如何在Windows服务器中使用Nginx创建负载均衡器?

时间:2019-05-31 15:43:48

标签: ssl nginx iis openssl devops

我有很大的麻烦。在使用kestrel绑定了两个由IIS托管的网站之后,我尝试了很多次将nginx服务器作为Windows服务启动,但是我无法实现这一点,它产生了以下错误。我该如何解决此问题?我使用以下代码创建了证书:

openssl pkcs12 -in xyz.com.pfx -nocerts -out /xyzcert/xyz.com.pem
openssl rsa -in /certificate/xyz.pem -out /xyzcert/xyz.com.key
openssl x509 -outform der -in /xyzcert/xyz.com.pem -out 
/xyzcert/xyz.com.crt

如果我检查我的错误日志:


2019/05/31 13:58:14 [emerg] 8792#10088: no ssl_client_certificate for ssl_client_verify
2019/05/31 13:58:16 [emerg] 7324#8852: no ssl_client_certificate for ssl_client_verify
2019/05/31 13:58:20 [emerg] 8520#9928: no ssl_client_certificate for ssl_client_verify

Nginx.conf 

http {
    #...
    upstream loadbalancer.xyz.com {
        server staging1.xyz.com:996;
        server staging2.xyz.com:997;
   }

    server {
        listen      80;
        server_name www.loadbalancer.xyz.com;
        #...

        location /upstream {
            proxy_pass                    https://loadbalancer.xyz.com;
            proxy_ssl_certificate         /xyzcert/xyz.com.crt;
            proxy_ssl_certificate_key     /xyzcert/xyz.com.key;
            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /xyzcert/xyz.com.pem;

            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;
        }
    }

    server {
        listen      443 ssl;
        server_name staging1.xyz.com;

        ssl_certificate        /xyzcert/xyz.com.crt;
        ssl_certificate_key    /xyzcert/xyz.com.key;
        ssl_trusted_certificate /xyzcert/xyz.com.pem;

        location /yourapp {
            proxy_pass http://staging1.xyz.com;
        #...
        }
    }

    server {
        listen      443 ssl;
        server_name staging2.xyz.com;

        ssl_certificate        /xyzcert/xyz.com.crt;
        ssl_certificate_key    /xyzcert/xyz.com.key;
        ssl_trusted_certificate /xyzcert/xyz.com.pem;

        location /yourapp {
           proxy_pass http://staging2.xyz.com;
        #...
        }
    }
}

这意味着我有一些认证问题,但我研究了通过创建上述证书来解决该问题的方法。如何使用配置启动我的负载均衡器。或者,我要解决另一个问题。我需要您的大力帮助。谢谢。

enter image description here

0 个答案:

没有答案
相关问题
最新问题