`
jiaoronggui
  • 浏览: 1327908 次
  • 性别: Icon_minigender_1
  • 来自: 合肥
博客专栏
B7c2eb31-a8ea-3973-a517-d00141f39b89
项目管理软件-redmin...
浏览量:116416
4a63e153-250f-30f6-a051-97cfc67cb3d3
IT职业规划
浏览量:199306
社区版块
存档分类
最新评论

SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

阅读更多

今天升级了nginx,升级到1.16.1,然后发现SSL错误了,

 

upstream s_ssl{
	#ip_hash;
	server 127.0.0.1:8080;
}

upstream s_oss{
	#ip_hash;
	server demo.oss-cn-shanghai-internal.aliyuncs.com;
}

server {
	listen 443 ssl;
	server_name demo.mo8tech.com;
	access_log	/yjdata/logs/nginx_access_sck.log;
	ssl_certificate      /etc/nginx/conf.d/ssl/s.pem;
	ssl_certificate_key  /etc/nginx/conf.d/ssl/s.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;



	location / {
		proxy_redirect off;

		proxy_buffer_size 64k;
                proxy_buffers   32 32k;
                proxy_busy_buffers_size 128k;

		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass https://s_ssl;
		proxy_connect_timeout      300;
		proxy_send_timeout         300;
		proxy_read_timeout         300;
	}

	#单服务器用推荐用此配置
	location ~ VerificationCode\.(png|jpg|jpeg)$ {
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_pass https://s_ssl;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_redirect false;
		access_log off;
		expires 1d;
	}

	location ~ QrCodeForWeixin\.(png|jpg|jpeg)$ {
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_pass http://s_ssl;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_redirect false;
		access_log off;
		expires 1d;
	}
	
	location ~ /uniapp/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ {
		proxy_redirect off;
		proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com;
		proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_redirect false;
		access_log off;
		expires 7d;
	}

	location ~ /pc/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ {
		proxy_redirect off;
		proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com;
		proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_redirect false;
		access_log off;
		expires 7d;
	}



}

  

启动后nginx可以正常启动,但是访问https,出现502错误,并且错误日志如下

 

2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/"
2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"

 

更正的地方1个地方,重启后,问题解决

proxy_pass https://s_ssl;
修改为

proxy_pass http://s_ssl;

 

 

 

 

分享到:
评论

相关推荐

    delphi读取远程ini文件中的内容并执行_delphi远程ini_

    HTTP.SSLProtocol := sslvTLSv1_2; // 可以根据服务器支持的SSL版本进行调整 ``` 4. **发送GET请求并读取文件内容**:使用`Get`方法向远程服务器发送HTTP GET请求,然后将返回的响应保存到字符串或内存流中。 ```...

    libcurl支持https访问curl支持openssl协议编译好的库(包含openssl)

    libcurl 支持openssl协议 编译好的库和头文件以及openssl库文件。可以支持https地址的访问。备注:可能代码需要制定不验证ssl证书(curl_easy_setopt(easy_handle, CURLOPT_SSL_VERIFYPEER, 0L);)

    hyperf 3.0 查询sql server数据库 database扩展修改

    [ERROR] SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate] (SQL: ...

    运行报错:Error: error:0308010C:digital envelope routines::unsupporte

    1、运行报错:Error: error:0308010C:digital envelope routines::unsupported 1、问题描述 使用VScode运行项目: PS D:\MrWu\DCode\VScode\antd4\datalake-flow-monitor-web-master> npm run start 运行报错: PS...

    squid代理中出现的错误

    ### Squid 代理服务器启动时常见错误解析及解决方法 #### 概述 Squid 是一款广泛使用的开源代理缓存服务器,它能够为局域网内的用户提供更快的Web访问速度,并通过缓存机制减轻对外部网络的带宽压力。...

    micro_user_routines.zip_DEFORM微观组织_deform晶粒_开发_组织演变

    本压缩包文件"micro_user_routines.zip_DEFORM微观组织_deform晶粒_开发_组织演变"包含了与这一主题紧密相关的资料,特别是"micro_user_routines.f"文件,它可能是一个用户自定义的DEFORM计算程序或脚本。...

