Overview
I built and deployed an dockerized springboot application on 3 server machines A,B and C (read containers) and exposed application on port 8080.
But unable to access via url (Netscaler SSL connectivity to servers at port 8080 is failing.) However if I turn off SSL in Netscaler, I am able to connect
Setup
a) I got 3 SSL certificates for 3 servers. My Frontend docker file is below
FROM 10.16.193.141:9000/iis_proxy
ADD 'certs\' 'C:\certs\'
RUN powershell -NoProfile -Command \
$SecurePassword = ConvertTo-SecureString "SomerandomStringPassword" -AsPlainText -Force; \
Import-PfxCertificate -FilePath 'C:\certs\AppServerrnch01.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword; \
Import-PfxCertificate -FilePath 'C:\certs\AppServerrnch02.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword; \
Import-PfxCertificate -FilePath 'C:\certs\AppServerrnch03.pfx' -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword; \
Import-Module "WebAdministration"; \
New-Item IIS:\Sites\MyAPP-bindings @{protocol='https';bindingInformation='*:8080:AppServerrnch01.mydomain.name';SslFlags=1} -PhysicalPath C:\site; \
New-WebBinding -Name "MyAPP" -Protocol https -HostHeader AppServerrnch02.mydomain.name -Port 8080 -SslFlags 1; \
New-WebBinding -Name "MyAPP" -Protocol https -HostHeader AppServerrnch03.mydomain.name -Port 8080 -SslFlags 1; \
New-Item -Path "IIS:\SslBindings\*!8080!AppServerrnch01.mydomain.name" -Thumbprint 1F300EC569B3448EE15A54DBCD54647AF8294682 -SslFlags 1; \
New-Item -Path "IIS:\SslBindings\*!8080!AppServerrnch02.mydomain.name" -Thumbprint EAC1CD3520F9810DB30CB2E312E197C637D26253 -SslFlags 1; \
New-Item -Path "IIS:\SslBindings\*!8080!AppServerrnch03.mydomain.name" -Thumbprint 0C7888C0617815997DB6F9DA9E9A03E5921E3BAD -SslFlags 1; \
New-Item C:\site\MyAPP-type directory
COPY MyAPP/ 'C:\site\MyAPP'
RUN powershell -NoProfile -Command \
Start-Job -Name AddWebConfig -ScriptBlock { \
Add-WebConfigurationProperty -pspath 'iis:\sites\MyAPP' -filter 'system.webServer/rewrite/rules' -name '.' -value @{name='Proxy';stopProcessing='True'}; \
}; \
Wait-Job -Name AddWebConfig; \
Set-WebConfigurationProperty -pspath 'iis:\sites\MyAPP' -filter 'system.webServer/rewrite/rules/rule/match' -name 'url' -value '^^MyAPP/api/(.*)'; \
Set-WebConfigurationProperty -pspath 'iis:\sites\MyAPP' -filter 'system.webServer/rewrite/rules/rule/action' -name 'type' -value 'Rewrite'; \
Set-WebConfigurationProperty -pspath 'iis:\sites\MyAPP' -filter 'system.webServer/rewrite/rules/rule/action' -name 'url' -value 'https://lbit.mydomain.name/{R:1}'
EXPOSE 8080
CMD [ "powershell" ]
I built this docker file, deploy and exposed on port 8080.
When I try to access via Netscaler, I am getting error HTTP/1.1 503 Service Unavailable. But if I try to access the application using server A:8080/app, then it works fine.
Now when i went to network team, they did a quick check and told me
"Netscaler is reporting that it can’t contact the appserver* servers on port 8080.When I switch from an SSL monitor to a TCP monitor, it connects. If SSL is enabled, then maybe it is an issue with the configured Ciphers."
I checked the SSL certificates, Ciphers and everything seems to be correct. I am stuck now.
Update 1
I asked network team to turn off SSL in Netscaler and then I can navigate to the application using URL.
So it is confirmed somewhere there is error on SSL handshake. I assume if certificate is corrupted or if I had given wrong password, then I won't get this "certificate is valid message" when I navigate to application using servername:8080/Myapp.
Any idea or anyone experienced this issue before?
Thanks in advance.
