【发布时间】:2021-11-10 17:55:25
【问题描述】:
我试图通过将上游服务器作为代理来终止 NGINX 上的 SSL。 工作环境在 localhost。
我已经尽一切努力抑制错误,但它不会
NGINX 配置
stream {
upstream stream_backend {
server localhost:5011;
}
server {
listen 80;
listen 443 ssl;
proxy_pass stream_backend;
ssl_certificate /etc/ssl/certs/proxypool.crt;
ssl_certificate_key /etc/ssl/private/proxypool.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_timeout 4h;
ssl_session_cache shared:SSL:20m;
}
}
我生成证书的方式
sudo openssl req -x509 -nodes -days 9999 -newkey rsa:2048 \
-keyout /etc/ssl/private/proxypool.key \
-out /etc/ssl/certs/proxypool.crt
*所有提示的答案都是空的
我执行请求的方式
proxies = {
'http': 'http://localhost',
'https': 'https://localhost'
}
response = requests.post(
'https://api.ipify.org?format=json',
proxies=proxies,
verify="/etc/ssl/certs/proxypool.pem"
)
错误
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.ipify.org', port=443): Max retries exceeded with url: /?format=json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))
我尝试过的事情没有成功
- 传递
verify=False。结果certificate verify failed: Hostname mismatch, certificate is not valid for 'localhost' - 使用SSL verification bypass context
【问题讨论】:
标签: python nginx ssl ssl-certificate