haproxy，letsencrypt，nginx - 错误加载页面

Question

尝试使用 Haproxy（安装在负载均衡器服务器上）+ Lets Encrypt（安装在负载均衡器服务器上）+ Nginx（安装在工作节点上）加载 https 页面时出错。请在这方面需要您的帮助（P.S. Http 效果很好！）。下面我附上了配置文件：

UFW 规则（所有节点）：

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
21                         ALLOW       Anywhere                  
3306,4444,4567,4568/tcp    ALLOW       Anywhere                  
4567/udp                   ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
8444                       ALLOW       Anywhere                  
8445                       ALLOW       Anywhere                  
8443/tcp                   ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
21 (v6)                    ALLOW       Anywhere (v6)             
3306,4444,4567,4568/tcp (v6) ALLOW       Anywhere (v6)             
4567/udp (v6)              ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
8444 (v6)                  ALLOW       Anywhere (v6)             
8445 (v6)                  ALLOW       Anywhere (v6)             
8443/tcp (v6)              ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)        

/etc/haproxy/haproxy.cfg

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-A>
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY130>
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
        tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 50000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend serv
        bind :80
        bind :443 ssl crt /etc/haproxy/certs/sp.net.pem
        default_backend serv
        option forwardfor

backend serv
        balance roundrobin
        server  spnode1   192.168.88.30:80 check
        server  spnode2   192.168.88.29:80 check

要为 Haproxy 创建单个 .pem 文件，使用了以下代码：

DOMAIN='sp.net' sudo -E bash -c 'cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/letsencrypt/live/$DOMAIN/privkey.pem > /etc/haproxy/certs/$DOMAIN.pem'

最终文件已粘贴到目录 /etc/haproxy/certs/

感谢您的帮助！

Answer 1

我通过主机修改解决了我的问题： 纳米 /etc/hosts
添加下一行

192.168.88.39 sp.net
93.188.37.*** sp.net