主机名/IP 与证书的替代名称不匹配 | Node 和 Nginx

主机名/IP 与证书的替代名称不匹配 | Node 和 Nginx

在几个子域中,我有在不同端口上运行的节点服务器。我有一个名为的子域alexa-service.healform.de,它运行一个节点服务器,该服务器应该执行一些功能和请求。它的一个功能是查询GET另一个子域提供的数据,该子域也托管在我的服务器上 - oauth2.healform.de。如果我让这个函数运行,我会在终端中收到以下错误消息,这也是令人好奇的部分:

错误信息:

Hostname / IP does not match certificate's altnames: "Host: localhost." Is not in the cert's altnames: DNS: ampinbaunatal.de, DNS: www.ampinbaunatal.de "

当我看到这个时,我以为我在问 AskUbuntu 而不是 Stack。域名 ampinbaunatal.de 和 www.ampinbaunatal.de 也托管在我的服务器上,并且也拥有 Let's Encrypt 颁发的有效 SSL 证书。但为什么 oauth2.healform.de 的功能与 ampinbaunatal.de 不同?域名与功能无关。

当我调用数据的端点时,函数应该使用 Postman 进行检索,我得到了正确的响应。但是,当我通过节点服务器在 localhost 中运行 API 查询时(顺便说一下,我在 Ubuntu Server 18.04 上),它会以某种方式切换到其他域,并且我收到此错误消息。

有人知道证书出了什么问题吗?两者都有有效的 SSL 证书。为什么他不小心切换到了 ampinbaunatal.de 域名?


两个服务器的 Nginx 配置:

server {
  server_name oauth2.healform.de;
  location / {
    proxy_pass http://localhost:51001;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /path/to/fullchain.pem; # managed by Certbot
  ssl_certificate_key /path/to/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
  server_name alexa-services.healform.de;
  location / {
    proxy_pass http://localhost:51002;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /path/to/fullchain.pem; # managed by Certbot
  ssl_certificate_key /path/to/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

由于 Alexa 请求而执行的功能:

function getNextAppointment() {
  return new Promise((resolve, reject) => {
    var options = {
      url: 'https://oauth2.healform.de',
      path: '/api/userData',
      method: 'GET',
      tls: {
        rejectUnauthorized: false
      },
      rejectUnauthorized: false,
      headers: {
        Authorization:
          'Bearer < Token >',
        'Content-Type': 'application/json',
        Accept: 'application/json'
      }
    };

    const request = https.request(options, response => {
      response.setEncoding('utf8');
      let returnData = '';

      response.on('data', chunk => {
        returnData += chunk;
      });

      response.on('end', () => {
        resolve(JSON.parse(returnData));
      });

      response.on('error', error => {
        reject(error);
      });
    });
    request.end();
  });
}

相关内容