我无法将代理反向到我的https后端。我究竟做错了什么?我在后端和前端使用相同的证书集,因为它们都在同一台计算机上运行。我从zerossl获得了证书。这是我得到的错误:
curl --cacert /etc/ssl/certs/ca_bundle.crt https://www.ravi.guru
<html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.16.1</center> </body> </html>
在我的/var/log/nginx/error.log中,我得到了:
2020/09/06 01:50:53 [错误] 2603#0:* 4上游SSL证书验证错误:(2:无法获取>颁发者证书),同时与上游进行SSL握手,客户端:192.168.103.15,服务器: www.ravi.guru,请求:“ GET / HTTP / 1.1”,上游:“ https://192.168.103.15:8080/”,主机: “ www.ravi.guru”
当我直接连接到后端时,一切顺利:
curl --cacert /etc/ssl/certs/ca_bundle.crt https://www.ravi.guru:8080
嗨
我的index.html是带有条目“ hi”的文件
这是我的配置文件:
server {
listen 443 http2 ssl;
server_name www.ravi.guru;
ssl_certificate /etc/ssl/certs/certificate.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass https://www.ravi.guru:8080;
proxy_ssl_certificate /etc/ssl/certs/certificate.crt;
proxy_ssl_certificate_key /etc/ssl/private/private.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
server {
listen 8080 http2 ssl;
#listen [::]:443 http2 ssl;
server_name www.ravi.guru;
ssl_certificate /etc/ssl/certs/certificate.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/ravi.guru/html;
index index.html index.htm index.nginx-debian.html;
}