记录 not an SSL/TLS record

日志记录如下:

[2019-01-23T14:42:35,850][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node0] caught exception while handling client http traffic, closing connection [id: 0xe38f8ac0, L:0.0.0.0/0.0.0.0:9200 ! R:/127.0.0.1:39864]
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f70726f746f636f6c2d2a2f5f6d617070696e6720485454502f312e310d0a557365722d4167656e743a20596969322d4375726c2d4167656e740d0a486f73743a203132372e302e302e313a393230300d0a4163636570743a202a2f2a0d0a0d0a
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.13.Final.jar:4.1.13.Final]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f70726f746f636f6c2d2a2f5f6d617070696e6720485454502f312e310d0a557365722d4167656e743a20596969322d4375726c2d4167656e740d0a486f73743a203132372e302e302e313a393230300d0a4163636570743a202a2f2a0d0a0d0a
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1103) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[?:?]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[?:?]
	... 15 more

产生原因:在配置了认证用户名以及证书之后,在 baseEs.php 中还是采用了未认证用户名及证书方式请求数据,所以导致了该问题的发生。关键代码如下:

# baseEs.php getAllIndices()

$elasticSearch = \Yii::$app->elasticsearch;
$nodes = $elasticSearch->nodes;

$node0 = $nodes[0];
$httpAddress = $node0['http_address'];

$requestUrl = $httpAddress.'/'.$prefix.'*/_mapping';
$response = (new Curl())
    ->reset()
    ->get($requestUrl);

$responseArr = json_decode($response, true);

优化1:加上认证用户名以及证书的配置,就可以解决改报错了,但是仍然会报一个 Content-Type 过期的错误,可以忽略

# baseEs.php getAllIndices()

$esInfo = \Yii::$app->elasticsearch;
$nodes = $esInfo->nodes;
$node0 = $nodes[0];
$httpAddress = $esInfo->defaultProtocol .'://'. $node0['http_address'];
$requestUrl = $httpAddress.'/_cat/indices/'.$prefix.'*?format=json';//_cat/indices/protocol-*?format=json
$response = (new Curl())
    ->reset()
    ->setOptions([
        CURLOPT_HTTPHEADER => array("Content-type: application/json" ),
        CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
        CURLOPT_HEADER => true,
        CURLOPT_USERPWD => $esInfo->auth['username'].':'.$esInfo->auth['password'],
        CURLOPT_SSL_VERIFYPEER => $esInfo->sslExtension[CURLOPT_SSL_VERIFYPEER],
        CURLOPT_SSL_VERIFYHOST => $esInfo->sslExtension[CURLOPT_SSL_VERIFYHOST],
        CURLOPT_CAINFO => $esInfo->sslExtension[CURLOPT_CAINFO],
    ])
    ->get($requestUrl);
$responseArr = json_decode($response, true);
return array_column($responseArr, 'index');

优化2:因为全局配置了es的连接,所以可以直接使用。好处是,共用一处配置,以后要配置啥,只需要修改配置就行,而不用再修改 baseEs.php 这个文件了。

# baseEs.php getAllIndices()

/** @var ElasticsearchTarget $esConn */
$esConn = \Yii::$app->elasticsearch;
$ret = $esConn->get(sprintf("_cat/indices/%s*?format=json", $prefix));

return array_values(array_column($ret, 'index'));

你可能感兴趣的:(php)