NGINX - >清漆负载平衡器 - > Apache SSL连接= BAD REQUEST

时间:2018-04-04 04:59:17

标签: apache ssl https load-balancing varnish

这是我的设置:

服务器1 = Nginx正在端口443上接收请求,并用作反向代理将其发送到Varnish 5,位于端口80上的同一服务器上。

Varnish是端口443上服务器2和3(相同)上的负载均衡请求。

服务器2& 3 = Apache正在接收端口443上的请求并访问该应用程序。

所有服务器上都安装了SSL证书。

当我尝试访问该网站时,我遇到此错误400:

  

您的浏览器发送了此服务器无法理解的请求。   原因:您正在向支持SSL的服务器端口说明HTTP。   请使用HTTPS方案访问此URL。

以下是我的配置:

Nginx:

server {
   listen 443 ssl;

   server_name server.mydomain.com;

   ssl_certificate /etc/letsencrypt/live/server.mydomain.com/fullchain.pem;
   ssl_certificate_key/etc/letsencrypt/live/server.mydomain.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:80;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header X-Secure on;
    }
 }

清漆:

backend server1 { 
  .host = "xx.xx.xx.xxx";
  .port = "443";
}

backend server2 { 
  .host = "xx.xx.xx.xxx";
  .port = "443";
}


sub vcl_recv {
  if (req.restarts == 0) {
    if (req.http.x-forwarded-for) {
           set req.http.X-Forwarded-For =
               req.http.X-Forwarded-For + ", " + client.ip;
       } else {
           set req.http.X-Forwarded-For = client.ip;
       }
   }

   if (req.http.X-Real-IP) {
       set req.http.X-Forwarded-For = req.http.X-Real-IP;
   } else {
       set req.http.X-Forwarded-For = client.ip;
   }
   ...
}

的Apache:

<VirtualHost *:443>
    ServerName server.mydomain.com

   DocumentRoot /var/www/mydomain/

    <Directory /var/www/mydomain/>
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/server.mydomain.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/server.mydomain.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/server.mydomain.com/chain.pem

    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCompression off
    SSLOptions +StrictRequire
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E$

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/server.mydomain.com-error.log
    CustomLog ${APACHE_LOG_DIR}/server.mydomain.com-access.log combined

</VirtualHost>

我理解这个问题,但没有找到解决方法。有什么建议吗?

此致

1 个答案:

答案 0 :(得分:0)

Varnish不会说Apache / TLS到Apache - 你需要在Varnish和Apache之间设置STUNNEL。

相关问题
最新问题