Nginx
nginx 在 ipv6 上偵聽,但由於某種原因網站無法載入
我正在嘗試讓 ipv6 在 nginx (nginx/1.19.6) 上為 SSL 工作。在我的域配置中,我有:
server { listen 93.93.135.169:443 http2; listen [::]:443 http2; server_name backups.myserver.com; .... }
..然後是標準埠;
server { listen 93.93.135.169:80; listen [::]:80; server_name backups.myserver.com ; ... }
Netstat 顯示 nginx 正在偵聽埠 443 和 80:
netstat -tulpn | grep nginx tcp 0 0 93.93.135.169:80 0.0.0.0:* LISTEN 1168/nginx: master tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN 1168/nginx: master tcp 0 0 93.93.135.169:443 0.0.0.0:* LISTEN 1168/nginx: master tcp 0 0 0.0.0.0:9183 0.0.0.0:* LISTEN 5247/nginx: master tcp6 0 0 :::80 :::* LISTEN 1168/nginx: master tcp6 0 0 :::443 :::* LISTEN 1168/nginx: master
我可以在 ipv4 和 ipv6 上找到伺服器:
root@admin3:~# ping -4 backups.myserver.com PING backups.myserver.com (93.93.135.169) 56(84) bytes of data. 64 bytes from backups.myserver.com (93.93.135.169): icmp_seq=1 ttl=60 time=1.58 ms ^X^C --- backups.myserver.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.575/1.575/1.575/0.000 ms root@admin3:~# ping -6 backups.myserver.com PING backups.myserver.com(2a00:1098:80:a0::1 (2a00:1098:80:a0::1)) 56 data bytes 64 bytes from 2a00:1098:80:a0::1 (2a00:1098:80:a0::1): icmp_seq=1 ttl=61 time=1.55 ms ^X64 bytes from 2a00:1098:80:a0::1 (2a00:1098:80:a0::1): icmp_seq=2 ttl=61 time=1.74 ms
在iptables上,我得到:
iptables --list -n | grep 443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 iptables --list -n | grep 80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
..和ip6tables:
ip6tables --list -n | grep 80 ACCEPT tcp ::/0 ::/0 state NEW tcp dpt:80 ip6tables --list -n | grep 443 ACCEPT tcp ::/0 ::/0 state NEW tcp dpt:443
然而,當我在https://ipv6-test.com/上使用http測試該站點時,它可以工作:
但是一旦我嘗試 SSL,我就會得到:
從另一台伺服器執行 curl 測試,我得到:
curl -v -6 https://backups.myserver.com * Trying 2a00:1098:80:a0::1:443... * TCP_NODELAY set * Connected to backups.myserver.com (2a00:1098:80:a0::1) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * error:1408F10B:SSL routines:ssl3_get_record:wrong version number * Closing connection 0 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
我已經沒有其他東西可以嘗試了。有什麼建議麼?
您忘記告訴 nginx 埠 443 上的這些偵聽埠是用於 TLS 的。
listen 93.93.135.169:443 http2; listen [::]:443 http2;
請注意,
ssl
缺少。它應該是:listen 93.93.135.169:443 ssl http2; listen [::]:443 ssl http2;