英文:
Go - ReverseProxy to Apache proxy error: x509: certificate signed by unknown authority
问题
我有一些关于我自己编写的Go ReverseProxy 的问题。我想要将我的 Golang Web 服务器与 Apache Web 服务器连接起来。我的 Apache Web 服务器应该在 https 上运行,反向代理也是如此。所以我写了以下代码,但是我总是得到错误:proxy error: x509: certificate signed by unknown authority(代理错误:x509:证书由未知机构签名)。所以是不是 Apache 必须使用与 Apache 相同的证书,或者问题是什么?这里是一些代码片段,但我认为问题是证书的问题,没有 SSL 时一切都正常工作 
func (p *Proxy) directorApache(req *http.Request) {mainServer := fmt.Sprintf("%s:%d", Config.HostMain, Config.PortMain)req.URL.Scheme = "https"req.URL.Host = mainServer}func (p *Proxy) directorGo(req *http.Request) {goServer := fmt.Sprintf("%s:%d", Config.GoHost, Config.GoPort)req.URL.Scheme = "http"req.URL.Host = goServer}func (p *Proxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {fmt.Println(req.URL.Path)if p.isGoRequest(req) {fmt.Println("GO")p.goProxy.ServeHTTP(rw, req)return}p.httpProxy.ServeHTTP(rw, req)}func main() {var configPath = flag.String("conf", "./configReverse.json", "Path to the Json config file.")flag.Parse()proxy := New(*configPath)cert, err := tls.LoadX509KeyPair(Config.PathCert, Config.PathPrivateKey)if err != nil {log.Fatalf("server: loadkeys: %s", err)}config := tls.Config{InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}}listener, err := net.Listen("tcp", net.JoinHostPort(proxy.Host, strconv.Itoa(proxy.Port)))if err != nil {log.Fatalf("server: listen: %s", err)}log.Printf("server: listening on %s")proxy.listener = tls.NewListener(listener, &config)serverHTTPS := &http.Server{Handler: proxy.mux,TLSConfig: &config,}if err := serverHTTPS.Serve(proxy.listener); err != nil {log.Fatal("SERVER ERROR:", err)}}
我尝试了很多次,并生成了几个自签名的 SSL 证书,但是没有解决我的问题。希望有人能帮助我。
问候,
David
英文:
i have some troubles with my own ReverseProxy i've written in Go. I want to connect my Golang-Webserver with my Apache Webserver. My Apache Webserver should be running on https and the Reverse-Proxy too. So i've written following code, but I always get the error: proxy error: x509: certificate signed by unknown authority.
So must the apache uses the same certificate as the apache or what is the problem? Here some code snippets but I think its a problem with the certificates without ssl everything works fine
func (p *Proxy) directorApache(req *http.Request) {mainServer := fmt.Sprintf("%s:%d", Config.HostMain, Config.PortMain)req.URL.Scheme = "https"req.URL.Host = mainServer}func (p *Proxy) directorGo(req *http.Request) {goServer := fmt.Sprintf("%s:%d", Config.GoHost, Config.GoPort)req.URL.Scheme = "http"req.URL.Host = goServer}func (p *Proxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {fmt.Println(req.URL.Path)if p.isGoRequest(req) {fmt.Println("GO")p.goProxy.ServeHTTP(rw, req)return}p.httpProxy.ServeHTTP(rw, req)}func main() {var configPath = flag.String("conf", "./configReverse.json", "Path to the Json config file.")flag.Parse()proxy := New(*configPath)cert, err := tls.LoadX509KeyPair(Config.PathCert, Config.PathPrivateKey)if err != nil {log.Fatalf("server: loadkeys: %s", err)}config := tls.Config{InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}}listener, err := net.Listen("tcp",net.JoinHostPort(proxy.Host, strconv.Itoa(proxy.Port)))if err != nil {log.Fatalf("server: listen: %s", err)}log.Printf("server: listening on %s")proxy.listener = tls.NewListener(listener, &config)serverHTTPS := &http.Server{Handler: proxy.mux,TLSConfig: &config,}if err := serverHTTPS.Serve(proxy.listener); err != nil {log.Fatal("SERVER ERROR:", err)}}
I tried a lot and generated several self-signed SSL-Certificates but nothing solved my problem.
Hope somebody can help me.
greetings
David
答案1
得分: 12
如果您在后端服务器中使用自签名证书,您需要告诉代理的HTTP客户端不要验证证书。
您可以覆盖http包的默认设置:
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
或者为您的代理创建一个新的Transport:
httpProxy.Transport = &http.Transport{Proxy: http.ProxyFromEnvironment,Dial: (&net.Dialer{Timeout: 30 * time.Second,KeepAlive: 30 * time.Second,}).Dial,TLSHandshakeTimeout: 10 * time.Second,TLSClientConfig: &tls.Config{InsecureSkipVerify: true},}
英文:
If you're using a self-signed certificate in the backend server, you need to tell your proxy's http client to not verify the certificate.
You can override the default for the http package:
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
Or create a new Transport specifically for your proxy:
httpProxy.Transport = &http.Transport{Proxy: http.ProxyFromEnvironment,Dial: (&net.Dialer{Timeout: 30 * time.Second,KeepAlive: 30 * time.Second,}).Dial,TLSHandshakeTimeout: 10 * time.Second,TLSClientConfig: &tls.Config{InsecureSkipVerify: true},}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论