主机名/IP不';t匹配证书';在NGINX后面运行Node.js时,s altnames iptable
我在停靠环境中运行node和nginx(nginx将端口2443上的流量转发到节点上的3000,iptables转发443>2443)。我连接到服务器没有问题,但是当我的后端尝试将文件上载到S3时,我得到:主机名/IP不';t匹配证书';在NGINX后面运行Node.js时,s altnames iptable,node.js,nginx,proxy,ssl-certificate,Node.js,Nginx,Proxy,Ssl Certificate,我在停靠环境中运行node和nginx(nginx将端口2443上的流量转发到节点上的3000,iptables转发443>2443)。我连接到服务器没有问题,但是当我的后端尝试将文件上载到S3时,我得到: Error: Hostname/IP doesn't match certificate's altnames: "Host: [s3bucket].s3.amazonaws.com. is not in the cert's altnames: DNS:[mydomain].com, DN
Error: Hostname/IP doesn't match certificate's altnames: "Host: [s3bucket].s3.amazonaws.com. is not in the cert's altnames: DNS:[mydomain].com, DNS:www.[mydomain].com"
(s3 bucket名称中没有句点-已在其他帖子中报告为问题)
My app.js包括:
// Trust local proxies
app.set('trust proxy', true);
app.set('trust proxy', 'loopback');
我的nginx配置:
server { # simple reverse-proxy
listen 2443;
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
access_log logs/all.access.log main;
client_max_body_size 50M;
# pass requests for dynamic content
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://webserver:3000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
那么,如何避免证书不匹配?我的nginx配置中是否存在问题。我是否需要在app.js中执行其他操作?使用iptables会影响主机吗