Closed
Description
Describe the bug
TLS termination doesn't work
To Reproduce
- Deploy https://github.com/nginxinc/nginx-kubernetes-gateway/tree/main/examples/https-termination example
- Check NGINX logs:
kubectl -n nginx-gateway logs nginx-gateway-7467544c5b-kbf2v -c nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/06/05 20:42:59 [notice] 40#40: using the "epoll" event method
2023/06/05 20:42:59 [notice] 40#40: nginx/1.25.0
2023/06/05 20:42:59 [notice] 40#40: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/06/05 20:42:59 [notice] 40#40: OS: Linux 5.15.49-linuxkit-pr
2023/06/05 20:42:59 [notice] 40#40: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/06/05 20:42:59 [notice] 40#40: start worker processes
2023/06/05 20:42:59 [notice] 40#40: start worker process 65
2023/06/05 20:43:35 [notice] 40#40: signal 1 (SIGHUP) received from 21, reconfiguring
2023/06/05 20:43:35 [notice] 40#40: reconfiguring
2023/06/05 20:43:35 [emerg] 40#40: cannot load certificate "/etc/nginx/secrets/default_cafe-secret": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/nginx/secrets/default_cafe-secret','r') error:2006D002:BIO routines:BIO_new_file:system lib)
(NGINX failed to reload)
Expected behavior
- The example should have worked - NGINX should have succeeded to reload
Your environment
- Edge version of NKG aaf5af4
May be related to limiting permissions here:
8a19254