我的 k8s pod 正在连接到某个 https 目标。此目标无法从我的本地计算机访问,因此我想使用kubectl proxy
+socat
使该目标在我的本地计算机上可用,以进行本地开发。
问题是我甚至无法让 socat 工作,而且我很困惑为什么。
首先我检查我的 pod 上的目标连接:
curl -v -k https://target/rest/
Trying 54.136.137.42:443...
* TCP_NODELAY set
[...]
{"message":"key header missing"}
此消息是来自的默认回复目标当一个人不提供身份验证信息时,一切都正常。
现在我使用本地端口为1234的socat:
socat tcp-listen:1234,reuseaddr,fork tcp:target:443
但是,当我现在尝试 curl 目标时,我只得到 404,就像 socat 从未启动一样。这样可以吗?我使用 socat 的方式错误吗?这与 TLS 有关吗?
HTTP:
curl -v -k http://localhost:1234/rest/
* Trying ::1:1234...
* TCP_NODELAY set
* connect to ::1 port 1234 failed: Connection refused
* Trying 127.0.0.1:1234...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 1234 (#0)
> GET /rest/ HTTP/1.1
> Host: localhost:1234
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Mon, 17 Jul 2023 07:49:05 GMT
< Content-Length: 19
< 404 page not found
* Connection #0 to host localhost left intact
HTTPS:
curl -v -k https://localhost:1234/rest/
* Trying ::1:1234...
* TCP_NODELAY set
* connect to ::1 port 1234 failed: Connection refused
* Trying 127.0.0.1:1234...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 1234 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=DE; ST=NRW; L=Munich; O=AG; CN=digital-int.app.intra.net
* start date: Dec 2 08:20:52 2021 GMT
* expire date: Dec 2 08:20:52 2023 GMT
* issuer: C=DE; O=AG; CN=Corp-Issuing-CA01-G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5997a85d52f0)
> GET /rest/ HTTP/2
> Host: localhost:1234
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 404
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
< content-length: 19
< date: Mon, 17 Jul 2023 11:40:36 GMT
<
404 page not found
* Connection #0 to host localhost left intact
答案1
看起来一切socat
如预期般顺利。您收到 404 错误,因为发送到的请求target
包含Host: localhost:1234
。您需要curl
按如下方式修改命令:
curl -v -k https://target/rest/ --connect-to target:443:127.0.0.1:1234