我正在configurationstunnel来将SSL请求封装到Haproxy。 Haproxy在同一IP地址上提供多个站点:
domain.com - Website app.domain.com - Node.js webserver 我获得了只对网站app.domain.com有效的SSL证书。 我想configurationstunnel接受请愿以:
https://app.domain.com
不要请愿:
https://domain.com
问题是,如果有人试图joinhttps: //domain.com,stunnel封装了app.domain.com证书(当然这对于这个域是无效的)。
我在stunnel.conf中试过这样的东西:
pid = /var/run/stunnel.pid output = /var/log/stunnel.log [https] cert = /etc/ssl/certs/app.domain.crt key = /etc/ssl/private/app.domain.key sni = https:app.domain.com accept = 443 connect = 80
但是当我试图开始stunnel我得到:
Line 10: End of section https: Each service must define two endpoints str_stats: 112 block(s), 5843 byte(s) [Failed: /etc/stunnel/stunnel.conf] You should check that you have specified the pid= in you configuration file
任何帮助,将不胜感激。 也许有另一种解决scheme,如configurationhaproxy中的东西拒绝SSL申请domain.com。