如何使用Redbird反向代理配置安全(HTTPS)域 [英] How to configure a secure (HTTPS) domain with Redbird reverse proxy

问题描述

我想知道如何使用Redbird代理正确配置安全域.基本的信息有点令人困惑，因为示例有些零散.我想应该可以自动使用letsencrypt(在那里声称).

I’d like to know how to configure a secure domain with Redbird proxy properly. The basic info is a bit confusing because examples are slightly fragmented. I suppose it should be possible with letsencrypt automatically (as claimed there).

我尝试过:

   var proxy = require('redbird')({
     port:80,
     ssl: {
       port: 3000,
       letsencrypt: {
           path: '../SSL-certs',
       }
     }
   });
  proxy.register('secure-web.net', 'http://xx.xx.xxx.xxx:8080',{
      ssl: {
        letsencrypt: {
          email: 'my@mail.com'
        }
      }
  });
  proxy.register('insecure-web.net', 'http://xx.xxx.xx.xxx:6881');

终端抛出(当我尝试访问页面时):

Terminal throws (when I try to visit the page):

{"name":"redbird","hostname":"honza-kvm","pid":3089,"level":50,"err":{"message":"140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n","name":"Error","stack":"Error: 140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n"},"msg":"HTTPS Client  Error","time":"2016-11-08T13:03:37.979Z","v":0}

Firefox抛出:

Firefox throws:

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

目录SSL-certs故意为空(似乎应该按照手册页显示)，但也许我需要一些有关通过Redbird通常使用letsencrypt的重要信息.

The directory SSL-certs is intentionally empty (it seems it should be according to the manual page) but maybe I need some important info about using letsencrypt via Redbird in general.

推荐答案

此示例启用了HTTP和https到我现有的本地主机:8080.

This example enabled http and https to my existing localhost:8080.

var proxy = require('redbird')({
  port: 80
  xfwd: false,
  letsencrypt: {
    path: "certs",
    port: 3000
  },
  ssl: {
    port: 443
  }
});

proxy.register("www.example.com", "http://localhost:8080", {
    ssl: {
    letsencrypt: {
      email: "me@example.com",
      production: false
      }
    }
});

另外，当从production:false切换到production:true时，我发现证书颁发者仍然是

Also, when switching from production:false to production:true, I found the certificate issuer was still

假LE中级X1

Fake LE Intermediate X1

我完全删除了certs目录的内容，并重新启动了代理以查找

I completely removed the contents of the certs dir, and restarted the proxy to find

让我们的加密机构X3

Let's Encrypt Authority X3

这篇关于如何使用Redbird反向代理配置安全(HTTPS)域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！