我正在尝试使用nginx向公共fqdn发送proxy_pass请求。服务器将LB配置为仅在使用fqdn访问时响应请求,并且在使用IP访问时获得ssl握手错误。
我的问题是nginx隐式地将fqdn转换为一组ip,并逐一尝试并失败。是否有一种方法有nginx proxy_pass没有转换fqdn到IP和路由请求到上游在fqdn?
location /public/api {
proxy_pass https://public.server.com/api;
proxy_set_header Host $host;
}
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip1>:443/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip2>43/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip3>:443/<api>", host: "<ip>"
添加客户端证书和私钥来验证nginx和每个后端服务器。使用proxy_ssl_certificate和proxy_ssl_certificate_key指令:
location /public/api {
proxy_pass https://public.server.com/api;
proxy_set_header Host $host;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key /etc/nginx/client.key
}