常规连接正常但 SSL 问题
Regular connection fine but SSL issue
我 运行 我的应用程序是在 CentOS 6.4 上使用 Nginx 1.0.15 和 gunicorn 19.1.1。如果我只使用端口 80 而不使用 SSL,我的应用程序工作正常。但是,当我尝试向站点添加 SSL 时,Nginx 重定向到 https://,但是我在重定向后得到的只是 "web page not available",没有其他信息。
upstream apollo2_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/apollo2/run/gunicorn.sock fail_timeout=0;
}
#server {
# listen 80;
# server_name mysub.example.com;
# rewrite ^ https://$server_name$request_uri? permanent;
#}
# This works fine like this, but when I uncomment the above
# and the below ssl information, I get "webpage not available."
server {
listen 80;
# listen 443;
# ssl on;
# ssl_certificate /etc/nginx/ssl/2b95ec8183e5d1asdfasdfsadf.crt;
# ssl_certificate_key /etc/nginx/ssl/exmaple.com.key;
# server_name mysub.example.com;
client_max_body_size 4G;
keepalive_timeout 70;
access_log /webapps/apollo2/logs/nginx-access.log;
error_log /webapps/apollo2/logs/nginx-error.log;
location /static/ {
alias /webapps/apollo2/static/;
}
location /media/ {
alias /webapps/apollo2/media/;
}
location / {
# an HTTP header important enough to have its own Wikipedia entry:
# http://en.wikipedia.org/wiki/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS, this helps Rack
# set the proper protocol for doing redirects:
# proxy_set_header X-Forwarded-Proto https;
# pass the Host: header from the client right along so redirects
# can be set properly within the Rack application
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# set "proxy_buffering off" *only* for Rainbows! when doing
# Comet/long-poll stuff. It's also safe to set if you're
# using only serving fast clients with Unicorn + nginx.
# Otherwise you _want_ nginx to buffer responses to slow
# clients, really.
# proxy_buffering off;
# Try to serve static files from nginx, no point in making an
# *application* server like Unicorn/Rainbows! serve static files.
if (!-f $request_filename) {
proxy_pass http://apollo2_app_server;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/apollo2/static/;
}
}
- 我在错误日志中没有看到任何内容。
- 我在这里检查了端口 443 并且
它是开放的:http://www.yougetsignal.com/tools/open-ports/
- 这是我成功使用的通配符证书
另一个服务器上的另一个子域 运行 在 Debian 7 上使用 Nginx 我认为是相同的设置。
我应该看什么?我错过了什么?
我也应该展示我的 iptables,因为那时肯定有人会想出来的。我不是这方面的专家,但我的设置有问题导致重定向失败。
我最终使用了来自 Linode 的示例,现在可以使用了。
https://www.linode.com/docs/security/securing-your-server#creating-a-firewall
我 运行 我的应用程序是在 CentOS 6.4 上使用 Nginx 1.0.15 和 gunicorn 19.1.1。如果我只使用端口 80 而不使用 SSL,我的应用程序工作正常。但是,当我尝试向站点添加 SSL 时,Nginx 重定向到 https://,但是我在重定向后得到的只是 "web page not available",没有其他信息。
upstream apollo2_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/apollo2/run/gunicorn.sock fail_timeout=0;
}
#server {
# listen 80;
# server_name mysub.example.com;
# rewrite ^ https://$server_name$request_uri? permanent;
#}
# This works fine like this, but when I uncomment the above
# and the below ssl information, I get "webpage not available."
server {
listen 80;
# listen 443;
# ssl on;
# ssl_certificate /etc/nginx/ssl/2b95ec8183e5d1asdfasdfsadf.crt;
# ssl_certificate_key /etc/nginx/ssl/exmaple.com.key;
# server_name mysub.example.com;
client_max_body_size 4G;
keepalive_timeout 70;
access_log /webapps/apollo2/logs/nginx-access.log;
error_log /webapps/apollo2/logs/nginx-error.log;
location /static/ {
alias /webapps/apollo2/static/;
}
location /media/ {
alias /webapps/apollo2/media/;
}
location / {
# an HTTP header important enough to have its own Wikipedia entry:
# http://en.wikipedia.org/wiki/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS, this helps Rack
# set the proper protocol for doing redirects:
# proxy_set_header X-Forwarded-Proto https;
# pass the Host: header from the client right along so redirects
# can be set properly within the Rack application
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# set "proxy_buffering off" *only* for Rainbows! when doing
# Comet/long-poll stuff. It's also safe to set if you're
# using only serving fast clients with Unicorn + nginx.
# Otherwise you _want_ nginx to buffer responses to slow
# clients, really.
# proxy_buffering off;
# Try to serve static files from nginx, no point in making an
# *application* server like Unicorn/Rainbows! serve static files.
if (!-f $request_filename) {
proxy_pass http://apollo2_app_server;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/apollo2/static/;
}
}
- 我在错误日志中没有看到任何内容。
- 我在这里检查了端口 443 并且 它是开放的:http://www.yougetsignal.com/tools/open-ports/
- 这是我成功使用的通配符证书 另一个服务器上的另一个子域 运行 在 Debian 7 上使用 Nginx 我认为是相同的设置。
我应该看什么?我错过了什么?
我也应该展示我的 iptables,因为那时肯定有人会想出来的。我不是这方面的专家,但我的设置有问题导致重定向失败。
我最终使用了来自 Linode 的示例,现在可以使用了。 https://www.linode.com/docs/security/securing-your-server#creating-a-firewall