我通过Nginx Load Balancer手动配置了API集群: Drag & Drop Does Not Disable Buttons As Doesn't Fall Into Correct IF Statement https://docs.wso2.com/display/AM250/Configuring+the+Proxy+Server+and+the+Load+Balancer
我尝试对LB使用自签名证书或商业证书,但是当我在443端口上打开LB网页时,日志中存在相同的错误:
SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking to upstream.
出什么问题了?
Nginx配置:
upstream server1 {
server x.x.x.x:9443;
}
upstream server2 {
server x.x.x.x:8243;
}
server {
listen 80;
server_name server1.com;
rewrite ^/(.*) https://server1.com/$1 permanent;
}
server {
listen 443;
server_name server1.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server1.cer;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server1.com;
}
}
server {
listen 443;
server_name server1.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server1.cer;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server1.com;
}}