我正在尝试使用在docker swarm上运行的Nginx设置SSL,但遇到了问题。一切看起来都正确但我做的任何请求都会挂起,直到我得到502.我确保在我的撰写文件中公开端口443。这是我得到的nginx错误:
*7 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 10.255.0.2, server: subdomain.mysite.com, request: "GET /api-v1/user-login HTTP/2.0", upstream: "https://10.0.0.6:5051/api-v1/user-login", host: "subdomain.mysite.com"
这是我的nginx default.conf的相关部分:
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
upstream siteStage {
ip_hash;
server siteStage:5051;
}
server {
listen 443 ssl http2 ;
server_name subdomain.mysite.com;
ssl on;
ssl_certificate /path/provided.crt;
ssl_certificate_key /path/client.key;
ssl_client_certificate /path/ca.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_client off;
location / {
proxy_ssl_certificate /etc/ssl/client.pem;
proxy_ssl_certificate_key /etc/ssl/client.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_session_reuse on;
proxy_pass https://siteStage/;
}
}
答案 0 :(得分:0)
事实证明这是我的nginx配置。以下是我最终的工作方式:
# No upstream
server {
listen 80;
listen 443 ssl default_server;
server_name subdomain.mysite.com;
ssl on;
ssl_certificate /path/provided.crt;
ssl_certificate_key /path/client.key;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://siteStage:5051/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}