Ngnix SSL信任库/ ca证书规范
[英]Ngnix SSL truststore/ca cert specification
问题描述
I have a web app on Weblogic server which accepts connection over HTTPS with self signed certificate. 
我在Weblogic服务器上有一个Web应用程序,它通过HTTPS接受自签名证书的连接。 Web App on Weblogic server URL https://server1.com:7122/webapp1/ Weblogic服务器URL上的Web App https://server1.com:7122/webapp1/
I also have ngnix installed on the same server with a verisign certificate which acts as a frontend to all web apps on the server. 我还在同一台服务器上安装了ngnix,其中包含verisign证书,该证书充当服务器上所有Web应用程序的前端。 Nginx server URL https://server1.com:443/ Nginx服务器URL https://server1.com:443/
I want users to access webapp on Weblogic to be accessed via nginx as port 7122 is blocked to access from outside. 我希望用户访问Weblogic上的webapp以通过nginx访问,因为端口7122被阻止从外部访问。 I added the following rule 我添加了以下规则
location /webapp1 {
proxy_pass https://server1.com:7122;
}
I am able to access all other apps over Nginx however for webapp1 I get the following error 我可以通过Nginx访问所有其他应用程序但是对于webapp1我收到以下错误
[error] 6680#10132: *147 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 10.62.144.39, server: server1.com .....
1 个解决方案
解决方案1
6 2014-05-15 01:58:26
On the nginx server, check whether you get any error with this. 在nginx服务器上,检查是否有任何错误。
openssl s_client -connect server1.com:7122;
If it works, try proxy_pass without https 如果有效,请尝试不使用https的proxy_pass
proxy_pass http://server1.com:7122;
Since the Weblogic server is only accessible internally, is it necessary to SSL it, because this adds additional SSL overhead having to encrypt & decrypt 2 times. 由于Weblogic服务器只能在内部访问,因此需要对其进行SSL处理,因为这会增加额外的SSL开销,必须加密和解密2次。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.