Nginx

Spdycheck 正常,但 Chrome 42 未啟用 Spdy

  • July 31, 2015

我正在嘗試使用 Nginx 1.8.0 實現 spdy 協議。我已經用 spdy 模組建構了它。

當我通過 spdycheck.org 檢查我的網站時,一切都是綠色的,並表示支持 spdy 3.1,但 Chrome 42 中的 chrome 擴展程序不顯示綠色箭頭並表示未啟用。我還檢查了 chrome://net-internals/#spdy 並且我的網站未在此處列出。

我在 StartSSL 獲得了我的 SHA2 證書。

SSL Labs 給了我幾乎滿分的 A+ 級。

Nginx 配置:

server {
   listen         xx.xx.xx.xx:80;
   server_name    domain.com www.domain.com;
   return         301 https://www.domain.com$request_uri;
}

server {
   listen         xx.xx.xx.xx:443 ssl spdy;
   server_name    domain.com www.domain.com;

   if ($host = 'domain.com' ) {
       return 301 https://www.domain.com$request_uri;
   }

   if ($host = 'it.domain.com' ) {
       return 301 http://it.domain.com$request_uri;
   }

   ssl on;
   ssl_prefer_server_ciphers    on;
   ssl_session_cache            shared:SSL:10m;
   ssl_session_timeout          10m;
   ssl_protocols                TLSv1 TLSv1.1 TLSv1.2;
   # Cloudflare recommended
   ssl_ciphers                  EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
   # Mozilla recommended
   #ssl_ciphers                  'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
   ssl_certificate              /var/nginx/ssl/site.crt;
   ssl_certificate_key          /var/nginx/ssl/site.key;
   ssl_dhparam                  /var/nginx/ssl/dhparam.pem;
   ssl_trusted_certificate      /var/nginx/ssl/startssl_trust_chain.crt;
   ssl_stapling                 on;
   ssl_stapling_verify          on;
   resolver                     8.8.8.8 8.8.4.4 valid=300s;

   add_header    Strict-Transport-Security "max-age=63072000; preload";
   add_header    X-Frame-Options "DENY";
   add_header    X-Content-Type-Options nosniff;

   access_log    /home/virtual/domain.com/logs/access.log main;
   error_log     /home/virtual/domain.com/logs/error.log notice;
   root          /home/virtual/domain.com/subs/www;
   index         index.php index.html;

   rewrite ^/it\.html http://it.domain.com permanent;

   location ~* ^.+\.(jpg|jpeg|gif|png|js|css|ico|swf)$ {
       expires    30d;
       access_log off;
   }

   location ~ /\. {
        deny all;
   }

   location ~ \.php$ {
       try_files                $uri =404;
       fastcgi_split_path_info  ^(.+\.php)(/.+)$;

       fastcgi_pass             phpfarm;
       fastcgi_index            index.php;
       fastcgi_param            SCRIPT_FILENAME  /home/virtual/domain.com/subs/www/$fastcgi_script_name;
       fastcgi_buffer_size      32k;
       fastcgi_buffers          32 32k;
       fastcgi_intercept_errors on;
       include                  /var/nginx/conf/fastcgi.conf;

       if ($request_uri ~* "^/index.php\??$") {
           rewrite ^/.*$ http://$host? permanent;
       }
   }
}

有誰知道為什麼它不想工作?

謝謝!

我找到了解決方案,但我不知道是 Chrome 記憶體還是 Avast。

清空整個瀏覽器記憶體後,刪除所有瀏覽器數據並禁用 Avast 10 分鐘,它開始向我顯示綠色箭頭。

現在即使啟用了 Avast,它也會向我顯示。

編輯

是 Avast 的錯。Web Shield HTTPS 掃描對此有一些問題。

你可以試試:ECDHE-RSA-AES128-GCM-SHA256 用於密碼。這對我有用。我使用Google瀏覽器版本 44.0.2403.125 m

引用自:https://serverfault.com/questions/690065