今天升级了nginx,升级到1.16.1,然后发现SSL错误了,
upstream s_ssl{ #ip_hash; server 127.0.0.1:8080; } upstream s_oss{ #ip_hash; server demo.oss-cn-shanghai-internal.aliyuncs.com; } server { listen 443 ssl; server_name demo.mo8tech.com; access_log /yjdata/logs/nginx_access_sck.log; ssl_certificate /etc/nginx/conf.d/ssl/s.pem; ssl_certificate_key /etc/nginx/conf.d/ssl/s.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_buffer_size 64k; proxy_buffers 32 32k; proxy_busy_buffers_size 128k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://s_ssl; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; } #单服务器用推荐用此配置 location ~ VerificationCode\.(png|jpg|jpeg)$ { proxy_redirect off; proxy_set_header Host $host; proxy_pass https://s_ssl; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 1d; } location ~ QrCodeForWeixin\.(png|jpg|jpeg)$ { proxy_redirect off; proxy_set_header Host $host; proxy_pass http://s_ssl; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 1d; } location ~ /uniapp/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ { proxy_redirect off; proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 7d; } location ~ /pc/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ { proxy_redirect off; proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 7d; } }
启动后nginx可以正常启动,但是访问https,出现502错误,并且错误日志如下
2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
更正的地方1个地方,重启后,问题解决
proxy_pass https://s_ssl; 修改为 proxy_pass http://s_ssl;
相关推荐
HTTP.SSLProtocol := sslvTLSv1_2; // 可以根据服务器支持的SSL版本进行调整 ``` 4. **发送GET请求并读取文件内容**:使用`Get`方法向远程服务器发送HTTP GET请求,然后将返回的响应保存到字符串或内存流中。 ```...
libcurl 支持openssl协议 编译好的库和头文件以及openssl库文件。可以支持https地址的访问。备注:可能代码需要制定不验证ssl证书(curl_easy_setopt(easy_handle, CURLOPT_SSL_VERIFYPEER, 0L);)
[ERROR] SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate] (SQL: ...
### Squid 代理服务器启动时常见错误解析及解决方法 #### 概述 Squid 是一款广泛使用的开源代理缓存服务器,它能够为局域网内的用户提供更快的Web访问速度,并通过缓存机制减轻对外部网络的带宽压力。...
本压缩包文件"micro_user_routines.zip_DEFORM微观组织_deform晶粒_开发_组织演变"包含了与这一主题紧密相关的资料,特别是"micro_user_routines.f"文件,它可能是一个用户自定义的DEFORM计算程序或脚本。...
博客《新手入坑GMSSL(三)GMSSL双证书与360国密浏览器通讯》中修改的源码文件,位置在ssl/statem/statem_gmtls.c,如果怕自己修改错的话可以直接下载替换。
openssl1.0.1e_x86_x64lib和dll文件, 安装编译一次比较麻烦,所以花点时间一次性做到位,制作了windows版本的32位和64位dll和lib库文件以及头文件,希望对大家有帮助.
标题中的“USB-COM-routines.rar_CY7C68013_usb cpld”表明这是一个关于使用CY7C68013芯片通过CPLD实现USB与UART通信转换的工程或代码库。CY7C68013是一款常用的USB控制器芯片,常用于嵌入式系统中提供USB接口功能。...
用于升级redhat或centos系统的openssl的rpm包
1. Server unreachable: Errno: 35 error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version 解决方法:调整SSL版本,kms支持TLS1.0及以上的版本。 五、结论 阿里云媒体转码的m3u8转码...
例如,当gtmd尝试与big3d通信时,会显示“iqmgmt_ssl_connect: SSL error:***: SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed”。解决这类错误通常涉及到解决证书信任问题,如确保正确的...
Topics_include_Butterworth,_Chebyshev,_Bessel,_and_elliptical_filters_with_C_routines_for_computing_frequency_and_impulse_and_step_responses;_discrete_time_systems;_FIR_filter_design_with_the_Fourier_...
在Centos6.5系统上,执行curl时,会报错,需要更新openssl,附件就是需要的更新包openssl-1.0.1e-16.el6_5.14.x86_64.rpm,错误信息为:curl: (35) error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_...
标题"PIC-asm-routines.rar_PIC_SUM"指的是一个与PIC微控制器相关的汇编语言程序集合,主要关注求和(SUM)、剩余(Rest)以及除法和乘法(Division Multi)操作。这些基本的算术运算在嵌入式系统开发中至关重要,...
压缩包中的`3310_routines.c`和`3310_routines.h`文件包含了这些功能的实现。 6. **实例代码解析**:`3310_routines.c`文件包含了一系列用于操作NOKIA 3310 LCD的函数,如初始化、写命令、写数据等。`3310_routines...
然而,随着技术的发展,一些旧的加密库如mcrypt被弃用,取而代之的是更现代、更安全的openssl扩展。... 在描述中,我们看到一个例子,开发者使用了mcrypt_encrypt函数进行AES-128-CBC模式的加密,然后尝试用openssl_...
新版znfat 适用于stc 51系列单片机,28个例程和使用手册,51单片机上目前最新的fat32文件系统,版本号 10.89
在默认的 VoxHenry 版本中不再... - compile_mex_routines.m - pre_define_the_path_for_folders.m 在“use_recent_DIRECTFN=0”中更改“use_recent_DIRECTFN=1” 更多详情、使用方法,请下载后阅读README.md文件
unsigned long get_list_size(list_t * list); /* List update routines */ int list_add(list_t * list, info_t * info); int list_add_tail(list_t * list, info_t * info); int list_replace(list_t * list, ...