nginx上游的客户端证书不工作
对于nginx,我尽可能地遵循此指南: 这就是结果nginx上游的客户端证书不工作,nginx,openssl,mqtt,Nginx,Openssl,Mqtt,对于nginx,我尽可能地遵循此指南: 这就是结果 stream{ upstream broker { server 10.110.0.4:1883 fail_timeout=10s max_fails=1; server 10.110.0.3:1883 fail_timeout=10s max_fails=1; server 10.110.0.6:1883 fail_timeout=10s max_fa
stream{
upstream broker {
server 10.110.0.4:1883 fail_timeout=10s max_fails=1;
server 10.110.0.3:1883 fail_timeout=10s max_fails=1;
server 10.110.0.6:1883 fail_timeout=10s max_fails=1;
}
server {
error_log /var/log/nginx/mqtt_error.log debug;
ssl_certificate /etc/nginx/ssl/mqtt.domain.com/server.crt;
ssl_certificate_key /etc/nginx/ssl/mqtt.domain.com/server.key;
ssl_client_certificate /root/clientca/ca.crt;
ssl_verify_client on;
ssl_protocols TLSv1.2;
listen mqtt.domain.com:8883 ssl;
proxy_pass broker;
proxy_ssl_server_name on;
proxy_connect_timeout 1s;
}
}
当我尝试连接mqtt客户端时,nginx中出现错误:
2021/04/28 07:34:20 [debug] 780885#780885: accept on 188.166.22.84:8883, ready: 1
2021/04/28 07:34:20 [debug] 780885#780885: posix_memalign: 0000563822D6D490:256 @16
2021/04/28 07:34:20 [debug] 780885#780885: *5 accept: 11.65.81.90:51256 fd:3
2021/04/28 07:34:20 [debug] 780885#780885: posix_memalign: 0000563822D6D6F0:256 @16
2021/04/28 07:34:20 [info] 780885#780885: *5 client 11.65.81.90:51256 connected to 111.166.22.84:8883
2021/04/28 07:34:20 [debug] 780885#780885: *5 posix_memalign: 0000563822D6D930:256 @16
2021/04/28 07:34:20 [debug] 780885#780885: *5 generic phase: 0
2021/04/28 07:34:20 [debug] 780885#780885: *5 generic phase: 1
2021/04/28 07:34:20 [debug] 780885#780885: *5 generic phase: 2
2021/04/28 07:34:20 [debug] 780885#780885: *5 tcp_nodelay
2021/04/28 07:34:20 [debug] 780885#780885: *5 posix_memalign: 0000563822D6D820:256 @16
2021/04/28 07:34:20 [debug] 780885#780885: *5 SSL_do_handshake: -1
2021/04/28 07:34:20 [debug] 780885#780885: *5 SSL_get_error: 2
2021/04/28 07:34:20 [debug] 780885#780885: *5 epoll add event: fd:3 op:1 ev:80002001
2021/04/28 07:34:20 [debug] 780885#780885: *5 event timer add: 3: 60000:9742886896
2021/04/28 07:34:20 [debug] 780885#780885: accept() not ready (11: Resource temporarily unavailable)
2021/04/28 07:34:25 [debug] 780885#780885: *5 SSL handshake handler: 0
2021/04/28 07:34:25 [debug] 780885#780885: *5 SSL_do_handshake: -1
2021/04/28 07:34:25 [debug] 780885#780885: *5 SSL_get_error: 2
2021/04/28 07:34:25 [debug] 780885#780885: *5 SSL handshake handler: 0
2021/04/28 07:34:25 [debug] 780885#780885: *5 SSL_do_handshake: -1
2021/04/28 07:34:25 [debug] 780885#780885: *5 SSL_get_error: 1
2021/04/28 07:34:25 [info] 780885#780885: *5 SSL_do_handshake() failed (SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48) while SSL handshaking, client: 11.65.81.90, server: 111.166.22.84:8883
2021/04/28 07:34:25 [debug] 780885#780885: *5 finalize stream session: 500
2021/04/28 07:34:25 [debug] 780885#780885: *5 stream log handler
2021/04/28 07:34:25 [debug] 780885#780885: *5 close stream connection: 3
2021/04/28 07:34:25 [debug] 780885#780885: *5 event timer del: 3: 9742886896
2021/04/28 07:34:25 [debug] 780885#780885: *5 reusable connection: 0
2021/04/28 07:34:25 [debug] 780885#780885: *5 free: 0000563822D6D490, unused: 64
2021/04/28 07:34:25 [debug] 780885#780885: *5 free: 0000563822D6D6F0, unused: 80
2021/04/28 07:34:25 [debug] 780885#780885: *5 free: 0000563822D6D930, unused: 80
2021/04/28 07:34:25 [debug] 780885#780885: *5 free: 0000563822D6D820, unused: 136
我在服务器端的经验很少
所以,我最终通过上面的链接解决了这个问题。以下是问题和解决方案列表: