我有一个用 flask 编写的 Web 应用程序,大多数用户都可以完美运行。但是,某些特定移动电话运营商(SFR 和 Bouygues Télécom,法国移动电话运营商)的用户无法访问该 Web 应用程序。
我发现他们在 Firefox Mobile 上遇到了 ERR_CONNECTION_RESET。我在 nginx 日志中注意到了这个错误,2021/08/17 19:16:58 [crit] 324713#324713: *110940 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: *.*.*.*, server: 0.0.0.0:443但它似乎并不相关:https://stackoverflow.com/questions/65854933/nginx-ssl-error141cf06cssl-routinestls-parse-ctos-key-sharebad-key-share
Web 应用程序使用 nginx 和 gunicorn。
这是 nginx 配置文件:
server {
if ($host = www.domain.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.fr) {
return 301 https://$host$request_uri;
} # managed by Certbot
# listen on port 80 (http)
listen 80;
server_name domain.fr www.domain.fr;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name domain.fr domain.fr;
# write access and error logs to /var/log
access_log /var/log/web_app_access.log;
error_log /var/log/web_app_error.log;
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
# forward application requests to the gunicorn server
proxy_pass http://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
# handle static files directly, without forwarding to the application
alias /home/barman/web-app/app/static;
expires 30d;
}
ssl_certificate /etc/letsencrypt/live/domain.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.fr/privkey.pem; # managed by Certbot
}
Gunicorn 由 Supervisorctl 运行:
[program:web_app]
command=/home/barman/web-app/venv/bin/gunicorn -b localhost:8000 -w 4 web_app:app
directory=/home/barman/web-app
user=barman
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
这个问题很奇怪,你有什么解决办法吗?谢谢