wso2 - SSL certificate error on Nginx load balancer on WSO2 API cluster

问题描述

I configured API cluster with Nginx Load Balancer by manuals : https://docs.wso2.com/display/AM250/Configuring+the+Proxy+Server+and+the+Load+Balancer https://docs.wso2.com/display/CLUSTER44x/Setting+up+a+Cluster

I tried to use a self-signed certficate or commercial cert for LB, but when i open LB web-page on 443 port i have the same errors in logs:

SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking to upstream.

What is the problem?

Nginx config:

upstream server1 {
    server x.x.x.x:9443;
}
upstream server2 {
    server x.x.x.x:8243;
}
server {
    listen 80;
    server_name server1.com;
    rewrite ^/(.*) https://server1.com/$1 permanent;
}
server {
    listen 443;
    server_name server1.com;
    proxy_set_header X-Forwarded-Port 443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/server1.cer;
    ssl_certificate_key /etc/nginx/ssl/server1.key;
    location / {
               proxy_set_header X-Forwarded-Host $host;
               proxy_set_header X-Forwarded-Server $host;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header Host $http_host;
               proxy_read_timeout 5m;
               proxy_send_timeout 5m;
               proxy_pass https://server1.com;
        }
}
server {
    listen 443;
    server_name server1.com;
    proxy_set_header X-Forwarded-Port 443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/server1.cer;
    ssl_certificate_key /etc/nginx/ssl/server1.key;
    location / {
               proxy_set_header X-Forwarded-Host $host;
               proxy_set_header X-Forwarded-Server $host;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header Host $http_host;
               proxy_read_timeout 5m;
               proxy_send_timeout 5m;
               proxy_pass https://server1.com;
}}

标签： wso2