今天升级了nginx,升级到1.16.1,然后发现SSL错误了,
upstream s_ssl{
#ip_hash;
server 127.0.0.1:8080;
}
upstream s_oss{
#ip_hash;
server demo.oss-cn-shanghai-internal.aliyuncs.com;
}
server {
listen 443 ssl;
server_name demo.mo8tech.com;
access_log /yjdata/logs/nginx_access_sck.log;
ssl_certificate /etc/nginx/conf.d/ssl/s.pem;
ssl_certificate_key /etc/nginx/conf.d/ssl/s.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_buffer_size 64k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://s_ssl;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
}
#单服务器用推荐用此配置
location ~ VerificationCode\.(png|jpg|jpeg)$ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_pass https://s_ssl;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect false;
access_log off;
expires 1d;
}
location ~ QrCodeForWeixin\.(png|jpg|jpeg)$ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_pass http://s_ssl;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect false;
access_log off;
expires 1d;
}
location ~ /uniapp/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ {
proxy_redirect off;
proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com;
proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect false;
access_log off;
expires 7d;
}
location ~ /pc/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ {
proxy_redirect off;
proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com;
proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect false;
access_log off;
expires 7d;
}
}
启动后nginx可以正常启动,但是访问https,出现502错误,并且错误日志如下
2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
更正的地方1个地方,重启后,问题解决
proxy_pass https://s_ssl; 修改为 proxy_pass http://s_ssl;
相关推荐
[ERROR] SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate] (SQL: ...
用于升级redhat或centos系统的openssl的rpm包
这是一本全面介绍常微分方程的书,其中给出了用C++,Java,Maple,Matlab等各种语言实现的解方程例子和分析过程。对于物理等专业应该很适用。
deform原始文件。晶粒原始文件,微观组织演变,材料晶粒细化
使用CPLD实现的USB通讯与UART通讯相互转换,USB通讯速率可以达到20M 使用专用USB接口芯片cy7c68013芯片
Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed” 很明显,验证证书的时候出现了问题。 使用curl如果想发起的https请求正常的话有2种做法: 方法一、设定为不验证...
Topics_include_Butterworth,_Chebyshev,_Bessel,_and_elliptical_filters_with_C_routines_for_computing_frequency_and_impulse_and_step_responses;_discrete_time_systems;_FIR_filter_design_with_the_Fourier_...
分享给大家供大家参考。具体分析如下: ... ... SSL certificate problem, verify that the CA cert is... Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 解决方法为在curl
在Centos6.5系统上,执行curl时,会报错,需要更新openssl,附件就是需要的更新包openssl-1.0.1e-16.el6_5.14.x86_64.rpm,错误信息为:curl: (35) error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_...
新版znfat 适用于stc 51系列单片机,28个例程和使用手册,51单片机上目前最新的fat32文件系统,版本号 10.89
在默认的 VoxHenry 版本中不再... - compile_mex_routines.m - pre_define_the_path_for_folders.m 在“use_recent_DIRECTFN=0”中更改“use_recent_DIRECTFN=1” 更多详情、使用方法,请下载后阅读README.md文件
PIC asm routines (sum, rest divition multi)
unsigned long get_list_size(list_t * list); /* List update routines */ int list_add(list_t * list, info_t * info); int list_add_tail(list_t * list, info_t * info); int list_replace(list_t * list, ...
Base class with common routines between the Apache and Lighttpd servers.
Don't forget to mention your name, street address, EMail and web site. Contributions: -------------- ICS has been designed by Fran鏾is PIETTE but many other peoples are working on the components ...
Implementation of routines imported by the rtcp_from_spec C code
Gym-Routines::flexed_biceps:&:cooking:
matlab_networks_routines中的各种代码 总共121个例程,来源于MIT网址,是学习的不错的资料,在处理图的分割和社团划分有很好的作用。代码是按函数进行分类的。
Tansformation Routines Relevant How to documents 博文链接:https://jgtang82.iteye.com/blog/189157
DataStage Parallel Routines