Nginx
Spdycheck 正常,但 Chrome 42 未啟用 Spdy
我正在嘗試使用 Nginx 1.8.0 實現 spdy 協議。我已經用 spdy 模組建構了它。
當我通過 spdycheck.org 檢查我的網站時,一切都是綠色的,並表示支持 spdy 3.1,但 Chrome 42 中的 chrome 擴展程序不顯示綠色箭頭並表示未啟用。我還檢查了 chrome://net-internals/#spdy 並且我的網站未在此處列出。
我在 StartSSL 獲得了我的 SHA2 證書。
SSL Labs 給了我幾乎滿分的 A+ 級。
Nginx 配置:
server { listen xx.xx.xx.xx:80; server_name domain.com www.domain.com; return 301 https://www.domain.com$request_uri; } server { listen xx.xx.xx.xx:443 ssl spdy; server_name domain.com www.domain.com; if ($host = 'domain.com' ) { return 301 https://www.domain.com$request_uri; } if ($host = 'it.domain.com' ) { return 301 http://it.domain.com$request_uri; } ssl on; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Cloudflare recommended ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; # Mozilla recommended #ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_certificate /var/nginx/ssl/site.crt; ssl_certificate_key /var/nginx/ssl/site.key; ssl_dhparam /var/nginx/ssl/dhparam.pem; ssl_trusted_certificate /var/nginx/ssl/startssl_trust_chain.crt; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; add_header Strict-Transport-Security "max-age=63072000; preload"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; access_log /home/virtual/domain.com/logs/access.log main; error_log /home/virtual/domain.com/logs/error.log notice; root /home/virtual/domain.com/subs/www; index index.php index.html; rewrite ^/it\.html http://it.domain.com permanent; location ~* ^.+\.(jpg|jpeg|gif|png|js|css|ico|swf)$ { expires 30d; access_log off; } location ~ /\. { deny all; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass phpfarm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /home/virtual/domain.com/subs/www/$fastcgi_script_name; fastcgi_buffer_size 32k; fastcgi_buffers 32 32k; fastcgi_intercept_errors on; include /var/nginx/conf/fastcgi.conf; if ($request_uri ~* "^/index.php\??$") { rewrite ^/.*$ http://$host? permanent; } } }
有誰知道為什麼它不想工作?
謝謝!
我找到了解決方案,但我不知道是 Chrome 記憶體還是 Avast。
清空整個瀏覽器記憶體後,刪除所有瀏覽器數據並禁用 Avast 10 分鐘,它開始向我顯示綠色箭頭。
現在即使啟用了 Avast,它也會向我顯示。
編輯
是 Avast 的錯。Web Shield HTTPS 掃描對此有一些問題。
你可以試試:ECDHE-RSA-AES128-GCM-SHA256 用於密碼。這對我有用。我使用Google瀏覽器版本 44.0.2403.125 m