问题
I’d like to know how to configure a secure domain with Redbird proxy properly. The basic info is a bit confusing because examples are slightly fragmented. I suppose it should be possible with letsencrypt automatically (as claimed there).
I’ve tried:
var proxy = require('redbird')({
port:80,
ssl: {
port: 3000,
letsencrypt: {
path: '../SSL-certs',
}
}
});
proxy.register('secure-web.net', 'http://xx.xx.xxx.xxx:8080',{
ssl: {
letsencrypt: {
email: 'my@mail.com'
}
}
});
proxy.register('insecure-web.net', 'http://xx.xxx.xx.xxx:6881');
Terminal throws (when I try to visit the page):
{"name":"redbird","hostname":"honza-kvm","pid":3089,"level":50,"err":{"message":"140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n","name":"Error","stack":"Error: 140009434470272:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1418:\n"},"msg":"HTTPS Client Error","time":"2016-11-08T13:03:37.979Z","v":0}
Firefox throws:
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The directory SSL-certs is intentionally empty (it seems it should be according to the manual page) but maybe I need some important info about using letsencrypt via Redbird in general.
回答1:
This example enabled http and https to my existing localhost:8080.
var proxy = require('redbird')({
port: 80
xfwd: false,
letsencrypt: {
path: "certs",
port: 3000
},
ssl: {
port: 443
}
});
proxy.register("www.example.com", "http://localhost:8080", {
ssl: {
letsencrypt: {
email: "me@example.com",
production: false
}
}
});
Also, when switching from production:false to production:true, I found the certificate issuer was still
Fake LE Intermediate X1
I completely removed the contents of the certs dir, and restarted the proxy to find
Let's Encrypt Authority X3
来源:https://stackoverflow.com/questions/40487875/how-to-configure-a-secure-https-domain-with-redbird-reverse-proxy