我有一个AWS private Network Load Balancer带有侦听器的设置,TCP 443附加到此侦听器的目标组也在端口 443 上运行。附加到此目标的实例正在Apache 2.4运行Centos 7。
Web 服务器配置已经过双重检查,当我运行以下命令时它可以工作。
这里 xxxx 是实例的私有 IP 地址。
$ curl -kv https://x.x.x.x
上述命令适用于 VPC。
但是当我使用私有 NLB 域名时:
$ curl -kv https://some-unique-id.elb.region.amazonaws.com
它给出了以下错误:
* About to connect() to some-unique-id.elb.region.amazonaws.com port 443 (#0)
* Trying x.x.x.x...
* Connected to some-unique-id.elb.region.amazonaws.com (x.x.x.x) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.
配置总结
- 实例操作系统 = Centos 7.7
- 网络服务器 = Apache 2.4
- AWS NLB 面向内部
- NLB 有监听器
TCP 443
我已经在端口 80 上尝试过,一切正常,但我在 443 上遇到了这个问题,我为此搜索了很多,大多数答案都指出 Apache 上的某些配置缺失,但我所有这些都已经配置在我的 conf 文件中。任何指导都会有所帮助。
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost x.x.x.x:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLVerifyClient none
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
DocumentRoot /path/to/my/app
<Directory "/path/to/my/app">
Options -Indexes -FollowSymLinks -Includes -ExecCGI -MultiViews
AllowOverride all
Allow from all
Require all granted
</Directory>
</VirtualHost>