Nginx
Nginx 在 https 請求上返回 400
我已經使用letsencrypt設置了nginx以使用https。我
/etc/nginx/conf.d/app.conf
的如下(未server
配置其他指令):server { location /.well-known/acme-challenge/ { autoindex on; root /var/www/certbot/; } location / { return 301 https://$host$request_uri; } server_name example.com; listen 80; } server { listen 443; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; server_name example.com; location /.well-known/acme-challenge/ { root /var/www/certbot; } location /static/ { gzip on; gzip_static on; gzip_types text/plain text/css text/javascript application/javascript; gzip_disable "msie6"; alias /static/; autoindex off; } # many other locations }
當我嘗試打開
https://example.com
時,nginx 返回 400,這些是日誌:mysite_nginx | 1.1.1.1 - - [04/Apr/2019:16:43:52 +0000] "\x16\x03\x01\x00\xC6\x01\x00\x00\xC2\x03\x03\x97\x08D\x08\x87\x5Cg\xDB\x85\x8Ch\x16\xC9\x1E\x01\xDB\x9F\x12\x04\x91e\xB3P]4]\xFE\xEF\xE5^\xB7\x07\x00\x00\x1C" 400 157 "-" "-" "-" mysite_nginx | 1.1.1.1 - - [04/Apr/2019:16:43:52 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03s\xC0\xBDWM\xC4n\x12\xD6\x1BQ\xCF\x0C\xDD\x93\xE6\x8D\x1B5YV\xBB\x9D\xB9\x8A,\x02\xC1nS\xE1\x15 y." 400 157 "-" "-" "-" mysite_nginx | 1.1.1.1 - - [04/Apr/2019:16:43:52 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03wa\x13\x96D\xCB)f\x9B\xED\x1B\xA9\xFD\xA8\xCAU\x1A\xDA\xA0" 400 157 "-" "-" "-" mysite_nginx | 1.1.1.1 - - [04/Apr/2019:16:43:52 +0000] "\x16\x03\x01\x00\xC6\x01\x00\x00\xC2\x03\x03\x96]\xEC\x1F\x077\xCF\xE5N]k\x86\xCF\xEF\x13\xF0\xFC\xCBL\xFD\x06\xF5\x10|\xD8\x9C\xC0\xE7-\xD4(\xBF\x00\x00\x1C\xBA\xBA\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 157 "-" "-" "-"
我做了一些研究,發現如果向 http 端點發出 https 請求,可能會發生這種情況,但我無法弄清楚我的配置有什麼問題。如何解決?
UPD nginx 在 docker 容器內執行
docker-compose.yml
,版本號為2.4
,nginx
服務定義:nginx: image: nginx:1.15.9-alpine volumes: - ./configs/nginx:/etc/nginx/conf.d - ./configs/nginx.proxy_params:/etc/nginx/proxy_params - ./volumes/certbot/conf:/etc/letsencrypt - ./volumes/certbot/www:/var/www/certbot command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" ports: - "80:80" - "443:443" restart: on-failure
options-ssl-nginx.conf
並ssl-dhparams.pem
取自官方certbot
回購。我檢查了文件是否存在於 /etc/letsencrypt/live/example.com 中
fullchain.pem
。privacy.pem
您需要在 443 埠上啟用 SSL。有關詳細資訊,請參閱此文件。
例如:
listen 443 ssl;