[英]Nginx proxy to node.js server SSL ERR_SSL_PROTOCOL_ERROR
我已经验证 nodejs 在正确的端口上运行,在 http 上,我也尝试过使用和不使用:
app.use('trust proxy', true);
I turned off the nodejs server and tried to serve static files just with nginx, and the error persists, so clearly this has something to do with nginx and my ssl cert.
我的域是来自 freenom 的免费域,并且 ssl 证书是使用 certbot 生成的。
我有一个 nodejs 服务器正在运行,并且想使用 nginx 和 nodejs 服务器的代理。 (Nginx https -> nodejs http)
运行nginx -t没有错误。
在 ubuntu 20.04.2 , nginx 1.18.0 node 14.5.5
我已通过 http(在端口 3000 上)验证我的网站工作正常,但通过 https 上的浏览器访问时出现以下错误:
ERR_SSL_PROTOCOL_ERROR
此外,如果我使用 openssl cli 尝试连接,我得到这个
openssl s_client -connect my_domain.com:443 -servername my_domain.com
CONNECTED(00000003)
139662603941184:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 310 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
server {
listen 443 ssl;
ssl_certificate /server/resources/cert.pem;
ssl_certificate_key /server/resources/privkey.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
如果您使用 Cloudflare,可能 Cloudflare 尚未为您颁发 SSL 证书,或者 Cloudflare 无法安全连接到源站。 检查您的仪表板。
以下是 nginx.conf 的工作配置
我还使用 certbot +letsencrypt 设置了 SSL。
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name example.com www.example.com;
root "/home/ubuntu/domain/code/directory/path/";
index index.html index.htm;
client_max_body_size 75M; # adjust to taste
location /api {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 600s;
}
location / {
try_files $uri $uri/ /index.html;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 1h;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security “max-age=15768000” always;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
}
我想上面的配置可能会解决你的问题。
URL 是https://www.example.com/api/ping在服务器上重定向到http://localhost:3000/api/ping 。
具有SSL的Azure辅助角色上的Node.js导致ERR_SSL_PROTOCOL_ERROR
[英]Node.js on Azure Worker Role w/ SSL results in ERR_SSL_PROTOCOL_ERROR
http POST 上的 net::ERR_SSL_PROTOCOL_ERROR 到快递服务器
[英]net::ERR_SSL_PROTOCOL_ERROR on http POST to express server
在Node.js Express中运行https服务器时出现ERR_SSL_PROTOCOL_ERROR浏览器错误消息
[英]ERR_SSL_PROTOCOL_ERROR browser error message while running a https server in nodejs express
在 axios reactJs 中获取 net::ERR_SSL_PROTOCOL_ERROR
[英]getting net::ERR_SSL_PROTOCOL_ERROR in axios reactJs
连接建立错误:尝试建立并连接到Websocket服务器时,抛出net :: ERR_SSL_PROTOCOL_ERROR
[英]Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR is thrown when trying establish and connect to a websocket server
ERR_SSL_PROTOCOL_ERROR 仅适用于某些用户(nodejs,express)
[英]ERR_SSL_PROTOCOL_ERROR only for some users (nodejs, express)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.