Fatal编程技术网
  • java/
  • Java 通过nginx平衡SSL服务器客户端通信负载

Java 通过nginx平衡SSL服务器客户端通信负载

java sockets ssl nginx server

Java 通过nginx平衡SSL服务器客户端通信负载,java,sockets,ssl,nginx,server,Java,Sockets,Ssl,Nginx,Server,我有个问题,我想知道是否有人能帮我:) 我用JAVA开发了一个SSL通信客户端服务器,我正在尝试用nginx平衡服务器的负载。conf文件应注意: upstream backend { least_conn; server localhost:2010 max_fails=1 fail_timeout=20s; server localhost:2011 max_fails=2 fail_timeout=20s;

我有个问题,我想知道是否有人能帮我:)

我用JAVA开发了一个SSL通信客户端服务器,我正在尝试用nginx平衡服务器的负载。conf文件应注意:

 upstream backend {
            least_conn;
            server localhost:2010 max_fails=1 fail_timeout=20s;
            server localhost:2011 max_fails=2 fail_timeout=20s;
        }

        server {
            listen 443 ssl;
            ssl_certificate C:/nginx-1.7.9/ssl/ServerKeyStore.crt;
            ssl_certificate_key C:/nginx-1.7.9/ssl/ServerKeyStore.key;
            #ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
            #proxy_connect_timeout 5s;
            #proxy_timeout 3s;
            location / {
            proxy_pass http://backend;
            }

        }
当我想使用使用使用nginx的客户端与服务器通信时,它会告诉我:

handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
这是我的Client.JAVA:

package sslClient;

import java.io.*;
import javax.net.ssl.*;

public class EchoClient {

    public static final boolean DEBUG = true;
    public static final int HTTPS_PORT = 443;
    public static final String HTTPS_HOST = "localhost";
    public static final String TRUSTTORE_LOCATION = "C:/CA/ClientKeyStore.jks";
    public static final String PAN = "12345678910111213";


    public static String wrapHTML(String source) {
        return "Content-Type: text-plain\n" + "Content-Length: "
                + source.length() + "\nServer: hcetoken" + "\n\n" + source;
    }

    public static void main(String[] args) {

        System.setProperty("javax.net.ssl.trustStore", TRUSTTORE_LOCATION);

        if (DEBUG)
            System.setProperty("javax.net.debug", "ssl:record");

        SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
        try {

            SSLSocket c = (SSLSocket) f.createSocket(HTTPS_HOST, HTTPS_PORT);

            c.startHandshake();


            BufferedWriter w = new BufferedWriter(new OutputStreamWriter(
                    c.getOutputStream()));
            BufferedReader r = new BufferedReader(new InputStreamReader(
                    c.getInputStream()));

            PrintWriter sortie = new PrintWriter(w);




            String msgHTML = wrapHTML(PAN);
            System.out.println("Ecriture du client");
            sortie.println(msgHTML);
            sortie.flush();

            // now read the socket
            String m = null;
            for(int i=0;i<10;++i)
            {System.out.println("\n");}
            System.out.println("Lecture du client");
            while ((m = r.readLine()) != null) {
                System.out.println("==================================================================");
                System.out.println(m);
                System.out.println("==================================================================");
            }
            System.out.println("Fin lecture du client");
            for(int i=0;i<10;++i)
            {System.out.println("\n");}

        } catch (IOException e) {
            System.err.println(e.toString());
        }

    }
}

包sslClient;
导入java.io.*;
导入javax.net.ssl.*;
公共类EchoClient{
公共静态最终布尔调试=true;
公共静态最终int HTTPS_端口=443;
公共静态最终字符串HTTPS\u HOST=“localhost”;
公共静态最终字符串TRUSTTORE_LOCATION=“C:/CA/ClientKeyStore.jks”;
公共静态最终字符串PAN=“1234567891011213”;
公共静态字符串wrapHTML(字符串源){
返回“内容类型:纯文本\n”+“内容长度:”
+source.length()+“\n服务器:hcetoken”+“\n\n”+源;
}
公共静态void main(字符串[]args){
setProperty(“javax.net.ssl.trustStore”,信任库位置);
如果(调试)
setProperty(“javax.net.debug”,“ssl:record”);
SSLSocketFactory f=(SSLSocketFactory)SSLSocketFactory.getDefault();
试一试{
SSLSocket c=(SSLSocket)f.createSocket(HTTPS\u主机,HTTPS\u端口);
c、 startHandshake();
BufferedWriter w=新的BufferedWriter(新的OutputStreamWriter(
c、 getOutputStream());
BufferedReader r=新的BufferedReader(新的InputStreamReader(
c、 getInputStream());
打印作者出动次数=新打印作者(w);
字符串msgHTML=wrapHTML(PAN);
System.out.println(“客户的电子档案”);
出动次数println(msgHTML);
出动架次齐平();
//现在读一下插座
字符串m=null;

对于(int i=0;i您需要一个Java客户端不信任的服务器证书。Java使用信任库来确定它接受的证书。您需要从CA获取一个受信任的证书,或者将您的证书添加到信任库

如果您不想购买证书,那么您需要更新Java。似乎涵盖了忽略错误或添加证书所需的内容

nginx配置的相关部分是:


        ssl_certificate C:/nginx-1.7.9/ssl/ServerKeyStore.crt;
        ssl_certificate_key C:/nginx-1.7.9/ssl/ServerKeyStore.key;


您似乎知道这一点,因为您已经定义了自定义信任库:


    public static final String TRUSTTORE_LOCATION = "C:/CA/ClientKeyStore.jks";



因此,这应该只是向其中添加服务器证书。
是的,您错过的一个步骤是将密钥库中的证书添加到信任库中。您好,感谢您的快速回答。实际上,ServerKeyStore.crt和ServerKeyStore.key来自我创建的证书。我刚刚将keystore ServerKeyStore.jks转换为pem/key,因为nginx需要这种文件

    public static final String TRUSTTORE_LOCATION = "C:/CA/ClientKeyStore.jks";