堆栈内存溢出
  简体   繁体   English

Nginx 代理到 node.js 服务器 SSL ERR_SSL_PROTOCOL_ERROR

[英]Nginx proxy to node.js server SSL ERR_SSL_PROTOCOL_ERROR

 原文  2021-04-06 06:21:11       node.js/ nginx/ ssl/ proxy

问题描述

EDIT:编辑:

I have verified that nodejs is running on the correct port, on http, and I have also tried with and without:我已经验证 nodejs 在正确的端口上运行,在 http 上,我也尝试过使用和不使用:

app.use('trust proxy', true);

EDIT 2:编辑2:

I turned off the nodejs server and tried to serve static files just with nginx, and the error persists, so clearly this has something to do with nginx and my ssl cert. I turned off the nodejs server and tried to serve static files just with nginx, and the error persists, so clearly this has something to do with nginx and my ssl cert.

My domain is a free domain from freenom and the ssl certificate was generated with certbot.我的域是来自 freenom 的免费域,并且 ssl 证书是使用 certbot 生成的。

Original:原来的:

I have a nodejs server running, and want to use nginx and proxy to the nodejs server.我有一个 nodejs 服务器正在运行,并且想使用 nginx 和 nodejs 服务器的代理。 (Nginx https -> nodejs http) (Nginx https -> nodejs http)

Running nginx -t gives no errors.运行nginx -t没有错误。

On ubuntu 20.04.2 , nginx 1.18.0 node 14.5.5在 ubuntu 20.04.2 , nginx 1.18.0 node 14.5.5

I have verified that my site works fine via http (on port 3000), but i get the following error when visiting via browser on https:我已通过 http(在端口 3000 上)验证我的网站工作正常,但通过 https 上的浏览器访问时出现以下错误:

ERR_SSL_PROTOCOL_ERROR ERR_SSL_PROTOCOL_ERROR

Further if i use openssl cli to try and connect, I get this此外,如果我使用 openssl cli 尝试连接,我得到这个

openssl s_client -connect my_domain.com:443 -servername my_domain.com

CONNECTED(00000003)
139662603941184:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 310 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

/etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf

server {
    listen 443 ssl;

    ssl_certificate     /server/resources/cert.pem;
    ssl_certificate_key /server/resources/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}
}

2 个解决方案

解决方案1
 0  2021-04-12 06:35:44

If you use Cloudflare, It may Cloudflare not issued SSL certificate for you yet, or Cloudflare failed to connect to origin with secure connection.如果您使用 Cloudflare,可能 Cloudflare 尚未为您颁发 SSL 证书,或者 Cloudflare 无法安全连接到源站。 Check your dashboard.检查您的仪表板。

解决方案2
 0  2021-04-16 18:13:48

Following is the working configuration of nginx.conf以下是 nginx.conf 的工作配置

I have also setup SSL with certbot + letsencrypt.我还使用 certbot +letsencrypt 设置了 SSL。

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}


server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name example.com www.example.com;
    root "/home/ubuntu/domain/code/directory/path/";
    index index.html index.htm;
    client_max_body_size 75M;   # adjust to taste

    location /api {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_read_timeout 600s;
    }

    location / {
        try_files $uri $uri/ /index.html;
    }

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_session_timeout 1h;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    add_header Strict-Transport-Security “max-age=15768000” always;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
}

I guess the above configuration might solve your issue.我想上面的配置可能会解决你的问题。

URL is https://www.example.com/api/ping redirects to http://localhost:3000/api/ping on the server. URL 是https://www.example.com/api/ping在服务器上重定向到http://localhost:3000/api/ping

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有SSL的Azure辅助角色上的Node.js导致ERR_SSL_PROTOCOL_ERROR - Node.js on Azure Worker Role w/ SSL results in ERR_SSL_PROTOCOL_ERROR ERR_SSL_PROTOCOL_ERROR - Socket.io 和 Node.js - ERR_SSL_PROTOCOL_ERROR - Socket.io and Node.js 向服务器 IP 发出请求时出现 ERR_SSL_PROTOCOL_ERROR - ERR_SSL_PROTOCOL_ERROR when making request to server IP http POST 上的 net::ERR_SSL_PROTOCOL_ERROR 到快递服务器 - net::ERR_SSL_PROTOCOL_ERROR on http POST to express server Docker ERR_SSL_PROTOCOL_ERROR - Docker ERR_SSL_PROTOCOL_ERROR socket.io 错误网络::ERR_SSL_PROTOCOL_ERROR - socket.io error net::ERR_SSL_PROTOCOL_ERROR 在Node.js Express中运行https服务器时出现ERR_SSL_PROTOCOL_ERROR浏览器错误消息 - ERR_SSL_PROTOCOL_ERROR browser error message while running a https server in nodejs express 在 axios reactJs 中获取 net::ERR_SSL_PROTOCOL_ERROR - getting net::ERR_SSL_PROTOCOL_ERROR in axios reactJs 连接建立错误:尝试建立并连接到Websocket服务器时,抛出net :: ERR_SSL_PROTOCOL_ERROR - Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR is thrown when trying establish and connect to a websocket server ERR_SSL_PROTOCOL_ERROR 仅适用于某些用户(nodejs,express) - ERR_SSL_PROTOCOL_ERROR only for some users (nodejs, express)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM