Ad Widget

Collapse

cannot establish TLS SSL_connect() timed out

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • pumboss
    Junior Member
    • Dec 2024
    • 3
    #1

    cannot establish TLS SSL_connect() timed out

    Hello!
    I started to change zabbix proxies to docker containers and get unknown error
    Code:
    211:20241216:120011.639 Unable to connect to [zabbix]:10051 [TCP successful, cannot establish TLS to [[zabbix]:10051]: SSL_connect() timed out]
   211:20241216:120011.639 Will try to reconnect every 1 second(s)
   211:20241216:120038.212 Connection restored.
    These errors could be repeated 3-10 times per hour, jitter between connection restore is 0.3-15 sec.
    Its only trouble and proxies works good
    Options to start container:
    zabbix/zabbix-proxy-mysqll-6.0-latest (i tried ubuntu and alpine with same result)
    Code:
              ZBX_TIMEOUTE: "20"
          ZBX_TLSACCEPT: "psk"
          ZBX_TLSCONNECT: "psk"
          ZBX_TLSPSKFILE: "/etc/zabbix/zabbix_proxy.psk"
          ZBX_TLSPSKIDENTITY: "{{ proxy_name }}"
          ZBX_CACHESIZE: "256M"
          ZBX_STARTPOLLERS: "25"​
    With same options regular zabbix_proxy works without this errors (same network, same addresses)
    Tags: None
    • Brambo
      Senior Member
      • Jul 2023
      • 245
      #2
      I looks like docker values you posted.
      Looking at a local example the
      Code:
      ZBX_TLSPSKFILE=/etc/zabbix/zabbix_proxy.psk
ZBX_TLSPSKIDENTITY=your-configured-identity-without-quotes
      We don't have any quotes and have env-var=value
      See example here https://hub.docker.com/r/zabbix/zabbix-proxy-sqlite3

        Comment

        • pumboss
          Junior Member
          • Dec 2024
          • 3
          #3
          Originally posted by Brambo
          I looks like docker values you posted.
          This quotas only in docker runner
          Here's actual config from zabbix-proxy container
          Code:
          cat /etc/zabbix/zabbix_proxy.conf |grep -v "^#" | grep -v "^$"
Server=zabbix.tprogress.local
Hostname=Zabbix-Proxy-PP
LogType=console
DBHost=Zabbix-Proxy-PP-mysql
DBName=zabbix_proxy
DBUser=root
DBPassword=HereSomePassword
DBPort=3306
StartPollers=25
CacheSize=256M
ExternalScripts=/usr/lib/zabbix/externalscripts
FpingLocation=/usr/sbin/fping
SSHKeyLocation=/var/lib/zabbix/ssh_keys
User=zabbix
SSLCertLocation=/var/lib/zabbix/ssl/certs/
SSLKeyLocation=/var/lib/zabbix/ssl/keys/
SSLCALocation=/var/lib/zabbix/ssl/ssl_ca/
LoadModulePath=/var/lib/zabbix/modules/
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=Zabbix-Proxy-PP
TLSPSKFile=/etc/zabbix/zabbix_proxy.psk
          Any suggestion about [TCP successful, cannot establish TLS SSL_connect() timed out] ?

            Comment

            • Brambo
              Senior Member
              • Jul 2023
              • 245
              #4
              The PSK should be a HEX string of max 512 Chars and should match with the PSK value you have setup in with zabbix frontend.
              When you have PSK mismatch you can get a similar error messages

                Comment

                • pumboss
                  Junior Member
                  • Dec 2024
                  • 3
                  #5
                  Originally posted by Brambo
                  The PSK should be a HEX string of max 512 Chars and should match with the PSK value you have setup in with zabbix frontend.
                  When you have PSK mismatch you can get a similar error messages
                  Yes, its popular mistake but i use only 24 hex symbols. Once again - proxy works - it connected with server but log full of this error, but it doesnt affect work

                    Comment

                    Previous template Next
                    Working...