我想知道如何使用 Redbird 代理正确配置安全域。基本info有点令人困惑,因为示例有点零碎。我想这应该可以通过 letsencrypt
自动实现(正如那里所声称的那样)。
我已经尝试过:
var proxy = require('redbird')({
port:80,
ssl: {
port: 3000,
letsencrypt: {
path: '../SSL-certs',
}
}
});
proxy.register('secure-web.net', 'http://xx.xx.xxx.xxx:8080',{
ssl: {
letsencrypt: {
email: '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5e33271e333f3732703d3133" rel="noreferrer noopener nofollow">[email protected]</a>'
}
}
});
proxy.register('insecure-web.net', 'http://xx.xxx.xx.xxx:6881');
终端抛出(当我尝试访问该页面时):
{"name":"redbird","hostname":"honza-kvm","pid":3089,"level":50,"err":{"message":"140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n","name":"Error","stack":"Error: 140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n"},"msg":"HTTPS Client Error","time":"2016-11-08T13:03:37.979Z","v":0}
Firefox 抛出:
错误代码:SSL_ERROR_NO_CYPHER_OVERLAP
SSL-certs 目录故意为空(看起来应该是根据手册页),但也许我需要一些有关通过 Redbird 使用 letsencrypt
的重要信息。
最佳答案
此示例启用了 http 和 https 到我现有的 localhost:8080。
var proxy = require('redbird')({
port: 80
xfwd: false,
letsencrypt: {
path: "certs",
port: 3000
},
ssl: {
port: 443
}
});
proxy.register("www.example.com", "http://localhost:8080", {
ssl: {
letsencrypt: {
email: "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="107d75507568717d607c753e737f7d" rel="noreferrer noopener nofollow">[email protected]</a>",
production: false
}
}
});
此外,当从生产:假切换到生产:真时,我发现证书颁发者仍然
Fake LE Intermediate X1
我完全删除了certs目录的内容,并重新启动代理来查找
Let's Encrypt Authority X3
关于ssl - 如何使用 Redbird 反向代理配置安全 (HTTPS) 域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40487875/