2
回答
nginx https无法访问
【寻找人气王】邀新用户免费体验华为云服务,百元话费等你拿!   

nginx无法访问443,防火墙的端口是开了的。阿里云安全组也开启了的。

[root@xxx~]# curl http://127.0.0.1:443
curl: (56) Recv failure: Connection reset by peer
[root@xxx~]# 

配置的https,外网也无法访问。如果是用python -m simplehttpserver 443,外网通过 ip加端口是能直接访问的了。但是 nginx就不行。请问有人知道这是什么原因吗。

 

补充,普通http是可以正常访问的,https就不行:

[root@xxxvhost]# nginx -V
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) 
built with OpenSSL 1.0.2l  25 May 2017
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-ipv6 --with-http_sub_module --with-openssl=/root/lnmp1.4/src/openssl-1.0.2l
[root@xxxvhost]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:xxx            0.0.0.0:*               LISTEN      19067/java          
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      17867/nginx: master 
tcp        0      0 0.0.0.0:xxx            0.0.0.0:*               LISTEN      29903/java          
tcp        0      0 0.0.0.0:xxx            0.0.0.0:*               LISTEN      27868/java          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      12830/sshd          
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      17867/nginx: master 
tcp        0      0 127.0.0.1:xxx          0.0.0.0:*               LISTEN      27868/java          
tcp        0      0 0.0.0.0:xxx            0.0.0.0:*               LISTEN      27868/java          
tcp        0      0 0.0.0.0:xxx            0.0.0.0:*               LISTEN      9948/./redis-server 
tcp6       0      0 :::xxx                 :::*                    LISTEN      9948/./redis-server 
tcp6       0      0 :::xxx                :::*                    LISTEN      7485/mysqld         

nginx conf:

server {
    listen 443 ssl;
    server_name xxxx.com;
    ssl on;
    ssl_certificate   cert/xxx/xxx.pem;
    ssl_certificate_key  cert/xxx/xxx.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    
    client_max_body_size 50M;
    access_log /xxx/access.log;
    error_log /xxx/error.log;
    
    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 2;
    gzip_types text/plain application/pdf application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

    # Django media
    location /media/  {
        alias /xxx/backend/media/;
        proxy_max_temp_file_size 2048m;
        expires 10d;
    }

    location /static/ {
        alias /xxx/backend/staticfiles/;
        expires 10d;
    }
    
    location / {
        uwsgi_pass  xxx;
        include     uwsgi_params;
        # uwsgi_connect_timeout 300s;
        # uwsgi_read_timeout 300s;
        # uwsgi_send_timeout 300s;
        # uwsgi_ignore_client_abort on;
    }
}

 

举报
xbuding
发帖于6个月前 2回/1K+阅
顶部