Shi*_*dla 7 ssl nginx ubuntu-13.10
我有一个网站,它在一些旧的ubuntu服务器上使用apache完美运行,并且还有https.但现在由于某些原因我需要转移到不同的(具有高配置的新ubuntu服务器)服务器并尝试使用Nginx服务我的网站,因此安装了nginx(nginx/1.4.6 (Ubuntu)).以下是我的nginx.conf文件设置
server {
listen 8005;
location / {
proxy_pass http://127.0.0.1:8001;
}
location /static/ {
alias /root/apps/project/static/;
}
location /media/ {
alias /root/apps/media/;
}
}
# Https Server
server {
listen 443;
location / {
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Protocol $scheme;
# proxy_set_header X-Url-Scheme $scheme;
# proxy_redirect off;
proxy_pass http://127.0.0.1:8001;
}
server_tokens off;
ssl on;
ssl_certificate /etc/ssl/certificates/project.com.crt;
ssl_certificate_key /etc/ssl/certificates/www.project.com.key;
ssl_session_timeout 20m;
ssl_session_cache shared:SSL:10m; # ~ 40,000 sessions
ssl_protocols SSLv3 TLSv1; # SSLv2
ssl_ciphers ALL:!aNull:!eNull:!SSLv2:!kEDH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP:@STRENGTH;
ssl_prefer_server_ciphers on;
}
由于我已经在其他服务器上运行https certificate(project.com.crt)和key(www.project.com.key),我刚刚将它们复制到新服务器(现在不包含任何域,并且只有IP)并放置在路径中/etc/ssl/certificates/并尝试直接使用它们.现在我重新启动了Nginx并尝试访问我的IP 23.xxx.xxx.xx:8005,https:// 23.xxx.xxx.xx:8005我在firefox中收到以下错误
Secure Connection Failed
An error occurred during a connection to 23.xxx.xxx.xx:8005. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
但是当我没有访问IP时https,我可以为我的网站服务.
所以在上面的nginx conf文件中我的Https设置有什么问题?我们是否只能通过复制和粘贴某个文件夹来提供证书文件?我们需要为我的新服务器创建任何额外的证书吗?
小智 15
更改
listen 443;
至
listen 443 ssl;
并摆脱这条线
ssl on;
这应该可以解决您的SSL问题,但您的配置中似乎有几个问题.
| 归档时间: |
|
| 查看次数: |
16096 次 |
| 最近记录: |