Go – 反向代理到 Apache 代理错误:x509:由未知机构签名的证书

huangapple
go评论83阅读模式
英文:

Go - ReverseProxy to Apache proxy error: x509: certificate signed by unknown authority

问题

我有一些关于我自己编写的Go ReverseProxy 的问题。我想要将我的 Golang Web 服务器与 Apache Web 服务器连接起来。我的 Apache Web 服务器应该在 https 上运行,反向代理也是如此。所以我写了以下代码,但是我总是得到错误:proxy error: x509: certificate signed by unknown authority(代理错误:x509:证书由未知机构签名)。所以是不是 Apache 必须使用与 Apache 相同的证书,或者问题是什么?这里是一些代码片段,但我认为问题是证书的问题,没有 SSL 时一切都正常工作 Go – 反向代理到 Apache 代理错误:x509:由未知机构签名的证书

func (p *Proxy) directorApache(req *http.Request) {
    mainServer := fmt.Sprintf("%s:%d", Config.HostMain, Config.PortMain)
    req.URL.Scheme = "https"
    req.URL.Host = mainServer
}

func (p *Proxy) directorGo(req *http.Request) {
    goServer := fmt.Sprintf("%s:%d", Config.GoHost, Config.GoPort)
    req.URL.Scheme = "http"
    req.URL.Host = goServer
}

func (p *Proxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
    fmt.Println(req.URL.Path)
    if p.isGoRequest(req) {
        fmt.Println("GO")
        p.goProxy.ServeHTTP(rw, req)
        return
    }
    p.httpProxy.ServeHTTP(rw, req)
}

func main() {
    var configPath = flag.String("conf", "./configReverse.json", "Path to the Json config file.")
    flag.Parse()
    proxy := New(*configPath)

    cert, err := tls.LoadX509KeyPair(Config.PathCert, Config.PathPrivateKey)
    if err != nil {
        log.Fatalf("server: loadkeys: %s", err)
    }
    config := tls.Config{InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}}

    listener, err := net.Listen("tcp", net.JoinHostPort(proxy.Host, strconv.Itoa(proxy.Port)))
    if err != nil {
        log.Fatalf("server: listen: %s", err)
    }
    log.Printf("server: listening on %s")
    proxy.listener = tls.NewListener(listener, &config)

    serverHTTPS := &http.Server{
        Handler:   proxy.mux,
        TLSConfig: &config,
    }

    if err := serverHTTPS.Serve(proxy.listener); err != nil {
        log.Fatal("SERVER ERROR:", err)
    }
}

我尝试了很多次,并生成了几个自签名的 SSL 证书,但是没有解决我的问题。希望有人能帮助我。

问候,

David

英文:

i have some troubles with my own ReverseProxy i've written in Go. I want to connect my Golang-Webserver with my Apache Webserver. My Apache Webserver should be running on https and the Reverse-Proxy too. So i've written following code, but I always get the error: proxy error: x509: certificate signed by unknown authority.
So must the apache uses the same certificate as the apache or what is the problem? Here some code snippets but I think its a problem with the certificates without ssl everything works fine Go – 反向代理到 Apache 代理错误:x509:由未知机构签名的证书

func (p *Proxy) directorApache(req *http.Request) {
mainServer := fmt.Sprintf("%s:%d", Config.HostMain, Config.PortMain)
req.URL.Scheme = "https"
req.URL.Host = mainServer
}
func (p *Proxy) directorGo(req *http.Request) {
goServer := fmt.Sprintf("%s:%d", Config.GoHost, Config.GoPort)
req.URL.Scheme = "http"
req.URL.Host = goServer
}
func (p *Proxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
fmt.Println(req.URL.Path)
if p.isGoRequest(req) {
fmt.Println("GO")
p.goProxy.ServeHTTP(rw, req)
return
}
p.httpProxy.ServeHTTP(rw, req)
}
func main() {
var configPath = flag.String("conf", "./configReverse.json", "Path to the Json config file.")
flag.Parse()
proxy := New(*configPath)
cert, err := tls.LoadX509KeyPair(Config.PathCert, Config.PathPrivateKey)
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}}
listener, err := net.Listen("tcp",
net.JoinHostPort(proxy.Host, strconv.Itoa(proxy.Port)))
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Printf("server: listening on %s")
proxy.listener = tls.NewListener(listener, &config)
serverHTTPS := &http.Server{
Handler:   proxy.mux,
TLSConfig: &config,
}
if err := serverHTTPS.Serve(proxy.listener); err != nil {
log.Fatal("SERVER ERROR:", err)
}
}

I tried a lot and generated several self-signed SSL-Certificates but nothing solved my problem.
Hope somebody can help me.

greetings

David

答案1

得分: 12

如果您在后端服务器中使用自签名证书,您需要告诉代理的HTTP客户端不要验证证书。

您可以覆盖http包的默认设置:

http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

或者为您的代理创建一个新的Transport:

httpProxy.Transport = &http.Transport{
    Proxy: http.ProxyFromEnvironment,
    Dial: (&net.Dialer{
        Timeout:   30 * time.Second,
        KeepAlive: 30 * time.Second,
    }).Dial,
    TLSHandshakeTimeout: 10 * time.Second,
    TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
英文:

If you're using a self-signed certificate in the backend server, you need to tell your proxy's http client to not verify the certificate.

You can override the default for the http package:

http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

Or create a new Transport specifically for your proxy:

httpProxy.Transport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout:   30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

huangapple
  • 本文由 发表于 2015年12月14日 22:32:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/34269540.html
  • go
  • reverse-proxy
  • ssl-certificate
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定