我正在尝试设置让我们在用 Go 编写的负载均衡器上进行加密,我尝试了自动和手动设置,但总是出错。
该域正确指向我们的服务器(Digital Ocean),我什至可以从浏览器打开该网站而不会出现错误,而且 ssl 检查报告该域上没有错误。事实是,当我从 CLI 在服务器上运行 Go 可执行文件时,我反复收到错误。
- 自动(acme/autocert)设置:
服务器代码是,当我在服务器启动后第一次从浏览器查看域时,会创建证书和密钥:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}))
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(app.Cfg.S_HOST), //your domain here
Cache: autocert.DirCache("certs"), //folder for storing certificates
}
server := &http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
ServerName: app.Cfg.S_HOST,
GetCertificate: certManager.GetCertificate,
},
}
if err := server.ListenAndServeTLS("", ""); err != nil {
print(err.Error())
} //key and cert are comming from Let's Encrypt
我收到这些错误:
http:来自(ip)的TLS握手错误:59451:读取tcp(myserver IP):443->(ip):59451:读取:连接由对等方重置
hello.ServerName 空:2017/04/01 17:14:38 http:来自 (ip) 的 TLS 握手错误:58193:acme/autocert:缺少服务器名称
http:来自 (ip) 的 TLS 握手错误:45822:acme/autocert:主机未配置
http:来自 (ip) 的 TLS 握手错误:58440:EOF
然后我还尝试手动创建证书(成功)并简化使用该代码,但我一次又一次地收到错误:
服务器代码是:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}))
// ssl["cert"] and ssl["key"] are the cert and key path (letsencrypt/live...)
if err := http.ListenAndServeTLS(sslAddr, ssl["cert"], ssl["key"], nil); err != nil {
errs <- err
}
Errors:
http2:服务器:从客户端读取前言时出错(ip):10319:伪造
问候语“POST / HTTP/1.1\r\n主机:4”
http:来自 (ip) 的 TLS 握手错误:10322:EOF
http:来自(ip)的TLS握手错误:13504:读取tcp(我的服务器ip):443->(ip):13504:读取:连接由对等方重置
http2:服务器:从客户端读取前言时出错(ip):9672:等待客户端前言超时
有人能帮助我吗?谢谢