具體錯誤內容如下:
lua ssl certificate verify error: (20: unable to get local issuer certificate)
處理方法
給lua使用一個root賬戶生成的pem即可,操作方法如下:
ubutu14系統
root@172-18-21-239:/opt/nginx_2.3.2# apt-get install ca-certificates
root@172-18-21-239:/opt/nginx_2.3.2# update-ca-certificates
root@172-18-21-239:/opt/nginx_2.3.2# cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-lua.pem
centos系統
yum install ca-certificates
update-ca-trust
cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-lua.pem
然后再nginx配置文件添加以下配置
location / {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
lua_ssl_verify_depth 2; # 添加這行和下面這行。
lua_ssl_trusted_certificate "/etc/ssl/certs/ca-lua.pem" ;
rewrite_by_lua_file '/opt/nginx_2.3.2/lua_gray/front_proxy.lua';
}
重啟nginx即可了。