nginx proxy_pass请求到FQDN，而无需转换为IP

发布于 2025-01-23 14:41:47 字数 1221 浏览 1 评论 0原文

我正在尝试使用nganx向公共fqdn进行代理_pass请求。服务器的LB仅配置为使用FQDN访问时响应请求，并在使用IP访问时获得SSL手动错误。

我的问题是，NGINX隐式将FQDN转换为IPS集，并一一尝试尝试并失败。有没有将nginx proxy_pass的方法不转换为IP并将请求路由到FQDN上游的方法？

        location /public/api {
            proxy_pass https://public.server.com/api;
            proxy_set_header Host $host;
    }

2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip1>:443/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip2>43/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip3>:443/<api>", host: "<ip>"

原文

I am trying to proxy_pass requests using nginx to a public fqdn.
The server has LB configured only to respond to requests when accessed using fqdn and get an ssl hand shake error when accessed using IP.

My issue is that the nginx is implicitly converting the fqdn to set of IPs and trying them one by one and failing.
Is there a way have nginx proxy_pass without converting the fqdn to IP and route the request to upstream at fqdn?

        location /public/api {
            proxy_pass https://public.server.com/api;
            proxy_set_header Host $host;
    }

2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip1>:443/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip2>43/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip3>:443/<api>", host: "<ip>"

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

初雪 2025-01-30 14:41:47

添加客户端证书和私钥以验证NGINX和每个后端服务器。使用proxy_ssl_certificate和proxy_ssl_ssl_certificate_key指令：

location /public/api {
   proxy_pass https://public.server.com/api;
   proxy_set_header Host $host;
   proxy_ssl_certificate     /etc/nginx/client.pem;  
   proxy_ssl_certificate_key /etc/nginx/client.key  
}

Add client certificate and private key to verify nginx and each back-end server. Using proxy_ssl_certificate and proxy_ssl_certificate_key instruction:

location /public/api {
   proxy_pass https://public.server.com/api;
   proxy_set_header Host $host;
   proxy_ssl_certificate     /etc/nginx/client.pem;  
   proxy_ssl_certificate_key /etc/nginx/client.key  
}

回复收藏 0 原文

~没有更多了~