我正在尝试让 fastify 在端口 3000 上侦听 https 请求。 Fastify 正在监听端口 3000 ,但是当我尝试发送curl命令
curl -k https://example.com:3000/ -v Trying 35.245.34.146...
* TCP_NODELAY set
* Connected to example.com (35.245.34.146) port 3000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
我设置了 tcpdump 来捕获端口 3000 上的流量,这就是我得到的
14:11:23.046591 IP 100.8.170.2.52475 > 10.150.0.2.3000: tcp 0
0x0000: 4500 0040 0000 4000 3a06 2816 6408 aa02 E..@..@.:.(.d...
0x0010: 0a96 0002 ccfb 0bb8 2524 14bd 0000 0000 ........%$......
0x0020: b002 ffff 6070 0000 0204 05b4 0103 0306 ....`p..........
0x0030: 0101 080a 4ad5 607f 0000 0000 0402 0000 ....J.`.........
14:11:23.046638 IP 10.150.0.2.3000 > 100.8.170.2.52475: tcp 0
0x0000: 4500 003c 0000 4000 4006 221a 0a96 0002 E..<..@.@.".....
0x0010: 6408 aa02 0bb8 ccfb 2b60 9883 2524 14be d.......+`..%$..
0x0020: a012 fd00 18d1 0000 0204 058c 0402 080a ................
0x0030: 9e6d c7ce 4ad5 607f 0103 0307 .m..J.`.....
14:11:23.066491 IP 100.8.170.2.52475 > 10.150.0.2.3000: tcp 0
0x0000: 4500 0034 0000 4000 3a06 2822 6408 aa02 E..4..@.:.("d...
0x0010: 0a96 0002 ccfb 0bb8 2524 14be 2b60 9884 ........%$..+`..
0x0020: 8010 0814 6de8 0000 0101 080a 4ad5 6092 ....m.......J.`.
0x0030: 9e6d c7ce .m..
14:11:23.086786 IP 100.8.170.2.52475 > 10.150.0.2.3000: tcp 235
0x0000: 4500 011f 0000 4000 3a06 2737 6408 aa02 E.....@.:.'7d...
0x0010: 0a96 0002 ccfb 0bb8 2524 14be 2b60 9884 ........%$..+`..
0x0020: 8018 0814 432f 0000 0101 080a 4ad5 60a7 ....C/......J.`.
0x0030: 9e6d c7ce 1603 0100 e601 0000 e203 03da .m..............
0x0040: 6cf3 41d6 0aba 42c3 5e03 d368 bb85 d01c l.A...B.^..h....
0x0050: 576a 3ce9 e7b8 208f 49d6 0c28 094d 5000 Wj<.....I..(.MP.
0x0060: 005c c030 c02c c028 c024 c014 c00a 009f .\.0.,.(.$......
0x0070: 006b 0039 cca9 cca8 ccaa ff85 00c4 0088 .k.9............
0x0080: 0081 009d 003d 0035 00c0 0084 c02f c02b .....=.5...../.+
0x0090: c027 c023 c013 c009 009e 0067 0033 00be .'.#.......g.3..
0x00a0: 0045 009c 003c 002f 00ba 0041 c011 c007 .E...<./...A....
0x00b0: 0005 0004 c012 c008 0016 000a 00ff 0100 ................
0x00c0: 005d 0000 0015 0013 0000 1075 7064 6174 .].......example
0x00d0: 6573 6469 6172 792e 636f 6d00 0b00 0201 .com.....
0x00e0: 0000 0a00 0800 0600 1d00 1700 1800 0d00 ................
0x00f0: 1c00 1a06 0106 03ef ef05 0105 0304 0104 ................
0x0100: 03ee eeed ed03 0103 0302 0102 0300 1000 ................
0x0110: 0e00 0c02 6832 0868 7474 702f 312e 31 ....h2.http/1.1
14:11:23.086829 IP 10.150.0.2.3000 > 100.8.170.2.52475: tcp 0
0x0000: 4500 0034 6647 4000 4006 bbda 0a96 0002 E..4fG@.@.......
0x0010: 6408 aa02 0bb8 ccfb 2b60 9884 2524 15a9 d.......+`..%$..
0x0020: 8010 01f9 18c9 0000 0101 080a 9e6d c7f7 .............m..
0x0030: 4ad5 60a7 J.`.
快速设置
const fs = require('fs');
const path = require('path');
const fastify = require('fastify')(
{ logger: true},
{
http2: true,
https: {
cert: fs.readFileSync(path.resolve(__dirname,'../../etc/letsencrypt/live/example.com/cert.pem')),
key: fs.readFileSync(path.resolve(__dirname,'../../etc/letsencrypt/live/example.com/privkey.pem')),
secureProtocol: 'TLSv1.2'
}
}
);
http 工作正常
curl -k http://example.com:3000/ -v 我也尝试过在`
中的
/etc/apache2/sites-enabled/000-default-le-ssl.conf中进行此更改
<VirtualHost *:443 *:3000>
但是我在curl命令中得到了相同的结果
CONNECT_CR_SRVR_HELLO:wrong version number有人可以帮忙看看我怎样才能得到 https 的回复吗?
ProxyPassReverse将其包含在 apache2 上的
/etc/apache2/sites-enabled/000-default-le-ssl.confProxyPreserveHost On
ProxyPass /path http://127.0.0.1:3000/path1
ProxyPassReverse /path http://127.0.0.1:3000/path1
其中
/path/path1在 fastify 方面,你的 server.js 的基本形式看起来就像 thuis
fastify.register(httpProxy, {
upstream: 'https://upstream.com',
prefix: '/path1',
});
确保 fastify 监听 3000,在此设置中无需让 fastify 监听 https
最后一个例子,来自客户端的请求将如下所示。
https://yourdomain.com/path/svc/searchhttps://upstream.com/svc/search