我想在 nginx 负载均衡器(社区版)上配置 mtls。我找到了操作方法。我在 nginx 配置中写入了“ssl_client_certificate /path/CA.cert”和“ssl_verify_client on”,但当我打开 Nginx LB 网页时出现错误:400 Bad Request SSL 证书错误。
问题是什么?Nginx 配置:
upstream server.com {
server 1.1.1.1:443;
server 1.1.1.2:443;
}
server {
listen 443 ssl;
server_name server.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server.cer;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/ca.pem;
ssl_verify_client on;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server.com;
}
}