使用 SSL 的基本 Redbird 反向代理不适用于 Ubuntu 服务器 14.04
Basic Redbird reverse proxy with SSL doesn't work on Ubuntu Server 14.04
这有效,通过转到 https://sensorypanel.net:
进行测试
var fs = require('fs');
var http = require('http');
http.createServer(function(req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(80, '0.0.0.0');
var https = require('https');
var options = {
key: fs.readFileSync('certs/sensorypanel.net/sensorypanel_net-key.pem'),
cert: fs.readFileSync('certs/sensorypanel.net/sensorypanel_net.crt'),
ca: fs.readFileSync('certs/ca_bundle.crt')
};
https.createServer(options, function(req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello SSL World\n');
}).listen(443, '0.0.0.0');
但是使用 Redbird 作为反向代理,这不起作用:
var redbird = require('redbird'),
http = require('http');
var proxy = redbird({
port: 80,
ssl: {
port: 443,
key: 'certs/sensorypanel.net/sensorypanel_net-key.pem',
cert: 'certs/sensorypanel.net/sensorypanel_net.crt',
ca: 'certs/ca_bundle.crt'
}
});
proxy.register('sensorypanel.net', 'http://localhost:4001', {ssl: true});
http.createServer(function(req, res) {
console.log('Got a request!');
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(4001, '0.0.0.0');
连接不会立即被拒绝。它只是挂起。我仍然可以通过 http://sensorypanel.net:4001 绕过代理,它验证底层 HTTP 服务是否正常工作。防火墙已关闭。
这是日志示例:
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":30,"msg":"Listening to HTTPS requests on port 443","time":"2015-08-26T04:46:05.919Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":30,"msg":"80 'Started a Redbird reverse proxy server'","time":"2015-08-26T04:46:05.925Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":30,"from": {"protocol":"http:","slashes":true,"auth":null,"host":"sensorypanel.net","port":null,"hostname":"sensorypanel.net","hash":null,"search":null,"query":null,"pathname":"/","path":"/","href":"http://sensorypanel.net/"},"to": {"protocol":"http:","slashes":true,"auth":null,"host":"localhost:4001","port":"4001","hostname":"localhost","hash":null,"search":null,"query":null,"pathname":"/","path":"/","href":"http://localhost:4001/","sslRedirect":true,"useTargetHostHeader":false},"msg":"Registered a new route","time":"2015-08-26T04:46:05.931Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":50,"err":{"message":"socket hang up","name":"Error","stack":"Error: socket hang up\n at TLSSocket.<anonymous> (_tls_wrap.js:664:25)\n at TLSSocket.emit (events.js:107:17)\n at TCP.close (net.js:485:12)","code":"ECONNRESET"},"msg":"HTTPS Client Error","time":"2015-08-26T04:46:27.847Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":50,"err":{"message":"socket hang up","name":"Error","stack":"Error: socket hang up\n at TLSSocket.<anonymous> (_tls_wrap.js:664:25)\n at TLSSocket.emit (events.js:107:17)\n at TCP.close (net.js:485:12)","code":"ECONNRESET"},"msg":"HTTPS Client Error","time":"2015-08-26T04:46:41.931Z","v":0}
这是 2015 年 10 月 27 日 here and here. It was caused by a change in some node.js API and it was fixed in this commit 报告的 redbird 中的一个错误。如果您有同样的问题,您应该将您的 redbird 升级到更新的版本。
这有效,通过转到 https://sensorypanel.net:
进行测试var fs = require('fs');
var http = require('http');
http.createServer(function(req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(80, '0.0.0.0');
var https = require('https');
var options = {
key: fs.readFileSync('certs/sensorypanel.net/sensorypanel_net-key.pem'),
cert: fs.readFileSync('certs/sensorypanel.net/sensorypanel_net.crt'),
ca: fs.readFileSync('certs/ca_bundle.crt')
};
https.createServer(options, function(req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello SSL World\n');
}).listen(443, '0.0.0.0');
但是使用 Redbird 作为反向代理,这不起作用:
var redbird = require('redbird'),
http = require('http');
var proxy = redbird({
port: 80,
ssl: {
port: 443,
key: 'certs/sensorypanel.net/sensorypanel_net-key.pem',
cert: 'certs/sensorypanel.net/sensorypanel_net.crt',
ca: 'certs/ca_bundle.crt'
}
});
proxy.register('sensorypanel.net', 'http://localhost:4001', {ssl: true});
http.createServer(function(req, res) {
console.log('Got a request!');
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(4001, '0.0.0.0');
连接不会立即被拒绝。它只是挂起。我仍然可以通过 http://sensorypanel.net:4001 绕过代理,它验证底层 HTTP 服务是否正常工作。防火墙已关闭。
这是日志示例:
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":30,"msg":"Listening to HTTPS requests on port 443","time":"2015-08-26T04:46:05.919Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":30,"msg":"80 'Started a Redbird reverse proxy server'","time":"2015-08-26T04:46:05.925Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":30,"from": {"protocol":"http:","slashes":true,"auth":null,"host":"sensorypanel.net","port":null,"hostname":"sensorypanel.net","hash":null,"search":null,"query":null,"pathname":"/","path":"/","href":"http://sensorypanel.net/"},"to": {"protocol":"http:","slashes":true,"auth":null,"host":"localhost:4001","port":"4001","hostname":"localhost","hash":null,"search":null,"query":null,"pathname":"/","path":"/","href":"http://localhost:4001/","sslRedirect":true,"useTargetHostHeader":false},"msg":"Registered a new route","time":"2015-08-26T04:46:05.931Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":50,"err":{"message":"socket hang up","name":"Error","stack":"Error: socket hang up\n at TLSSocket.<anonymous> (_tls_wrap.js:664:25)\n at TLSSocket.emit (events.js:107:17)\n at TCP.close (net.js:485:12)","code":"ECONNRESET"},"msg":"HTTPS Client Error","time":"2015-08-26T04:46:27.847Z","v":0}
{"name":"redbird","hostname":"sensorypanel.net","pid":1370,"level":50,"err":{"message":"socket hang up","name":"Error","stack":"Error: socket hang up\n at TLSSocket.<anonymous> (_tls_wrap.js:664:25)\n at TLSSocket.emit (events.js:107:17)\n at TCP.close (net.js:485:12)","code":"ECONNRESET"},"msg":"HTTPS Client Error","time":"2015-08-26T04:46:41.931Z","v":0}
这是 2015 年 10 月 27 日 here and here. It was caused by a change in some node.js API and it was fixed in this commit 报告的 redbird 中的一个错误。如果您有同样的问题,您应该将您的 redbird 升级到更新的版本。