錯誤 502 - 隨機 SSL 函式庫錯誤：336151568 錯誤：14094410

我的網頁伺服器上遇到隨機 502 錯誤。

速度: 0.5%

我的日誌中出現錯誤：SSL函式庫錯誤：336151568錯誤：14094410：SSL例程：SSL3_READ_BYTES：sslv3警報握手失敗

OpenSSL 版本：OpenSSL 1.0.0-fips 2010 年 3 月 29 日

網路 我無法發布圖像，因此這裡是我的網路方案的連結： https://i.stack.imgur.com/oOOnL.jpg 以及與另一個主機的相同圖像：http://s28.postimg.org/q9012t8l7/error502.jpg

一些細節：

我在 tomcat 7.0.37 上託管 JEE 應用程式

當有人嘗試連接到其中一個應用程式時，他會連接到我的路由器的外部 IP。路由器將他重定向到我的 DMZ。

DMZ 上的 Apache 配置

<VirtualHost *:443>
  ServerName www.myapp.fr
  ServerAlias myapp.fr
  RedirectMatch ^/$ /CRA
  ProxyRequests Off

  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /etc/ssl/certs/www.myapp.fr.pem


  ProxyPass / https://myapp.fr/
  ProxyPassReverse / https://myapp.fr/

      LogLevel info
     CustomLog "|/usr/sbin/rotatelogs /var/log/httpd/myapp.fr/SSL.myapp.fr_access.%Y-%m-%d.log 5M" combined
     ErrorLog  "|/usr/sbin/rotatelogs /var/log/httpd/myapp.fr/SSL.myapp.fr_error.%Y-%m-%d.log 5M"
</VirtualHost>

Myapp.fr 在 /etc/hosts 中定義為 192.168.1.51，網路伺服器的 IP

DMZ 使用 ProxyPass 存取此 Web 伺服器。此Web伺服器用於ProxyPass到真正的應用程式伺服器。

Web 伺服器上的 Apache 配置

    <VirtualHost *:443>
    ServerName myapp.fr
    RedirectMatch ^/$ https://myapp.fr/Collaborateurs/
         ProxyRequests Off
    SSLCertificateFile /etc/ssl/certs/www.myapp.fr.pem
     SSLProxyEngine On
    SSLEngine on

    ProxyPass /Collaborateurs/ https://ApplicationServer:8443/Collaborateurs/
    ProxyPassReverse /Collaborateurs/ https://ApplicationServer:8443/Collaborateurs/

     LogLevel info
        CustomLog "|/usr/sbin/rotatelogs ${APACHE_LOG_DIR}/myapp/SSL.myapp.fr_access.%Y-%m-%d.log 5M" combined
        ErrorLog  "|/usr/sbin/rotatelogs ${APACHE_LOG_DIR}/myapp/SSL.myapp.fr_error.%Y-%m-%d.log 5M"
</VirtualHost>

問題就在這裡。有時，我的日誌中會出現隨機錯誤，對應到使用者的錯誤網關錯誤 (502)。

來自 /var/log/httpd/myapp.fr/SSL.myapp.fr_error.%Y-%m-%d.log 的日誌：

[Mon Dec 23 08:58:31 2013] [info] Seeding PRNG with 136 bytes of entropy
[Mon Dec 23 08:58:31 2013] [info] Initial (No.1) HTTPS request received for child 11 (server myapp.fr:443)
[Mon Dec 23 08:58:31 2013] [info] [client 192.168.1.52] Connection to child 0 established (server myapp.fr:443)
[Mon Dec 23 08:58:31 2013] [info] Seeding PRNG with 136 bytes of entropy
[Mon Dec 23 08:58:31 2013] [info] [client 192.168.1.52] SSL Proxy connect failed
[Mon Dec 23 08:58:31 2013] [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Mon Dec 23 08:58:31 2013] [info] [client 192.168.1.52] Connection closed to child 0 with abortive shutdown (server myapp.fr:443)
[Mon Dec 23 08:58:31 2013] [error] (502)Unknown error 502: proxy: pass request body failed to 192.168.1.52:8443 (ApplicationServer.domain.lan)
[Mon Dec 23 08:58:31 2013] [error] proxy: pass request body failed to 192.168.1.52:8443 (ApplicationServer.red.lan) from 10.0.0.2 ()

當沒有發生任何錯誤時，以下是相同的日誌：

[Mon Dec 23 09:08:30 2013] [info] Initial (No.1) HTTPS request received for child 8 (server myapp.fr:443)
[Mon Dec 23 09:08:30 2013] [info] Initial (No.1) HTTPS request received for child 0 (server myapp.fr:443)
[Mon Dec 23 09:08:30 2013] [info] [client 192.168.1.52] Connection to child 0 established (server myapp.fr:443)
[Mon Dec 23 09:08:30 2013] [info] Seeding PRNG with 136 bytes of entropy
[Mon Dec 23 09:08:31 2013] [info] Initial (No.1) HTTPS request received for child 3 (server myapp.fr:443)
[Mon Dec 23 09:08:31 2013] [info] [client 192.168.1.52] Connection to child 0 established (server myapp.fr:443)
[Mon Dec 23 09:08:31 2013] [info] Seeding PRNG with 136 bytes of entropy

我不明白為什麼會發生這個錯誤。有人有想法嗎？感謝您最終的領導 - 並為我糟糕的英語感到抱歉：D