使用IPhone的Nginx Apache2 LetsEncrypt无法显示页面

前端之家收集整理的这篇文章主要介绍了使用IPhone的Nginx Apache2 LetsEncrypt无法显示页面前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我有Nginx letsencrypt ssl证书,它适用于所有新的iOS和Safari.它适用于iPhone 4,但是iPhone 5和更新版本没有.

我在Nginx日志中看到多个请求:

IPADDRESS - - [03/Dec/2016:10:08:08 +0000] "GET / HTTP/2.0" 200 5999 "REFERER" "Mozilla/5.0 (iPhone; cpu iPhone OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"
IPADDRESS - - [03/Dec/2016:10:08:08 +0000] "GET / HTTP/2.0" 200 5999 "REFERER" "Mozilla/5.0 (iPhone; cpu iPhone OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"
IPADDRESS - - [03/Dec/2016:10:08:08 +0000] "GET / HTTP/2.0" 200 5998 "REFERER" "Mozilla/5.0 (iPhone; cpu iPhone OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"
...
and ends with 499 code
IPADDRESS - - [03/Dec/2016:10:08:08 +0000] "GET / HTTP/2.0" 499 5998 "-" "Mozilla/5.0 (iPhone; cpu iPhone OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"

Safari浏览器中的空白页面.

HTTP部分ngixn配置:

##
# SSL Settings
##

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3,ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_dhparam /etc/Nginx/ssl/dhparams.pem;

ssl_session_cache shared:SSL:5m;
ssl_session_timeout 1h;

域的SERVER部分:

listen 443 ssl http2;

ssl_certificate         /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem;
ssl_certificate_key     /etc/letsencrypt/live/domain.com/privkey.pem;

location / {
    proxy_pass          http://localhost:40011/;
    proxy_set_header    Host $http_host;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto $scheme;
}

Nginx与Apache 2.4.23一起使用

PHP

SetEnvIf X-Forwarded-Proto https HTTPS=on

Apache日志包含相同的请求:

127.0.0.1 - - [05/Dec/2016:14:36:00 +0000] "GET / HTTP/1.0" 200 6122 "-" "Mozilla/5.0 (iPhone; cpu OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"
::1 - - [05/Dec/2016:14:36:00 +0000] "GET / HTTP/1.0" 200 6122 "-" "Mozilla/5.0 (iPhone; cpu OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"
127.0.0.1 - - [05/Dec/2016:14:36:00 +0000] "GET / HTTP/1.0" 200 6122 "-" "Mozilla/5.0 (iPhone; cpu OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"
::1 - - [05/Dec/2016:14:36:00 +0000] "GET / HTTP/1.0" 200 6121 "-" "Mozilla/5.0 (iPhone; cpu OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML,like Gecko) Version/10.0 Mobile/14B100 Safari/602.1"

…仍然是Safari中的空白页面.

最佳答案
这似乎不是SSL(或让我们加密)的问题.事实上,请求显示在您的日志文件中证明请求通过正常(SSL握手在实际请求到达服务器之前完成).

Nginx http 499的一点点Google搜索显示Nginx使用此(非官方)返回代码indicate that the client closed the connection before nginx was able to send an answer.

最可能的原因是服务器上的脚本需要很长时间才能运行,客户端认为连接超时并关闭连接.这可以通过减少允许脚本运行的时间来“解决”(如果Nginx支持这一点,我知道可以使用apache).当然,这并不能解决实际问题,它只会更改错误代码并将其报告给客户端.

如果原因是长时间运行的脚本,则必须在服务器端调试脚本以确定它的哪个部分需要这么长时间.

客户端是移动设备的另一种可能性是,它只是一个错误的连接,导致连接被丢弃.

原文链接:https://www.f2er.com/nginx/435363.html

猜你在找的Nginx相关文章