    statem_gmtls.c

    博客《新手入坑GMSSL(三)GMSSL双证书与360国密浏览器通讯》中修改的源码文件,位置在ssl/statem/statem_gmtls.c,如果怕自己修改错的话可以直接下载替换。

    USB-COM-routines.rar_CY7C68013_usb cpld

    标题中的“USB-COM-routines.rar_CY7C68013_usb cpld”表明这是一个关于使用CY7C68013芯片通过CPLD实现USB与UART通信转换的工程或代码库。CY7C68013是一款常用的USB控制器芯片,常用于嵌入式系统中提供USB接口功能。...

    升级openssl所需的rpm包:openssl-1.0.1e-48.el6.x86_64.rpm

    用于升级redhat或centos系统的openssl的rpm包

    it618视频直播学院 m3u8转码视频hls标准加密设置方法1

    1. Server unreachable: Errno: 35 error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version 解决方法:调整SSL版本,kms支持TLS1.0及以上的版本。 五、结论 阿里云媒体转码的m3u8转码...

    F5GTMdocumentation

    例如,当gtmd尝试与big3d通信时,会显示“iqmgmt_ssl_connect: SSL error:***: SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed”。解决这类错误通常涉及到解决证书信任问题,如确保正确的...

    数字滤波器设计手册

    Topics_include_Butterworth,_Chebyshev,_Bessel,_and_elliptical_filters_with_C_routines_for_computing_frequency_and_impulse_and_step_responses;_discrete_time_systems;_FIR_filter_design_with_the_Fourier_...

    openssl-1.0.1e-16.el6_5.14.x86_64.rpm

    在Centos6.5系统上,执行curl时,会报错,需要更新openssl,附件就是需要的更新包openssl-1.0.1e-16.el6_5.14.x86_64.rpm,错误信息为:curl: (35) error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_...

    PIC-asm-routines.rar_PIC_SUM

    标题"PIC-asm-routines.rar_PIC_SUM"指的是一个与PIC微控制器相关的汇编语言程序集合,主要关注求和(SUM)、剩余(Rest)以及除法和乘法(Division Multi)操作。这些基本的算术运算在嵌入式系统开发中至关重要,...

    NOKIA_3310-LCD_routines.zip_nokia 3310

    压缩包中的`3310_routines.c`和`3310_routines.h`文件包含了这些功能的实现。 6. **实例代码解析**:`3310_routines.c`文件包含了一系列用于操作NOKIA 3310 LCD的函数,如初始化、写命令、写数据等。`3310_routines...

    升级 PHP7.1 后 openssl 解密 mcrypt AES 数据不兼容问题的处理方法

    然而,随着技术的发展,一些旧的加密库如mcrypt被弃用,取而代之的是更现代、更安全的openssl扩展。... 在描述中,我们看到一个例子,开发者使用了mcrypt_encrypt函数进行AES-128-CBC模式的加密,然后尝试用openssl_...

    NEW-znfat-10.89-stc51-28-routines.zip_51 ZNFAT _51单片机znfat_STC_s

    新版znfat 适用于stc 51系列单片机,28个例程和使用手册,51单片机上目前最新的fat32文件系统,版本号 10.89

    用于体素化结构的 FFT 加速电感提取器_C++_代码_下载

    在默认的 VoxHenry 版本中不再... - compile_mex_routines.m - pre_define_the_path_for_folders.m 在“use_recent_DIRECTFN=0”中更改“use_recent_DIRECTFN=1” 更多详情、使用方法,请下载后阅读README.md文件

    一个双向链表程序(单进程)

    unsigned long get_list_size(list_t * list); /* List update routines */ int list_add(list_t * list, info_t * info); int list_add_tail(list_t * list, info_t * info); int list_replace(list_t * list, ...

Global site tag (gtag.js) - Google Analytics