我使用 HAproxy 作为 Kubernetes 集群的本地负载均衡器。这是cfg文件:
global
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 40000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
log stdout local0 info
defaults
mode tcp
log global
option httplog
retries 3
timeout http-request 50s
timeout queue 1m
timeout connect 1m
timeout client 1m
timeout server 1m
timeout http-keep-alive 50s
timeout check 10s
maxconn 1000
frontend https_front
mode http
bind *:443 ssl crt /etc/haproxy/haproxy.pem ca-file /etc/haproxy/haproxy.crt verify optional
redirect scheme https if !{ ssl_fc }
acl sadmin path_beg /sadmin
use_backend sadmin_server if sadmin
default_backend sadmin_server
backend sadmin_server
balance roundrobin
mode http
server node1 staging-node1:30000 check
server node2 staging-node2:30000 check
server node3 staging-node3:30000 check
server node4 staging-node4:30000 check
我正在使用使用传统 openssl 命令生成的自签名证书。
但是,在连接到网站时,即使页面加载正常,我仍然会看到大量以下错误:
<134>Oct 18 20:14:14 haproxy[6]: 10.118.108.170:51249 [18/Oct/2019:20:14:14.172] https_front/1: SSL handshake failure
<134>Oct 18 20:14:14 haproxy[6]: 10.118.108.170:51245 [18/Oct/2019:20:14:14.172] https_front/1: SSL handshake failure
<134>Oct 18 20:14:14 haproxy[6]: 10.118.108.170:51247 [18/Oct/2019:20:14:14.172] https_front/1: SSL handshake failure
<134>Oct 18 20:14:14 haproxy[6]: 10.118.108.170:51246 [18/Oct/2019:20:14:14.172] https_front/1: SSL handshake failure
- 我已经最大化了连接参数。
- 我也尝试在浏览器中加载证书。
- 已尝试验证可选且无的选项。
但无法弄清楚这些错误的原因?
PS:我已经阅读了Haproxy ssl redirect handshake failure和How to tracking "Connection timout during SSL handshake" 和 "Connection closed during ssl handshake" 错误页面,但还没有找到解决方案。