现在已经2个星期,我试图用我的清漆解决方案来缓解我的SSL页面。 当我在端口80上查询我的页面时,一切正常,但在端口443上,我显示空白页面或错误。
[互联网] -----> [防火墙] -----> [代理(Hitch + Varnish)-------> [服务器网站]
这是我的基础架构。
我的搭便车是:
frontend = "[*]:443"
backend = "[127.0.0.1]:80"
pem-file = "/etc/hitch/xxxxxxxxxxxxxx.pem"
ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
prefer-server-ciphers = off
ssl-engine = ""
workers = 1
backlog = 100
keepalive = 3600
chroot = ""
user = "hitch"
group = "hitch"
quiet = off
syslog = on
syslog-facility = "daemon"
daemon = on
write-ip = off
write-proxy-v1 = on
write-proxy-v2 = off
proxy-proxy = off
sni-nomatch-abort = off
我的Varnish.params:
# Set this to 1 to make systemd reload try to switch VCL without restart.
RELOAD_VCL=1
# Main configuration file. You probably want to change it.
VARNISH_VCL_CONF=/etc/varnish/default.vcl
# Default address and port to bind to. Blank address means all IPv4
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
# quad, or an IPv6 address in brackets.
VARNISH_LISTEN_ADDRESS=
#VARNISH_LISTEN_ADDRESS=0.0.0.0
VARNISH_LISTEN_PORT=80
# Admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret
# Backend storage specification, see Storage Types in the varnishd(5)
# man page for details.
VARNISH_STORAGE="malloc,256M"
# User and group for the varnishd worker processes
VARNISH_USER=varnish
VARNISH_GROUP=varnish
# Other options, see the man page varnishd(1)
#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"
#DAEMON_OPTS="-a :6081"
我的netstat -ntap是:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9299/varnishd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3940/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 9007/hitch
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 9298/varnishd
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 938/snmpd
tcp 1 0 10.0.9.192:49032 10.0.9.190:80 CLOSE_WAIT 9299/varnishd
tcp6 0 0 :::80 :::* LISTEN 9299/varnishd
tcp6 0 0 :::443 :::* LISTEN 9007/hitch