Я настроил API-кластер с Nginx Load Balancer по инструкциям: https://docs.wso2.com/display/AM250/Configuring+the+Proxy+Server+and+the+Load+Balancer https://docs.wso2.com/display/CLUSTER44x/Setting+up+a+Cluster
Я пытался использовать самоподписанный сертификат или коммерческий сертификат для LB, но когда я открывал LB web-страница на 443 порту у меня такие же ошибки в логах:
SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking to upstream.
В чем проблема?
Конфигурация Nginx:
upstream server1 {
server x.x.x.x:9443;
}
upstream server2 {
server x.x.x.x:8243;
}
server {
listen 80;
server_name server1.com;
rewrite ^/(.*) https://server1.com/$1 permanent;
}
server {
listen 443;
server_name server1.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server1.cer;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server1.com;
}
}
server {
listen 443;
server_name server1.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server1.cer;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server1.com;
}}