配置ssl后显示连接已重置

RaspiSQH 41.9m2019-12-30193 次点击

配置ssl后用https访问显示连接已重置,http正常,error.log没有显示。。。ssl配置如下:

server
{‌‌
listen 80;
listen 443 ssl http2;
server_name *****;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/****;


#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/***/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/****/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;

收藏 ♥ 感谢
Spoony 小组长 2019-12-30 
完整的配置贴一下看看
RaspiSQH 41.9m 2019-12-30 
@Spoony
server
{‌‌
listen 80;
listen 443 ssl http2;
server_name echocraft.top 62.234.151.241;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/echocraft.top;

#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/echocraft.top/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/echocraft.top/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;

#SSL-END

#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END

#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-73.conf;
#PHP-INFO-END

#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/echocraft.top.conf;
#REWRITE-END


#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{‌‌‌
return 404;
}

#一键申请SSL证书验证目录相关设置
location ~ \.well-known{‌‌‌
allow all;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{‌‌‌
expires 30d;
error_log off;
access_log /dev/null;
}

location ~ .*\.(js|css)?$
{‌‌‌
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /www/wwwlogs/echocraft.top.log;
error_log /www/wwwlogs/echocraft.top.error.log;
}
Spoony 小组长 2019-12-30 
这个配置里面如果有重定向的部分,那么可能是这个导致的。
include /www/server/panel/vhost/rewrite/echocraft.top.conf;

SSL的部分我没有逐行确认,给你我用的供你参考。

listen 80;

listen 443 ssl;

ssl on;
ssl_certificate /home/cert/xxx.crt;
ssl_certificate_key /home/cert/xxx.key;
ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

#listen [::]:80 default_server;
RaspiSQH 41.9m 2019-12-30 
@Spoony 重定向是空的,我试一下
Spoony 小组长 2019-12-30 
@RaspiSQH 嗯,把涉及到重定向的配置都注释了看看。
error_page 这行也是。
RaspiSQH 41.9m 2019-12-31  ♥ 1
@Spoony 艹,原来是本地网络问题。。。换移动网络就行了。。。。fuck gfw!!

登录注册 后可回复。