503代理错误,无法建立SSL连接。
503代理错误,无法建立SSL连接。
提问于 2019-01-15 23:02:07
我的服务器上有一个码头集装箱在运行。如果这重要的话,它正在运行一个collabora/code实例。我有一个外部子域,它对容器URL进行反向代理,但得到一个503。再深入一点,我似乎得到了一个Unable to establish SSL connection错误。我自己检查的东西都用完了,希望有人能给我建议.
$ wget -O - https://office.mydomain.com/hosting/discovery > /dev/null
--2019-01-15 22:40:29-- https://office.mydomain.com/hosting/discovery
Resolving office.mydomain.com (office.mydomain.com)... 5.28.62.38
Connecting to office.mydomain.com (office.mydomain.com)|5.28.62.38|:443... connected.
HTTP request sent, awaiting response... 502 Proxy Error
2019-01-15 22:40:31 ERROR 502: Proxy Error.代理错误。现在我正在查看虚拟主机文件,我可以看到它试图将代理反向到:
ServerName office.mydomain.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/office.mydomain.com/fullchain.pem
SSLCertificateChainFile /etc/letsencrypt/live/office.mydomain.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.mydomain.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool因此(SSH进入服务器在本地运行),我试图向反向代理目的地发送一个请求,删除代理:
$ wget -O - https://127.0.0.1:9980/hosting/discovery > /dev/null
--2019-01-15 22:20:25-- https://127.0.0.1:9980/hosting/discovery
Connecting to 127.0.0.1:9980... connected.
Unable to establish SSL connection.所以我的SSL连接有问题吗?这些密钥确实存在,我已经对此和其他在HTTPS上运行良好的站点进行了加密。
如有帮助,请提供更多信息:
$ sudo netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 15179/mysqld
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 29677/redis-server
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 19278/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29538/master
tcp 0 0 127.0.0.1:9980 0.0.0.0:* LISTEN 27082/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 1011/apache2
tcp6 0 0 :::22 :::* LISTEN 19278/sshd
tcp6 0 0 :::25 :::* LISTEN 29538/master
tcp6 0 0 :::443 :::* LISTEN 1011/apache2
$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c714e3b8883d collabora/code "/bin/sh -c 'bash st…" 24 hours ago Up 2 minutes 127.0.0.1:9980->9980/tcp vibrant_haibt在我的虚拟主机设置中,我可能做错了什么吗?还有什么我该查的吗?飞碟等等?
更新
卷曲与HTTPS:
$ curl -v https://127.0.0.1:9980/hosting/discovery
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 9980 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 599 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: The TLS connection was non-properly terminated.
* Closing connection 0
curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.而且没有:
$ curl -v http://127.0.0.1:9980/hosting/discovery
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 9980 (#0)
> GET /hosting/discovery HTTP/1.1
> Host: 127.0.0.1:9980
> User-Agent: curl/7.47.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server回答 1
Server Fault用户
发布于 2019-01-15 23:26:10
看来对接器容器不监听HTTPS连接。尝试将代理信任切换到http,看看您是否会得到响应。
此外,如果您通过HTTP对码头容器做了curl操作,则可以在本地验证。*编辑:
你能提供输出的卷曲冗长的输出到码头实例吗?
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/949258
复制相关文章
相似问题
腾讯云开发者
