[GitHub] [apisix-docker] liyin37 opened a new issue #106: 9443 端口无法请求

Thu, 17 Dec 2020 19:25:26 -0800 


liyin37 opened a new issue #106:
URL: https://github.com/apache/apisix-docker/issues/106


   当前是用docker方式部署的,直接用的是官方example下的示例docker-compose.yaml
   
   公网可以测试:
   
error:https://gisuni.top:9443/apisix/admin/routes?X-API-KEY=edd1c9f034335f136f87ad84b625c8f1
 
   
![image](https://user-images.githubusercontent.com/42507175/102570697-d8fbb480-4122-11eb-8968-8d850a77f242.png)
   
   
right:http://gisuni.top:9080/apisix/admin/routes?X-API-KEY=edd1c9f034335f136f87ad84b625c8f1
 
   报错为:
   2020/12/18 03:20:07 [error] 52#52: *228173 [lua] radixtree_sni.lua:219: 
match_and_set(): failed to find any SSL certificate by SNI: gisuni.top, 
context: ssl_certificate_by_lua*, client: 118.114.197.21, server: 0.0.0.0:9443
   
   配置文件config.yaml:
     ssl:
       enable: true                 # ssl is disabled by default
                                     # enable it to use your own cert and key
       enable_http2: true
       listen_port: 9443
       # ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with 
trusted CA certificates in the PEM format
                                                   # used to verify the 
certificate when APISIX needs to do SSL/TLS handshaking
                                                   # with external services 
(e.g. etcd)
       ssl_cert: /usr/local/apisix/conf/cert/server.cert
       ssl_cert_key: /usr/local/apisix/conf/cert/server.key
       ssl_protocols: "TLSv1.2 TLSv1.3"
       ssl_ciphers: 
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
       ssl_session_tickets: false              #  disable ssl_session_tickets 
by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
                                               #  ref: 
https://github.com/mozilla/server-side-tls/issues/135
       key_encrypt_salt: "edd1c9f0985e76a2"    #  If not set, will save origin 
ssl key into etcd.
                                               #  If set this, must be a string 
of length 16. And it will encrypt ssl key with AES-128-CBC
                                               #  !!! So do not change it after 
saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
   
   其中此域名的证书都是可授信的证书,帮忙看下这个如何处理?
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to