Ssl

啟用 http2 後的 ERR_SSL_PROTOCOL_ERROR

  • April 1, 2019

我正在為我的應用程序設置 HTTP2,我在瀏覽器上隨機收到 ERR_SSL_PROTOCOL_ERROR。

這僅在 Google Chrome 瀏覽器上發生。在 Firefox 上一切正常。

我正在使用 Let’s Encrypth 使用 SSL 進行加密,一切正常。我今天啟用 HTTP2 後出現問題。我正在使用 Apache2。我將其更新為 2.4.38 以支持 HTTP2 模組

我嘗試了以下方法:

  • 禁用 http2 模組/重新啟動 apache2
  • 清除所有瀏覽器記憶體
  • 使用 .htacess 重置 HSTS 標頭:

標頭集 Strict-Transport-Security “max-age=0; includeSubDomains;” 環境=HTTPS

沒有結果,這仍然是隨機的錯誤。

這是我的虛擬主機配置:

<IfModule mod_ssl.c>
   <VirtualHost *:443>
           DocumentRoot /var/www/domain/prod/web
           ServerName sub.domain.tld
           ServerAlias domain
           ServerAdmin admin@domain.tld

   <Directory "/var/www/domain/prod/web/">
           Options FollowSymLinks MultiViews
           AllowOverride All
           Order allow,deny
           Allow from All
   </Directory>
   ErrorLog /var/www/domain/prod/logs/error.log
   LogLevel warn
   CustomLog /var/www/domain/prod/logs/access.log combined
   ServerSignature On

           SSLEngine On
           Include /etc/letsencrypt/options-ssl-apache.conf

           Protocols h2 http/1.1

           SSLCertificateFile 
           /etc/letsencrypt/live/domain/fullchain.pem
           SSLCertificateKeyFile 
          /etc/letsencrypt/live/domain/privkey.pem
   </VirtualHost>
</IfModule>

最後更新

我將 Martin 的答案推銷為最佳答案,因為安裝 PHP-FPM 似乎解決了我的問題(看不到 SSL_ERROR)我做了什麼:https ://www.vultr.com/docs/use-php5-fpm- with-apache-2-on-ubuntu-14-04

但對於我的一個網站,我收到特定頁面的 500 錯誤。le apache 錯誤日誌說:

[Mon Apr 01 14:58:31.844703 2019] [:error] [pid 30434] [client 81.200.189.9:30902] FastCGI: server "/usr/lib/cgi-bin/php5-fcgi" stderr: PHP message: PHP  12. Project->projectFormat() /var/www/jachete/models/Project.php:137

我真的不明白錯誤是什麼,知道嗎?

更新

禁用“pagespeed”模組後,這裡發生了有趣的事情,這裡是我從 error.log 得到的錯誤

[Sun Mar 31 16:13:07.090348 2019] [http2:warn] [pid 16845] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun Mar 31 16:13:07.119247 2019] [mpm_prefork:notice] [pid 16845] AH00163: Apache/2.4.38 (Ubuntu) OpenSSL/1.1.1b mpm-itk/2.4.6-01 PHP/5.5.9-1ubuntu4.27 configured -- resuming normal operations

根據https://http2.pro/doc/Apache ,這是由於 mpm-itk 不支持 http2。因為它只是通知/警告,我認為沒有理由導致 SSL_ERROR ?

這是 Qualys Lab (A) Qualys的測試結果:https ://imgur.com/rEfhopw

這裡有一些 apache2 錯誤日誌:

   [Sun Mar 31 15:31:07.393421 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Failed to make directory /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld: Permission denied
[Sun Mar 31 15:31:07.393454 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/loading.gif,.temp
[Sun Mar 31 15:31:07.393488 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/loading.gif,.tempqeySBV:0: opening temp file: No such file or directory
[Sun Mar 31 15:31:08.115111 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Failed to make directory /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld: Permission denied
[Sun Mar 31 15:31:08.115142 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/favicon.png,.temp
[Sun Mar 31 15:31:08.115162 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/favicon.png,.tempT2JwQU:0: opening temp file: No such file or directory
[Sun Mar 31 15:31:08.118059 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Failed to make directory /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld: Permission denied
[Sun Mar 31 15:31:08.118103 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/xfavicon.png.pagespeed.ic.coNvSghNBK.webp,.temp
[Sun Mar 31 15:31:08.118126 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/xfavicon.png.pagespeed.ic.coNvSghNBK.webp,.tempg9bR5T:0: opening temp file: No such file or directory

有一個權限被拒絕錯誤,但是當我查看權限時,我得到了這個

drwxr-xr-x  6 www-data www-data 4096 Oct 30 06:34 http,3A/
drwxr-xr-x  3 www-data www-data 4096 Jun 30  2018 https,3A/

我應該為所有使用者添加寫權限嗎?( chmod a+w dir/ -R) ?

順便說一句,即使我禁用了 PageSpeed 模組,SSL 錯誤仍然會發生,所以我猜上面日誌中的錯誤與我的 SSL 問題無關?

禁用 mpm_prefork,不要使用 mod_php 使用 PHP FPM 作為快速 CGI 代理,一切都會好起來的。

見:https ://http2.pro/doc/Apache

我希望這會有所幫助。

引用自:https://serverfault.com/questions/960829