负载均衡slb下后端服务器无法访问负载IP的问题

在阿里云SLB的一台后端服务器,今天部署了脚本,访问一直是 curl: (7) couldn’t connect to host

看了安全策略和防火墙都没问题。诡异的要死。后来问了阿里客服才知道。监听时默认的是四层协议,是不支持后端ECS服务器做为客户端访问SLB的,要想访问,只能将监听修改为七层https或者http

这里要注意下,修改是看不到这个选项的。需要删除原监听端口,再新添加前端协议时选择 http 或者 https。

 

TrustAsia DV SSL CA 在curl下失败的问题

阿里云的CA免费证书到期了,却无法购买。阿里云真是坑人。去新浪云申请了TrustAsia的免费证书,下发访问没啥问题。但是一天后发现 curl访问出现如下错误:

SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

郁闷,然后去腾讯云又重新申请了,也是TrustAsia的免费DV,下发后验证通过,curl访问也通过了。真是无语了。。。

SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /home/cert/2018/2_yourdomain.cn.crt
SSLCertificateKeyFile /home/cert/2018/3_yourdomain.cn.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /home/cert/2018/1_root_bundle.crt