate: 48000,
channels: 2,
preferredPayloadType: 100,
parameters: {},
rtcpFeedback: []
},
{
kind: 'video',
mimeType: 'video/VP8',
clockRate: 90000,
rtcpFeedback: [Array],
preferredPayloadType: 101,
parameters: [Object]
},
{
kind: 'video',
mimeType: 'video/rtx',
preferredPayloadType: 102,
clockRate: 90000,
rtcpFeedback: [],
parameters: [Object]
}
],
headerExtensions: [
{
kind: 'audio',
uri: 'urn:ietf:params:rtp-hdrext:sdes:mid',
preferredId: 1,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:sdes:mid',
preferredId: 1,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id',
preferredId: 2,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:sdes:repaired-rtp-stream-id',
preferredId: 3,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'audio',
uri: 'http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time',
preferredId: 4,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time',
preferredId: 4,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'audio',
uri: 'http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01',
preferredId: 5,
preferredEncrypt: false,
direction: 'inactive'
},
{
kind: 'video',
uri: 'http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01',
preferredId: 5,
preferredEncrypt: false,
direction: 'inactive'
},
{
kind: 'video',
uri: 'http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07',
preferredId: 6,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:framemarking',
preferredId: 7,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'audio',
uri: 'urn:ietf:params:rtp-hdrext:ssrc-audio-level',
preferredId: 10,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'urn:3gpp:video-orientation',
preferredId: 11,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:toffset',
preferredId: 12,
preferredEncrypt: false,
direction: 'sendrecv'
}
],
fecMechanisms: []
}
-- createProducerTransport ---
-- create transport id=ceefb300-f62f-4c81-8420-a3ed26f4368f
-- produce --- kind= video
--broadcast newProducer -- kind= video
-- produce --- kind= audio
--broadcast newProducer -- kind= audio
client connected. socket id=IQUc9QQR6WNRghJFAAAC , total clients=3
getRouterRtpCapabilities: {
codecs: [
{
kind: 'audio',
mimeType: 'audio/opus',
clockRate: 48000,
channels: 2,
preferredPayloadType: 100,
parameters: {},
rtcpFeedback: []
},
{
kind: 'video',
mimeType: 'video/VP8',
clockRate: 90000,
rtcpFeedback: [Array],
preferredPayloadType: 101,
parameters: [Object]
},
{
kind: 'video',
mimeType: 'video/rtx',
preferredPayloadType: 102,
clockRate: 90000,
rtcpFeedback: [],
parameters: [Object]
}
],
headerExtensions: [
{
kind: 'audio',
uri: 'urn:ietf:params:rtp-hdrext:sdes:mid',
preferredId: 1,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:sdes:mid',
preferredId: 1,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id',
preferredId: 2,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:sdes:repaired-rtp-stream-id',
preferredId: 3,
preferredEncrypt: false,
direction: 'recvonly'
},
{
kind: 'audio',
uri: 'http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time',
preferredId: 4,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time',
preferredId: 4,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'audio',
uri: 'http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01',
preferredId: 5,
preferredEncrypt: false,
direction: 'inactive'
},
{
kind: 'video',
uri: 'http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01',
preferredId: 5,
preferredEncrypt: false,
direction: 'inactive'
},
{
kind: 'video',
uri: 'http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07',
preferredId: 6,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:framemarking',
preferredId: 7,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'audio',
uri: 'urn:ietf:params:rtp-hdrext:ssrc-audio-level',
preferredId: 10,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'urn:3gpp:video-orientation',
preferredId: 11,
preferredEncrypt: false,
direction: 'sendrecv'
},
{
kind: 'video',
uri: 'urn:ietf:params:rtp-hdrext:toffset',
preferredId: 12,
preferredEncrypt: false,
direction: 'sendrecv'
}
],
fecMechanisms: []
}
-- createConsumerTransport ---
-- create transport id=0b864841-16bf-41dd-b2e5-d18c1798a167
consumerTransports count=1
-- consume --kind=video
videoConsumers count=1
-- consumer ready ---
-- connectConsumerTransport ---
-- resume -- kind=video
-- consume --kind=audio
audioConsumers count=1
-- consumer ready ---
Here is the client console
=== ready ===
subscribe.html:65 socket.io connected()
subscribe.html:75 socket.io message: {type: "welcome", id: "G2flbGkugzd7U6CJAAAH"}
subscribe.html:82 connected to server. clientId=G2flbGkugzd7U6CJAAAH
subscribe.html:265 getRouterRtpCapabilities: {codecs: Array(3), headerExtensions: Array(13), fecMechanisms: Array(0)}
subscribe.html:272 --- createConsumerTransport --
subscribe.html:274 transport params: {id: "f059ade3-782b-4025-864b-9ffce694634b", iceParameters: {…}, iceCandidates: Array(2), dtlsParameters: {…}}
subscribe.html:276 createConsumerTransport: Transport {_events: {…}, _eventsCount: 0, _maxListeners: Infinity, _logger: Logger, _id: "f059ade3-782b-4025-864b-9ffce694634b", …}
subscribe.html:383 --start of consume --kind=video
subscribe.html:290 --consumer trasnport connect
subscribe.html:301 subscribing...
subscribe.html:411 --end of consume
subscribe.html:327 -- track exist, consumer ready. kind=video
subscribe.html:330 -- resume kind=video
subscribe.html:383 --start of consume --kind=audio
subscribe.html:333 resume OK
subscribe.html:411 --end of consume
subscribe.html:327 -- track exist, consumer ready. kind=audio
subscribe.html:342 -- do not resume kind=audio
subscribe.html:309 failed
I have also changed the top of the server file to
const fs = require('fs');
let serverOptions = {
hostName: "178.128.128.151",
listenPort: 443,
useHttps: true,
httpsKeyFile:"../MyKeyFile",
httpsCertFile:"../MyCertFile",
};
let sslOptions = {};
if (serverOptions.useHttps) {
sslOptions.key = fs.readFileSync(serverOptions.httpsKeyFile).toString();
sslOptions.cert = fs.readFileSync(serverOptions.httpsCertFile).toString();
}
Thanks for any help/ideas