Adding a node to the cluster

Hi everyone,
I was trying to add a new node to the cluster, while the server is running teleport services, auth server is running on port 3025 and the server is listening to that port, I added a new node using the token and the CA-pin but still gives me an error:

(ERRO [PROC:1] “Node failed to establish connection to cluster: 404 page not found\n.” service/connect.go:65)

I tried changing the configuration of the auth server on another port, and still the same error occures.

Any help suggested!

Can you show a command you are using to add a new node? Thanks!

Thanks for your response. I used the following command as a root:

tctl nodes add

and the output was:

The invite token: 051aa8cfc5ebe8b660108fa14967fd40
This token will expire in 30 minutes

Run this on the new node to join the cluster:

> teleport start \
   --roles=node \
   --token=051aa8cfc5ebe8b660108fa14967fd40 \
   --ca-pin=sha256:45e6e512c42a370993aa6a28372f41027d970b037238d9b00fa3d1ae8d6daf28 \
   --auth-server=192.168.93.4:3025

Please note:

  - This invitation token will expire in 30 minutes
  - 192.168.93.4:3025 must be reachable from the new node

Of coarse the server was running:

[AUTH]    Auth service is starting on 0.0.0.0:3025.
[NODE]    Service is starting on 0.0.0.0:3022.
[PROXY]   Reverse tunnel service is starting on 0.0.0.0:3024.
[PROXY]   Web proxy service is starting on 0.0.0.0:3080.
[PROXY]   SSH proxy service is starting on 0.0.0.0:3023.

In the target node I entered the command:

teleport start --roles=node --token=051aa8cfc5ebe8b660108fa14967fd40 --ca-pin=sha256:45e6e512c42a370993aa6a28372f41027d970b037238d9b00fa3d1ae8d6daf28 --auth-server=192.168.93.4:3025

And got the error mentioned earlier in the thread:

(ERRO [PROC:1] “Node failed to establish connection to cluster: 404 page not found\n.” service/connect.go:65)

Thanks for your concern.

I have the same error
If I check curl -k https://localhost:3025 I get page not found.
teleport start:

INFO [AUTH]      Updating cluster configuration: StaticTokens([ProvisionToken(Token=cluster-join-token,Roles=Proxy,Node,Expires=never) ProvisionToken(Token=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,Roles=trusted_cluster,Expires=never)]). auth/init.go:243
INFO [AUTH]      Updating cluster configuration: AuthPreference(Type="local",SecondFactor="otp"). auth/init.go:252
INFO [AUTH]      Created namespace: "default". auth/init.go:259
INFO [AUTH]      Auth server is running periodic operations. auth/init.go:398
INFO [PROC:1]    Service auth is creating new listener on 0.0.0.0:3025. service/signals.go:218
INFO [AUTH:1]    Starting Auth service with PROXY protocol support. service/service.go:977
INFO [AUTH]      Auth service is starting on 0.0.0.0:3025. utils/cli.go:147
[AUTH]    Auth service is starting on 0.0.0.0:3025.
INFO [PROC]      Connecting to the cluster gauss with TLS client certificate. service/connect.go:59
INFO [PROC]      Connecting to the cluster gauss with TLS client certificate. service/connect.go:59
INFO [PROC:1]    Service proxy:web is creating new listener on 0.0.0.0:3080. service/signals.go:218
INFO [PROC:1]    Service proxy:tunnel is creating new listener on 0.0.0.0:3024. service/signals.go:218
INFO [PROC:1]    Service node is creating new listener on 0.0.0.0:3022. service/signals.go:218
INFO [NODE:1]    Service is starting on 0.0.0.0:3022 cache that will expire after connection to database is lost after 20h0m0s, will cache frequently accessed items for 2s. service/service.go:1261
INFO [NODE]      Service is starting on 0.0.0.0:3022. utils/cli.go:147
[NODE]    Service is starting on 0.0.0.0:3022.
INFO [PROXY]     Reverse tunnel service is starting on 0.0.0.0:3024. utils/cli.go:147
[PROXY]   Reverse tunnel service is starting on 0.0.0.0:3024.
INFO [PROXY:SER] Starting on 0.0.0.0:3024 using cache that will expire after connection to database is lost after 20h0m0s, will cache frequently accessed items for 2s service/service.go:1726
INFO [PROXY:SER] Using TLS cert /etc/letsencrypt/live/gauss.DOMAIN/fullchain.pem, key /etc/letsencrypt/live/gauss.DOMAIN/privkey.pem service/service.go:1777
INFO [PROC:1]    Service proxy:ssh is creating new listener on 0.0.0.0:3023. service/signals.go:218
INFO [AUDIT:1]   Creating directory /var/lib/teleport/log. service/service.go:1342
INFO [AUDIT:1]   Creating directory /var/lib/teleport/log/upload. service/service.go:1342
INFO [AUDIT:1]   Creating directory /var/lib/teleport/log/upload/sessions. service/service.go:1342
INFO [AUDIT:1]   Creating directory /var/lib/teleport/log/upload/sessions/default. service/service.go:1342
INFO [PROXY]     Web proxy service is starting on 0.0.0.0:3080. utils/cli.go:147
[PROXY]   Web proxy service is starting on 0.0.0.0:3080.
INFO [PROXY:SER] Web proxy service is starting on 0.0.0.0:3080. service/service.go:1789
INFO [PROXY]     SSH proxy service is starting on 0.0.0.0:3023. utils/cli.go:147
[PROXY]   SSH proxy service is starting on 0.0.0.0:3023.
INFO [PROXY:SER] SSH proxy service is starting on 0.0.0.0:3023 service/service.go:1830
INFO [PROC:1]    The new service has started successfully. Starting syncing rotation status with period 10s. service/connect.go:341
INFO [PROXY:AGE] Starting reverse tunnel agent pool. service/service.go:1841
2019/07/06 20:10:52 http: TLS handshake error from XXX.XXX.XXX.XXX:54658: remote error: tls: bad certificate

Could you both (@Otosamaa @Wikunia) please post:

  1. The output of teleport version
  2. The contents of your Teleport config file (/etc/teleport.yaml by default), redacting any secrets or tokens

Thank you