首页 \ 问答 \ Nginx服务器中的SSL握手失败(SSL Handshake fail in Nginx Server)

Nginx服务器中的SSL握手失败(SSL Handshake fail in Nginx Server)

 如果我的问题没有得到正确解释,我在使用服务器方面相对较新,所以道歉。 
 

 我按照这些教程在DigitalOcean上托管了我的Parse-Server 
 1. www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04 
 2. www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04 
 

 一切都很好,除非我的iOS应用程序尝试获取任何文件(PFFile使用URL)时遇到错误“CFNetwork SSLHandshake failed(-9806)”并且在浏览器中我得到“无法与服务器建立安全连接”

 我想要获取的文件网址是 - “ https://cobbet.com:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png
 

 但是,如果我将“ https ”更改为“ http ”并用实际IP地址“ 104.236.228.111 ”替换我的domain_name“ cobbet.com ”,我可以在浏览器上访问该文件。 

 文件网址有效 - “ http://104.236.228.111:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png
 


 我的Nginx服务器配置
 

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    server_name cobbet.com
    return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
        listen 443 default_server ssl;
        server_name cobbet.com;

        root /usr/share/nginx/html;
        index index.html index.htm;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/cobbet.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cobbet.com/privkey.pem;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128$
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        location ~ /.well-known {
                allow all;
        }


        # Pass requests for /parse/ to Parse Server instance at localhost:1337
        location /parse/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:1337/parse/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        # Pass requests for /dashboard/ to Parse Server instance at localhost:4040
        location /dashboard/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:4040/dashboard/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }



        location / {
                try_files $uri $uri/ =404;
        }
}

 


 如何解决此问题,以便我的应用可以下载没有SSL错误的文件? 
 

 谢谢! 

I am relatively new in working with servers so apologies if my question is not explained properly.
 

I have hosted my Parse-Server on DigitalOcean by following these tutorials 
 1. www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04 
2. www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04
 

Everything works nicely except when my iOS App tries to fetch any File (PFFile using URL) it encounters an error saying "CFNetwork SSLHandshake failed (-9806)" and in browser I get "cannot establish secure connection to server". 

 File URL that I am trying to fetch is - "https://cobbet.com:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png"
 

However, If I change "https" to "http" and replace my domain_name "cobbet.com" by actual IP Address "104.236.228.111", I am able to access the file on browser. 

File URL that works - "http://104.236.228.111:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png"
 


 My Nginx Server Configuration is 
 

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    server_name cobbet.com
    return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
        listen 443 default_server ssl;
        server_name cobbet.com;

        root /usr/share/nginx/html;
        index index.html index.htm;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/cobbet.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cobbet.com/privkey.pem;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128$
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        location ~ /.well-known {
                allow all;
        }


        # Pass requests for /parse/ to Parse Server instance at localhost:1337
        location /parse/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:1337/parse/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        # Pass requests for /dashboard/ to Parse Server instance at localhost:4040
        location /dashboard/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:4040/dashboard/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }



        location / {
                try_files $uri $uri/ =404;
        }
}

 


 How can I resolve this issue so that my app can download files without SSL error?
 

Thanks! 

原文:https://stackoverflow.com/questions/40763505
更新时间:2023-08-01 08:08

最满意答案

 看起来该网站没有附加SSL,所以 
 

RewriteCond %{HTTPS} on

 

 规则不正常。 
 

 因此,我采用这种方法来修复重定向,并使其适用于我在问题中提到的所有测试用例。 
 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]


It looks like the site didnt have an SSL attatched to it so the 
 

RewriteCond %{HTTPS} on

 

rule was not working correctly.
 

Because of this I went down this method to fix the redirects and make it work in all of the test cases that I mentioned in the question.
 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

相关问答

更多

相关文章

更多
  • nginx开机启动
  • CentOS下用Tomcat+Zookeeper+Nginx+Solr完美搭建SolrCloud平台(四)
  • Storm ack和fail机制再论
  • nginx开机自动启动设置
  • Nginx配置文件详解
  • nginx禁止未绑定域名访问
  • Keepalived+Nginx实现高可用和双主节点负载均衡
  • nginx基本运行命令
  • nginx下载与安装
  • nginx的平滑重启

    • 最新问答

    更多
  • 您如何使用git diff文件,并将其应用于同一存储库的副本的本地分支?(How do you take a git diff file, and apply it to a local branch that is a copy of the same repository?)
  • 将长浮点值剪切为2个小数点并复制到字符数组(Cut Long Float Value to 2 decimal points and copy to Character Array)
  • OctoberCMS侧边栏不呈现(OctoberCMS Sidebar not rendering)
  • 页面加载后对象是否有资格进行垃圾回收?(Are objects eligible for garbage collection after the page loads?)
  • codeigniter中的语言不能按预期工作(language in codeigniter doesn' t work as expected)
  • 在计算机拍照在哪里进入
  • 使用cin.get()从c ++中的输入流中丢弃不需要的字符(Using cin.get() to discard unwanted characters from the input stream in c++)
  • No for循环将在for循环中运行。(No for loop will run inside for loop. Testing for primes)
  • 单页应用程序:页面重新加载(Single Page Application: page reload)
  • 在循环中选择具有相似模式的列名称(Selecting Column Name With Similar Pattern in a Loop)
  • System.StackOverflow错误(System.StackOverflow error)
  • KnockoutJS未在嵌套模板上应用beforeRemove和afterAdd(KnockoutJS not applying beforeRemove and afterAdd on nested templates)
  • 散列包括方法和/或嵌套属性(Hash include methods and/or nested attributes)
  • android - 如何避免使用Samsung RFS文件系统延迟/冻结?(android - how to avoid lag/freezes with Samsung RFS filesystem?)
  • TensorFlow:基于索引列表创建新张量(TensorFlow: Create a new tensor based on list of indices)
  • 企业安全培训的各项内容
  • 错误:RPC失败;(error: RPC failed; curl transfer closed with outstanding read data remaining)
  • C#类名中允许哪些字符?(What characters are allowed in C# class name?)
  • NumPy:将int64值存储在np.array中并使用dtype float64并将其转换回整数是否安全?(NumPy: Is it safe to store an int64 value in an np.array with dtype float64 and later convert it back to integer?)
  • 注销后如何隐藏导航portlet?(How to hide navigation portlet after logout?)
  • 将多个行和可变行移动到列(moving multiple and variable rows to columns)
  • 提交表单时忽略基础href,而不使用Javascript(ignore base href when submitting form, without using Javascript)
  • 对setOnInfoWindowClickListener的意图(Intent on setOnInfoWindowClickListener)
  • Angular $资源不会改变方法(Angular $resource doesn't change method)
  • 在Angular 5中不是一个函数(is not a function in Angular 5)
  • 如何配置Composite C1以将.m和桌面作为同一站点提供服务(How to configure Composite C1 to serve .m and desktop as the same site)
  • 不适用:悬停在悬停时:在元素之前[复制](Don't apply :hover when hovering on :before element [duplicate])
  • 常见的python rpc和cli接口(Common python rpc and cli interface)
  • Mysql DB单个字段匹配多个其他字段(Mysql DB single field matching to multiple other fields)
  • 产品页面上的Magento Up出售对齐问题(Magento Up sell alignment issue on the products page)

    • Copyright ©2023 peixunduo.com All Rights Reserved.粤ICP备14003112号

    本站部分内容来源于互联网,仅供学习和参考使用,请莫用于商业用途。如有侵犯你的版权,请联系我们(neng862121861#163.com),本站将尽快处理。谢谢合作!