我正在尝试在端口3000上监听https请求。Fastify正在侦听端口3000,但当我尝试发送curl命令curl -k https://example.com:3000/ -v时,我得到了以下信息
Trying 35.245.34.146...
* TCP_NODELAY set
* Connected to example.com (35.245.34.146) port 3000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number我设置tcpdump来捕获端口3000上的流量,下面是我得到的结果
14:11:23.046591 IP 100.8.170.2.52475 > 10.150.0.2.3000: tcp 0
0x0000: 4500 0040 0000 4000 3a06 2816 6408 aa02 E..@..@.:.(.d...
0x0010: 0a96 0002 ccfb 0bb8 2524 14bd 0000 0000 ........%$......
0x0020: b002 ffff 6070 0000 0204 05b4 0103 0306 ....`p..........
0x0030: 0101 080a 4ad5 607f 0000 0000 0402 0000 ....J.`.........
14:11:23.046638 IP 10.150.0.2.3000 > 100.8.170.2.52475: tcp 0
0x0000: 4500 003c 0000 4000 4006 221a 0a96 0002 E..<..@.@.".....
0x0010: 6408 aa02 0bb8 ccfb 2b60 9883 2524 14be d.......+`..%$..
0x0020: a012 fd00 18d1 0000 0204 058c 0402 080a ................
0x0030: 9e6d c7ce 4ad5 607f 0103 0307 .m..J.`.....
14:11:23.066491 IP 100.8.170.2.52475 > 10.150.0.2.3000: tcp 0
0x0000: 4500 0034 0000 4000 3a06 2822 6408 aa02 E..4..@.:.("d...
0x0010: 0a96 0002 ccfb 0bb8 2524 14be 2b60 9884 ........%$..+`..
0x0020: 8010 0814 6de8 0000 0101 080a 4ad5 6092 ....m.......J.`.
0x0030: 9e6d c7ce .m..
14:11:23.086786 IP 100.8.170.2.52475 > 10.150.0.2.3000: tcp 235
0x0000: 4500 011f 0000 4000 3a06 2737 6408 aa02 E.....@.:.'7d...
0x0010: 0a96 0002 ccfb 0bb8 2524 14be 2b60 9884 ........%$..+`..
0x0020: 8018 0814 432f 0000 0101 080a 4ad5 60a7 ....C/......J.`.
0x0030: 9e6d c7ce 1603 0100 e601 0000 e203 03da .m..............
0x0040: 6cf3 41d6 0aba 42c3 5e03 d368 bb85 d01c l.A...B.^..h....
0x0050: 576a 3ce9 e7b8 208f 49d6 0c28 094d 5000 Wj<.....I..(.MP.
0x0060: 005c c030 c02c c028 c024 c014 c00a 009f .\.0.,.(.$......
0x0070: 006b 0039 cca9 cca8 ccaa ff85 00c4 0088 .k.9............
0x0080: 0081 009d 003d 0035 00c0 0084 c02f c02b .....=.5...../.+
0x0090: c027 c023 c013 c009 009e 0067 0033 00be .'.#.......g.3..
0x00a0: 0045 009c 003c 002f 00ba 0041 c011 c007 .E...<./...A....
0x00b0: 0005 0004 c012 c008 0016 000a 00ff 0100 ................
0x00c0: 005d 0000 0015 0013 0000 1075 7064 6174 .].......example
0x00d0: 6573 6469 6172 792e 636f 6d00 0b00 0201 .com.....
0x00e0: 0000 0a00 0800 0600 1d00 1700 1800 0d00 ................
0x00f0: 1c00 1a06 0106 03ef ef05 0105 0304 0104 ................
0x0100: 03ee eeed ed03 0103 0302 0102 0300 1000 ................
0x0110: 0e00 0c02 6832 0868 7474 702f 312e 31 ....h2.http/1.1
14:11:23.086829 IP 10.150.0.2.3000 > 100.8.170.2.52475: tcp 0
0x0000: 4500 0034 6647 4000 4006 bbda 0a96 0002 E..4fG@.@.......
0x0010: 6408 aa02 0bb8 ccfb 2b60 9884 2524 15a9 d.......+`..%$..
0x0020: 8010 01f9 18c9 0000 0101 080a 9e6d c7f7 .............m..
0x0030: 4ad5 60a7 J.`.快速设置
const fs = require('fs');
const path = require('path');
const fastify = require('fastify')(
{ logger: true},
{
http2: true,
https: {
cert: fs.readFileSync(path.resolve(__dirname,'../../etc/letsencrypt/live/example.com/cert.pem')),
key: fs.readFileSync(path.resolve(__dirname,'../../etc/letsencrypt/live/example.com/privkey.pem')),
secureProtocol: 'TLSv1.2'
}
}
);HTTP工作正常curl -k http://example.com:3000/ -v和我得到响应回来
我也尝试在/etc/apache2/sites-enabled/000-default-le-ssl.conf中进行此更改,
<VirtualHost *:443 *:3000>但我在curl命令中得到相同的结果CONNECT_CR_SRVR_HELLO:wrong version number
有人能帮我看看我怎么能得到回应回https?
1条答案
按热度按时间55ooxyrt1#
我在Apache中实现了
ProxyPassReverse,以实现fastify通过https使用已经打开的相同Apache隧道(端口443)发送请求,而不是打开不同的端口将其包含在apache2上的
/etc/apache2/sites-enabled/000-default-le-ssl.conf文件中其中,
/path是来自客户端(浏览器)的传入请求的路径,/path1是将位于Fastify服务器上的路径在fastify方面,您的server.js将看起来像thuis的基本形式
确保fastify在3000上侦听,在此设置中无需在https上获取fastify侦听
最后,一个例子,来自客户端的请求看起来像这样。
https://yourdomain.com/path/svc/search,在此设置中,它将被代理到https://upstream.com/svc/search