gpt4 book ai didi

apache - NGINX -> Varnish 负载平衡器 -> Apache SSL 连接 = 错误请求

转载 作者:太空宇宙 更新时间:2023-11-03 14:34:09 26 4
gpt4 key购买 nike

这是我的设置:

服务器 1 = Nginx 在端口 443 上接收请求,并用作反向代理以将其发送到端口 80 上同一服务器上的 Varnish 5。

Varnish 是服务器 2 和 3(相同)上端口 443 上的负载均衡请求。

服务器 2 和 3 = Apache 正在端口 443 上接收请求并访问应用程序。

SSL 证书安装在所有服务器上。

当我尝试访问该网站时出现此错误 400:

Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.

这是我的配置:

Nginx:

server {
listen 443 ssl;

server_name server.mydomain.com;

ssl_certificate /etc/letsencrypt/live/server.mydomain.com/fullchain.pem;
ssl_certificate_key/etc/letsencrypt/live/server.mydomain.com/privkey.pem;

location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Secure on;
}
}

Varnish :

backend server1 { 
.host = "xx.xx.xx.xxx";
.port = "443";
}

backend server2 {
.host = "xx.xx.xx.xxx";
.port = "443";
}


sub vcl_recv {
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}

if (req.http.X-Real-IP) {
set req.http.X-Forwarded-For = req.http.X-Real-IP;
} else {
set req.http.X-Forwarded-For = client.ip;
}
...
}

Apache :

<VirtualHost *:443>
ServerName server.mydomain.com

DocumentRoot /var/www/mydomain/

<Directory /var/www/mydomain/>
AllowOverride All
Order allow,deny
allow from all
</Directory>

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/server.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.mydomain.com/chain.pem

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E$

LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/server.mydomain.com-error.log
CustomLog ${APACHE_LOG_DIR}/server.mydomain.com-access.log combined

</VirtualHost>

我明白问题所在,但没有找到解决方案。有什么建议吗?

问候

最佳答案

Varnish 不向 Apache 发送 HTTPS/TLS - 您需要在 Varnish 和 Apache 之间设置 STUNNEL。

关于apache - NGINX -> Varnish 负载平衡器 -> Apache SSL 连接 = 错误请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49643113/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com