How to Deploy Solace on AWS EKS with SSL/TLS Using Network Load Balancer (NLB)

jayMehta
jayMehta Member Posts: 9 ✭✭
in PubSub+ Event Broker #1

Hello Solace Team,

I have deployed Solace PubSub+ Cloud in my AWS EKS cluster, following the Solace documentation for deployment. I successfully set up Solace with a Network Load Balancer (NLB) as per the instructions. After the deployment, I was able to log into the Solace console and use the "Try Me" section, where I successfully connected to port 8008.

Next, I configured the ACM certificate in the Solace setup file and redeployed Solace. The deployment was successful, but when I tried to use the "Try Me" section again, I encountered a connection timeout error.

Could you please advise on how to resolve this connection timeout issue and the correct steps to use the ACM certificate for SSL/TLS configuration?

Thank you.

@giri

Comments

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 634 admin
    edited October 16 #2

    Are you still connecting to the unencrypted port? 8008 is for unencrypted. 1443 is the (default) SMF WebSockets Secure port. You might want to check out this list: https://docs.solace.com/Admin/Default-Port-Numbers.htm#Software

    Also, you can check the broker's "Service" tab, to see if the ports are open, and up, and operational.

    image.png

    Hmmm, it doesn't appear to show operational status, you might have to login to CLI and do show service to see this.

                                                  Status
Service    TP  S C R VRF   MsgVpn          Port  A O Failed Reason
---------- --- ----- ----- --------------- ----- --- --------------------------
SEMP       TCP N - - Mgmt                   8080 U U
SEMP       TCP Y - - Mgmt                   1943 U D No Cert
SMF        TCP N N N Mgmt                  55555 U U
SMF        TCP N Y N Mgmt                  55003 U U
SMF        TCP N N Y Mgmt                  55556 U D
SMF        TCP Y N N Mgmt                  55443 U D No Cert
SMF        WEB N - - Mgmt                   8008 U U
SMF        WEB Y - - Mgmt                   1443 U D No Cert   <-- my local broker, "D" == down
...

  • jayMehta
    jayMehta Member Posts: 9 ✭✭
    edited November 4 #3

    Hello @Aaron ,

    Thanks for your response. I checked my configuration, and it's aligned with the settings you mentioned.

    After adding the SSL certificate in the Kubernetes secret and updating my Solace YAML configuration accordingly, I encountered a new error. "The plain HTTP request was sent to HTTPS port".

    I've attached a screenshot of the YAML file I’m currently using to deploy Solace in my EKS cluster for your reference.

    Screenshot from 2024-11-04 17-28-26.png
    Screenshot from 2024-11-04 17-11-27.png

Categories

This Month's Leaders

This Week's Leaders