我在主机Nginx上有两个VM,另一个也是独立服务器。 我将按以下方式调用虚拟机;
let anchors = document.querySelectorAll('a');
for (let anchor of anchors) {
anchor.addEventListener("click", (event) => {
let langValue = event.target.getAttribute('data-lang');
setCookie("language-selected", langValue, 1); // expiration time is 1 day
})
}
function setCookie(cname, cvalue, exdays) {
var d = new Date();
d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
var expires = "expires=" + d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
服务https Cash的服务器服务http 为了使LOCAL与LOCAL通信,我们使用CASH 反向代理来重定向 {{1 }}到NGINX的流量并处理HTTP握手,并且如果HTTPS呼叫TLS,则CASH再次接受此LOCAL流量并将其重定向到NGINX的{{1}},如图所示;
HTTPS我的成功
LOCAL到HTTP的流量运行良好。我的挑战
upstream api_http_within_this_vm {
server 127.0.0.1:9001; #LOCAL VM caal it HOST VM application
}
# SENDING HTTP TRAFFIC TO OUR HTTPS ENDPOINT Call CASH
server {
listen 80;
listen [::]:80;
server_name 10.0.0.13;
location / {
proxy_pass https:// api_https_to_another_vm;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_certificate /etc/nginx/sites-available/signed_by_CASH.pem;
proxy_ssl_certificate_key /etc/nginx/sites-available/local_key_used_to_generate_csr_for_CASH_to_sign.key;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/nginx/sites-available/CASH_CA.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
upstream api_https_to_another_vm {
server 10.0.0.13:8080; # CASH's VM IP and PORT
}
# RECIEVING HTTPS TRAFFIC ENDPOINT from CASH TO OUR LOCAL HTTP ENDPOINT
server {
listen 5555 ssl http2;
listen [::]:5555 ssl http2;
server_name 1270.0.0.1;
location / {
proxy_pass http://api_http_within_this_vm;
proxy_set_header X_CUSTOM_HEADER $http_x_custom_header;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_request_headers on;
}
ssl_certificate /etc/nginx/sites-available/signed_by_CASH.pem;
ssl_certificate_key /etc/nginx/sites-available/local_key_used_to_generate_csr_for_CASH_to_sign.key;
ssl_verify_client off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
}
到CASH的流量无效。当我不使用反向代理 LOCAL到LOCAL而直接使用CASH时,仍然收到502错误请求,即使没有握手也是如此。哪里出问题了,请告知.....
第二,Nginx是否仅将流量重定向到VM内的IP或什至其他VM?
我主要是想实现在我这方面失败的leg。
答案 0 :(得分:0)
随着时间的推移,我已经测试了此配置,我不得不使用tcpdump进行跟踪,甚至检查了我的日志,因为我怀疑问题是由网络驱动的。我发现客户端CASH实际上在TLS握手完成之前就已断开连接。
2019/03/02 06:54:58 [error] 27569#27569: *62 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xx.xx.xx.xx, server: 1270.0.0.1, request: "GET / HTTP/1.1", upstream: "https://xx.xx.xx.xx:1000/", host: "xx.xx.xx.xx:80"
感谢所有查看的内容,但脚本是正确的。