0
我在不同的AWS實例中設置了兩個esb服務器(集羣),並且我使用Apache LB來執行負載平衡部分。我無法指定其他實例(甚至是同一實例)的IP,因爲它提供了以下安全問題,可以在apapche error.log中找到但我可以使用localhost而不是ip(對於同一臺服務器)並且它可以工作。我的apache配置位於錯誤日誌的下面。我想我需要向esb的客戶端商店添加一個證書。如果是這樣,請指導我如何做到這一點(我試圖指定IP作爲CN,但沒有運氣)。否則我在這裏做錯了什麼?帶有Apache負載均衡器的WSO2 ESB:Cert與名稱不匹配
[Tue Oct 06 15:55:52.803633 2015] [proxy:debug] [pid 16827:tid 140445371795200] proxy_util.c(2610): AH00962: HTTPS: connection complete to 172.31.25.41:9443 (172.31.25.41)
[Tue Oct 06 15:55:52.803645 2015] [ssl:info] [pid 16827:tid 140445371795200] [remote 172.31.25.41:9443] AH01964: Connection to child 0 established (server esb.wso2.com:443)
[Tue Oct 06 15:55:52.824988 2015] [ssl:debug] [pid 16827:tid 140445371795200] ssl_engine_kernel.c(1381): [remote 172.31.25.41:9443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=localhost,O=WSO2,L=Mountain View,ST=CA,C=US/issuer: CN=localhost,O=WSO2,L=Mountain View,ST=CA,C=US/serial: 4B7E3782/notbefore: Feb 19 07:02:26 2010 GMT/notafter: Feb 13 07:02:26 2035 GMT]
[Tue Oct 06 15:55:52.825028 2015] [ssl:debug] [pid 16827:tid 140445371795200] ssl_engine_kernel.c(1381): [remote 172.31.25.41:9443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=localhost,O=WSO2,L=Mountain View,ST=CA,C=US/issuer: CN=localhost,O=WSO2,L=Mountain View,ST=CA,C=US/serial: 4B7E3782/notbefore: Feb 19 07:02:26 2010 GMT/notafter: Feb 13 07:02:26 2035 GMT]
[Tue Oct 06 15:55:52.846640 2015] [ssl:debug] [pid 16827:tid 140445371795200] ssl_engine_kernel.c(1844): [remote 172.31.25.41:9443] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-DES-CBC3-SHA (168/168 bits)
[Tue Oct 06 15:55:52.846678 2015] [ssl:debug] [pid 16827:tid 140445371795200] ssl_util_ssl.c(407): AH02412: [esb.wso2.com:443] Cert does not match for name '172.31.25.41' [subject: CN=localhost,O=WSO2,L=Mountain View,ST=CA,C=US/issuer: CN=localhost,O=WSO2,L=Mountain View,ST=CA,C=US/serial: 4B7E3782/notbefore: Feb 19 07:02:26 2010 GMT/notafter: Feb 13 07:02:26 2035 GMT]
[Tue Oct 06 15:55:52.846684 2015] [ssl:info] [pid 16827:tid 140445371795200] [remote 172.31.25.41:9443] AH02411: SSL Proxy: Peer certificate does not match for hostname 172.31.25.41
[Tue Oct 06 15:55:52.846697 2015] [ssl:info] [pid 16827:tid 140445371795200] [remote 172.31.25.41:9443] AH01998: Connection closed to child 0 with abortive shutdown (server esb.wso2.com:443)
[Tue Oct 06 15:55:52.846716 2015] [proxy:error] [pid 16827:tid 140445371795200] (502)Unknown error 502: [client 123.231.123.216:42158] AH01084: pass request body failed to 172.31.25.41:9443 (172.31.25.41)
[Tue Oct 06 15:55:52.846730 2015] [proxy:error] [pid 16827:tid 140445371795200] [client 123.231.123.216:42158] AH00898: Error during SSL Handshake with remote server returned by/
[Tue Oct 06 15:55:52.846733 2015] [proxy_http:error] [pid 16827:tid 140445371795200] [client 123.231.123.216:42158] AH01097: pass request body failed to 172.31.25.41:9443 (172.31.25.41) from 123.231.123.216()
[Tue Oct 06 15:55:52.846736 2015] [proxy:debug] [pid 16827:tid 140445371795200] proxy_util.c(2035): AH00943: HTTPS: has released connection for (172.31.25.41)
[Tue Oct 06 15:55:52.846759 2015] [proxy_balancer:debug] [pid 16827:tid 140445371795200] mod_proxy_balancer.c(668): [client 123.231.123.216:42158] AH01176: proxy_balancer_post_request for (balancer://ssl.wso2.esb.com)
Apache config。
<VirtualHost *:443>
ServerName mgt.esb.wso2.com
ProxyRequests off
LogLevel debug
ProxyPass/https://<pvt_ip>:9443/carbon/ *** I can use localhost here and it work
ProxyPassReverse/https://<pvt_ip>:9443/carbon/
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/mgt.crt
SSLCertificateKeyFile /etc/apache2/ssl/mgt.key
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
</VirtualHost>