通过 Pacemaker 激活 SSL 时 Apache 无法加载

tag-icon tag-icon centos apache-httpd ssl apache-virtualhost pacemaker
通过 Pacemaker 激活 SSL 时 Apache 无法加载

我在 Pacemaker 上设置了一个集群:apache、mariadb、2x GFS2 和 VIP

运行时一切正常,http但一旦我将(自签名)SSL 证书和虚拟主机添加到httpd/conf.d/ssl.conf文件中,集群就不会再次启动 Web 服务器。

我已经在 和 SSL/https 上搜索了结果,/server-status但我无法资助任何有关如何构造它的结果。

当我跑步时:

[root@node01 ~]# pcs resource debug-start mb-web
Operation start for mb-web (ocf:heartbeat:apache) returned: 'unknown error' (1)
> stderr: May 18 12:38:43 INFO: apache not running
> stderr: May 18 12:38:43 INFO: waiting for apache /etc/httpd/conf/httpd.conf to come up
> stderr: ocf-exit-reason:Failed to access httpd status page.
> stderr: May 18 12:38:44 INFO: Attempting graceful stop of apache PID 31950
> stderr: May 18 12:38:46 INFO: apache stopped.

我也在失败的消息中得到它:

Failed Resource Actions:
* mb-web_start_0 on node01 'unknown error' (1): call=128, status=complete, exitreason='Failed to access httpd status page.',
last-rc-change='Mon May 18 12:32:05 2020', queued=0ms, exec=3402ms
* mb-web_start_0 on node02 'unknown error' (1): call=130, status=complete, exitreason='Failed to access httpd status page.',
last-rc-change='Mon May 18 12:31:35 2020', queued=0ms, exec=3425ms

我尝试通过以下方式更新资源:

pcs resource update mb-web statusurl="https://localhost/server-status"
or
pcs resource update mb-web statusurl="https://127.0.0.1/server-status"
or
pcs resource update mb-web statusurl="https://vip.fqdn.ltd/server-status"

我遵循以下设置:ClusterLabs.org

在我的/etc/httpd/conf.d/status.conf文件中我有:

<Location /server-status>
    SetHandler server-status
     Require local
</Location>

没有重定向到httpsfrom ,因为当服务器运行时(在我上次重新启动它之前),http我可以访问普通域上的 和80443

我什至看不到wget发生了什么,因为服务不会通过集群启动,但如果我运行systemctl start httpd所有内容都会运行并wget http://localhost/server-status返回:

[root@node01 ~]# wget http://localhost/server-status
--2020-05-18 12:58:53--  http://localhost/server-status
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:80... failed: Connection refused.

同时wget https://localhost/server-status返回:

[root@node01 ~]# wget https://localhost/server-status
--2020-05-18 12:58:45--  https://localhost/server-status
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

是否有我遗漏或未查找的资源,或者是否有我忘记激活的资源?

相关内容