个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
27
4
我正在尝试在 haproxy 上安装 haproxy comodo positivessl,但浏览器显示证书错误。HaProxy 配置:
global
daemon
#debug
maxconn 15000
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600
defaults
mode http
balance roundrobin
timeout client 60s # Client and server timeout must match the longest
timeout server 60s # time we may wait for a response from the server.
timeout queue 60s # Don't queue requests too long if saturated.
timeout connect 4s # There's no reason to change this one.
timeout http-request 5s
option http-server-close
option httpclose
option abortonclose
option redispatch
option forwardfor # set the client's IP in X-Forwarded-For.
option tcp-smart-accept
option tcp-smart-connect
retries 2
monitor-uri /monitor # Returns 200 if we're up; real path redacted
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats 0.0.0.0:8880
stats enable
stats hide-version
stats uri /
stats realm HAProxy\ Statistics
stats auth example:example
frontend httpFrontEnd
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/example_com.pem ca-file /etc/haproxy/certs/example_com.ca-bundle
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
stick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)
acl source_is_abuser src_get_gpc0 gt 0
tcp-request connection reject if source_is_abuser
acl conn_rate_abuse sc1_conn_rate gt 100
acl mark_as_abuser sc1_inc_gpc0 gt 0
tcp-request connection track-sc1 src
tcp-request connection reject if conn_rate_abuse mark_as_abuser
acl examplecom hdr_end(host) -i example.com
use_backend examplecom_http if examplecom
use_backend httpsBackEnd if { ssl_fc }
default_backend httpBackEnd
backend examplecom_http
server s1 X.X.X.X:80 check
backend httpBackEnd
server httpBackEnd-Local X.X.X.X:81 check
backend httpsBackEnd
server httpBackEnd-Local X.X.X.X:444 check
.pem 文件包含域crt、私钥
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
ca-bundle 文件来自comodo
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
问题是我收到证书错误(名称不匹配)证书名称不匹配:颁发给:服务器
最佳答案
听起来您需要安装证书链。 Comodo(和大多数其他 CA)将有一个浏览器必须遵循的链。在您的证书文件中,除了您的实际证书之外,只需添加中间和根 ca 证书。我的文件如下所示:
-----BEGIN MY CERTIFICATE-----
-----END MY CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
-----END ROOT CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
关于ssl - HAProxy 科摩多 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18537855/
27
4
0
我有一个看起来像这样的出租车列表: 1204725 2162 1300163 420247 我希望从上面的taxids中按顺序获得一个带有分类ID的文件: kingdom_id phylum
我有物种的分类 ID,我可以从 NCBI ( https://www.ncbi.nlm.nih.gov/Taxonomy/TaxIdentifier/tax_identifier.cgi ) 获得物种
我是一名优秀的程序员,十分优秀!