社区版v1.10.11-lts
安装openresty后,设置反向代理后使用http访问正常,但是开启https添加证书后就无法访问了, HTTP 选项:访问HTTP自动跳转到HTTPS;Acme证书:从阿里云DNS账号申请; 支持的协议版本:TLS 1.3TLS 1.2;加密算法:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
浏览器:Edge、Chrome、360极速浏览器都无法访问;
Edge、Chrome访问都提示:
此站点的连接不安全
192.168.1.22 发送了无效的响应。
ERR_SSL_PROTOCOL_ERROR
http://192.168.1.22:9292可以正常访问;
https://192.168.1.22:9292无法访问
默认开启的 HTTPS 端口为 443 如果你不是 443 需要手动修改配置文件
我们会在V2版本支持自定义 HTTPS 端口
找到问题点了,在配置文件第一个listen 9292后面添加SSL即可,现在可以正常访问https了
分享一下最终代码:
server {
listen 9191 ssl;
listen 1443 ssl http2 ;
server_name xxx.com;
index index.php index.html index.htm default.php default.htm default.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
access_log /www/sites/xxx.com/log/access.log main;
error_log /www/sites/xxx.com/log/error.log;
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
include /www/sites/xxx.com.com/proxy/*.conf;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
ssl_certificate /www/sites/xxx.com.com/ssl/fullchain.pem;
ssl_certificate_key /www/sites/xx.com/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security “max-age=31536000”;
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
ssl_stapling on;
ssl_stapling_verify on;
}
手动点赞 