Ubuntu 16.04 / ROS v1.3.0
我正在尝试将ROS配置为使用安全的SSL连接。
如果我不对configuration.yml进行任何更改-ROS很好。我可以按照期望的方式同步和使用仪表板。
我已经从Letsencrypt获得了SSL证书。我在独立模式下使用了CertBot,因此不必安装或配置Nginx。 (我的喜好是不要再安装其他技术/层-保持清洁!)
我在此文件夹中存储了以下证书/密钥:/etc/letsencrypt/live/data.mydomain.net/cert.pem/etc/letsencrypt/live/data.mydomain.net/chain.pem/etc/letsencrypt/live/data.mydomain.net/fullchain.pem/etc/letsencrypt/live/data.mydomain.net/privkey.pem
一旦在configuration.yml中启用HTTPS,就无法启动ROS。
没有错误消息写入:/var/log/realm-object-server.log
这是configuration.yml代理部分的副本。
http:
## Whether or not to enable the HTTP proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
# enable: true
## The address/interface on which the HTTP proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
# listen_address: '::'
## The port that the HTTP proxy module should bind to.
# listen_port: 9080
https:
## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
## Note that even if it enabled, the HTTPS proxy will only start if supplied
## with a valid pair of certificates through certificate_path and private_key_path below.
enable: true
## The path to the certificate and private keys (in PEM format) that will be used
## to set up the HTTPS server accepting connections.
## These configuration options are MANDATORY to start the HTTPS proxy module.
certificate_path: '/etc/letsencrypt/live/data.mydomain.net/fullchain.pem'
private_key_path: '/etc/letsencrypt/live/data.mydomain.net/privkey.pem'
## The address/interface on which the HTTPS proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
# listen_address: '::'
## The port that the HTTPS proxy module should bind to.
listen_port: 9443
正如我提到的。问题似乎是,一旦我配置了HTTPS,ROS服务器就无法启动。如果我禁用HTTPS,则ROS服务器可以正常启动。
我认为ROS无法启动的原因是-如果从终端尝试
curl 127.0.0.1:9080或curl 127.0.0.1:9443,则会收到消息curl: (7) Failed to connect to 127.0.0.1 port 9443: Connection refused我很想听听您关于如何使它起作用的想法/想法/建议。干杯。伊恩
最佳答案
感谢用户@Radu-答案是Permissions。realm用户没有读取.pem文件的权限。
我从这个答案中得到了答案。
Https Proxy for Realm Object Server not working
@Radu-是男人!
关于ssl - 领域对象服务器-SSL配置导致ROS无法启动,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/43034647/