这是我的设置:
服务器1 = nginx正在接收端口443上的请求,并用作将其发送到port 80上同一服务器上的Varnish 5的反向代理。
varnish是服务器2和3上的负载平衡请求(在端口443上相同(。
服务器2&3 = Apache正在接收端口443上的请求并访问该应用程序。
SSL证书已安装在所有服务器上。
当我尝试访问网站时,我有此错误400:
您的浏览器发送了该服务器无法理解的请求。 原因:您正在对支持SSL的服务器端口说普通的HTTP。 而是使用HTTPS方案访问此URL。
这是我的配置:
nginx:
server {
listen 443 ssl;
server_name server.mydomain.com;
ssl_certificate /etc/letsencrypt/live/server.mydomain.com/fullchain.pem;
ssl_certificate_key/etc/letsencrypt/live/server.mydomain.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Secure on;
}
}
varnish:
backend server1 {
.host = "xx.xx.xx.xxx";
.port = "443";
}
backend server2 {
.host = "xx.xx.xx.xxx";
.port = "443";
}
sub vcl_recv {
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
if (req.http.X-Real-IP) {
set req.http.X-Forwarded-For = req.http.X-Real-IP;
} else {
set req.http.X-Forwarded-For = client.ip;
}
...
}
apache:
<VirtualHost *:443>
ServerName server.mydomain.com
DocumentRoot /var/www/mydomain/
<Directory /var/www/mydomain/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/server.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/server.mydomain.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E$
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/server.mydomain.com-error.log
CustomLog ${APACHE_LOG_DIR}/server.mydomain.com-access.log combined
</VirtualHost>
我理解这个问题,但没有找到他的解决方案。有建议吗?
问候
varnish不会将https/tls插入apache-您需要在varnish和apache之间设置stunnel。