Java 通过nginx平衡SSL服务器客户端通信负载
我有个问题,我想知道是否有人能帮我:) 我用JAVA开发了一个SSL通信客户端服务器,我正在尝试用nginx平衡服务器的负载。conf文件应注意:Java 通过nginx平衡SSL服务器客户端通信负载,java,sockets,ssl,nginx,server,Java,Sockets,Ssl,Nginx,Server,我有个问题,我想知道是否有人能帮我:) 我用JAVA开发了一个SSL通信客户端服务器,我正在尝试用nginx平衡服务器的负载。conf文件应注意: upstream backend { least_conn; server localhost:2010 max_fails=1 fail_timeout=20s; server localhost:2011 max_fails=2 fail_timeout=20s;
upstream backend {
least_conn;
server localhost:2010 max_fails=1 fail_timeout=20s;
server localhost:2011 max_fails=2 fail_timeout=20s;
}
server {
listen 443 ssl;
ssl_certificate C:/nginx-1.7.9/ssl/ServerKeyStore.crt;
ssl_certificate_key C:/nginx-1.7.9/ssl/ServerKeyStore.key;
#ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#proxy_connect_timeout 5s;
#proxy_timeout 3s;
location / {
proxy_pass http://backend;
}
}
当我想使用使用使用nginx的客户端与服务器通信时,它会告诉我:
handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
这是我的Client.JAVA:
package sslClient;
import java.io.*;
import javax.net.ssl.*;
public class EchoClient {
public static final boolean DEBUG = true;
public static final int HTTPS_PORT = 443;
public static final String HTTPS_HOST = "localhost";
public static final String TRUSTTORE_LOCATION = "C:/CA/ClientKeyStore.jks";
public static final String PAN = "12345678910111213";
public static String wrapHTML(String source) {
return "Content-Type: text-plain\n" + "Content-Length: "
+ source.length() + "\nServer: hcetoken" + "\n\n" + source;
}
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore", TRUSTTORE_LOCATION);
if (DEBUG)
System.setProperty("javax.net.debug", "ssl:record");
SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
try {
SSLSocket c = (SSLSocket) f.createSocket(HTTPS_HOST, HTTPS_PORT);
c.startHandshake();
BufferedWriter w = new BufferedWriter(new OutputStreamWriter(
c.getOutputStream()));
BufferedReader r = new BufferedReader(new InputStreamReader(
c.getInputStream()));
PrintWriter sortie = new PrintWriter(w);
String msgHTML = wrapHTML(PAN);
System.out.println("Ecriture du client");
sortie.println(msgHTML);
sortie.flush();
// now read the socket
String m = null;
for(int i=0;i<10;++i)
{System.out.println("\n");}
System.out.println("Lecture du client");
while ((m = r.readLine()) != null) {
System.out.println("==================================================================");
System.out.println(m);
System.out.println("==================================================================");
}
System.out.println("Fin lecture du client");
for(int i=0;i<10;++i)
{System.out.println("\n");}
} catch (IOException e) {
System.err.println(e.toString());
}
}
}
包sslClient;
导入java.io.*;
导入javax.net.ssl.*;
公共类EchoClient{
公共静态最终布尔调试=true;
公共静态最终int HTTPS_端口=443;
公共静态最终字符串HTTPS\u HOST=“localhost”;
公共静态最终字符串TRUSTTORE_LOCATION=“C:/CA/ClientKeyStore.jks”;
公共静态最终字符串PAN=“1234567891011213”;
公共静态字符串wrapHTML(字符串源){
返回“内容类型:纯文本\n”+“内容长度:”
+source.length()+“\n服务器:hcetoken”+“\n\n”+源;
}
公共静态void main(字符串[]args){
setProperty(“javax.net.ssl.trustStore”,信任库位置);
如果(调试)
setProperty(“javax.net.debug”,“ssl:record”);
SSLSocketFactory f=(SSLSocketFactory)SSLSocketFactory.getDefault();
试一试{
SSLSocket c=(SSLSocket)f.createSocket(HTTPS\u主机,HTTPS\u端口);
c、 startHandshake();
BufferedWriter w=新的BufferedWriter(新的OutputStreamWriter(
c、 getOutputStream());
BufferedReader r=新的BufferedReader(新的InputStreamReader(
c、 getInputStream());
打印作者出动次数=新打印作者(w);
字符串msgHTML=wrapHTML(PAN);
System.out.println(“客户的电子档案”);
出动次数println(msgHTML);
出动架次齐平();
//现在读一下插座
字符串m=null;
对于(int i=0;i您需要一个Java客户端不信任的服务器证书。Java使用信任库来确定它接受的证书。您需要从CA获取一个受信任的证书,或者将您的证书添加到信任库
如果您不想购买证书,那么您需要更新Java。似乎涵盖了忽略错误或添加证书所需的内容
nginx配置的相关部分是:
ssl_certificate C:/nginx-1.7.9/ssl/ServerKeyStore.crt;
ssl_certificate_key C:/nginx-1.7.9/ssl/ServerKeyStore.key;
您似乎知道这一点,因为您已经定义了自定义信任库:
public static final String TRUSTTORE_LOCATION = "C:/CA/ClientKeyStore.jks";
因此,这应该只是向其中添加服务器证书。是的,您错过的一个步骤是将密钥库中的证书添加到信任库中。您好,感谢您的快速回答。实际上,ServerKeyStore.crt和ServerKeyStore.key来自我创建的证书。我刚刚将keystore ServerKeyStore.jks转换为pem/key,因为nginx需要这种文件
public static final String TRUSTTORE_LOCATION = "C:/CA/ClientKeyStore.jks";