我正在尝试在不同的Docker容器之间取得平衡,每个Docker容器都有一个Nginx,而Web服务器都有一个SSL证书。
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1364b46632c web "/usr/bin/supervisord" 22 minutes ago Up 21 minutes 0.0.0.0:8001->443/tcp webserver01
b1364b46632c web "/usr/bin/supervisord" 22 minutes ago Up 21 minutes 0.0.0.0:8002->443/tcp webserver02
我的Nginx负载均衡器配置/etc/nginx/conf.d/default.conf
upstream pool_webservers {
server localhost:8001;
server localhost:8002;
}
server {
listen 443;
location / {
proxy_pass https://pool_webservers;
}
}
如果我使用SSL证书运行curl -vvv https://localhost:8001
或curl -vvv https://localhost:8002
服务器响应,但我无法使其正常工作,但如果运行curl -vvv https://localhost:443
,则返回
$ curl -vvv https://localhost:443
* Rebuilt URL to: https://localhost:443/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.
谢谢!
更新1: 我正在阅读并且是最好的解决方案,它在负载均衡器一侧添加SSL证书,在没有证书的情况下添加Docker容器(nginx web服务器)。
像这样:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec14fa21ef3d dignajar/bludit "/usr/bin/supervisord" 2 hours ago Up 2 hours 0.0.0.0:8001->80/tcp webserver01
ac14fa21ef1a dignajar/bludit "/usr/bin/supervisord" 2 hours ago Up 2 hours 0.0.0.0:8002->80/tcp webserver02
这是我的Nginx虚拟主机,具有mydomain的SSL证书。
upstream pool_webservers {
server localhost:8001;
server localhost:8002;
}
server {
listen 443 ssl;
server_name mydomain.here.com;
ssl_certificate /etc/...;
ssl_certificate_key /etc/...;
....
location / {
proxy_pass http://pool_webservers;
}
}
PD:让同一台服务器上的所有东西都不是好主意,只是为了这个例子。
答案 0 :(得分:2)
更改listen
行以指定ssl?
listen 443 ssl;