假设一个网站在多个服务器之间进行负载平衡。我想运行一个命令来测试它是否正常工作,例如curl DOMAIN.TLD. 因此,为了隔离每个 IP 地址,我手动指定了 IP。但是很多网站可能托管在服务器上,所以我还是提供了一个主机头,像这样:curl IP_ADDRESS -H 'Host: DOMAIN.TLD'. 在我的理解中,这两个命令创建了完全相同的 HTTP 请求。唯一的区别是,在后一个中,我从 cURL 中取出 DNS 查找部分并手动执行此操作(如果我错了,请纠正我)。
到目前为止一切顺利。但现在我想对 HTTPS 网址做同样的事情。同样,我可以像这样测试它curl https://DOMAIN.TLD。但我想手动指定 IP,所以我运行curl https://IP_ADDRESS -H 'Host: DOMAIN.TLD'. 现在我收到一个 cURL 错误:
curl: (51) SSL: certificate subject name 'DOMAIN.TLD' does not match target host name 'IP_ADDRESS'.
我当然可以通过告诉 cURL 不要关心证书(“-k”选项)来解决这个问题,但这并不理想。
有没有办法将连接的 IP 地址与通过 SSL 认证的主机隔离?
Mar*_*tin 156
认为我通过 cURL 手册找到了一个解决方案:
curl https://DOMAIN.EXAMPLE --resolve 'DOMAIN.EXAMPLE:443:192.0.2.17'
在 [curl] 7.21.3 中添加。在 7.42.0 中添加了删除支持。
小智 12
可以在 /etc/hosts 中更改,让服务器认为该域位于某个 IP。
这是语法:
192.168.10.20 www.domain.tld
这将使 cURL 使用您想要的 IP 地址,而不会破坏 SSL 证书。
pee*_*dee 12
这是man当前最受好评的答案的条目,因为它们仅包含指向程序化组件的链接:
--resolve <host:port:address>
Provide a custom address for a specific host and port pair. Using
this, you can make the curl requests(s) use a specified address and
prevent the otherwise normally resolved address to be used. Consider
it a sort of /etc/hosts alternative provided on the command line.
The port number should be the number used for the specific protocol
the host will be used for. It means you need several entries if you
want to provide address for the same host but different ports.
The provided address set by this option will be used even if -4,
--ipv4 or -6, --ipv6 is set to make curl use another IP version.
This option can be used many times to add many host names to resolve.
Added in 7.21.3.
但是由于给定的限制(“如果您想为同一主机但不同的端口提供地址,则意味着您需要多个条目。”),我会考虑另一个可以同时翻译的更新选项:
--connect-to <HOST1:PORT1:HOST2:PORT2>
For a request to the given HOST:PORT pair, connect to
CONNECT-TO-HOST:CONNECT-TO-PORT instead. This option is suitable
to direct requests at a specific server, e.g. at a specific cluster
node in a cluster of servers. This option is only used to establish
the network connection. It does NOT affect the hostname/port that
is used for TLS/SSL (e.g. SNI, certificate verification) or for
the application protocols. "host" and "port" may be the empty string,
meaning "any host/port". "connect-to-host" and "connect-to-port"
may also be the empty string, meaning "use the request's original host/port".
This option can be used many times to add many connect rules.
See also --resolve and -H, --header.
Added in 7.49.0.
小智 5
如果您在 Windows 中运行curl,请使用双引号
curl https://DOMAIN.TLD --resolve "DOMAIN.TLD:443:IP_ADDRESS"
curl DOMAIN.TLD --resolve "DOMAIN.TLD:80:IP_ADDRESS"
您可以预先跳过方案/协议,但不能跳过 --resolve 字符串中的端口号。
| 归档时间: |
|
| 查看次数: |
166048 次 |
| 最近记录: |