特使代理转发到https端点:面临协议错误
特使代理转发到https端点:面临协议错误
提问于 2022-09-02 12:39:16
我正在尝试这样做:调用public.com/api/v1/{ proxy },将代理发送到入口代理后面。特使代理将使用不同的路径:https://private.com/internal/{proxy}将流量转发到VPC中的https私有端点。
但我仍然面临着这个问题
上游重置:重置原因:连接终止,传输失败原因:
我甚至尝试过使用公共https端点,但它仍然是一样的。
以下是我的配置:
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- name: listener
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
'@type': "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
stat_prefix: http_proxy
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
route_config:
name: all
virtual_hosts:
- name: local_service
domains:
- '*'
routes:
- match: { prefix: "/api/v1"}
route:
prefix_rewrite: "/internal/"
cluster: allbackend_cluster
http_filters:
- name: envoy.filters.http.router
clusters:
- name: allbackend_cluster
connect_timeout: 1s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: allbackend_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: private.com
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
validation_context:
trusted_ca: {filename: /etc/ssl/certs/ca-certificates.crt}回答 1
Stack Overflow用户
回答已采纳
发布于 2022-09-03 09:54:19
我相信你需要为特使添加证书信息。
tls_context:
common_tls_context:
tls_certificates:
- certificate_chain:
filename: "/etc/ssl/certs/https.crt"
private_key:
filename: "/etc/ssl/certs/key.pem"并添加信任群集使用的证书。
tls_context:
common_tls_context:
validation_context:
trusted_ca:
filename: "/etc/ssl/certs/cluster.crt"页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73582704
复制相关文章
相似问题
腾讯云开发者
