HTTPS 有效,HTTP 无效

HTTPS 有效,HTTP 无效

我在 Ubuntu 13.10 上使用 NGINX 1.5.12,HTTPS 运行正常,并且页面已提供(HHVM 和 PHP5-FPM),尝试以 HTTP 形式加载网站失败,WGET 返回以下信息:

HTTP request sent, awaiting response... 200 No headers, assuming HTTP/0.9
Length: unspecified
Saving to: ‘index.html’

    [                                <=>    ] 44          --.-K/s   in 29s     

2014-04-05 11:55:37 (1.49 B/s) - ‘index.html’ saved [44]

cURL 返回以下内容:

?d???? ???

在 HTTPS 上运行 cURL 时我得到以下信息:

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: HHVM/3.1.0-dev+2014.04.04

我的配置

nginx.conf

user www-data www-data;
pid /var/run/nginx.pid;
worker_rlimit_nofile 100000;

events {
    worker_connections  4096;
    multi_accept on;
}

http {
    default_type application/octet-stream;

    access_log off;
    error_log  /var/log/nginx/error.log crit;

    sendfile on;
    tcp_nopush on;

    keepalive_timeout 20;
    client_header_timeout 20;
    client_body_timeout 20;
    reset_timedout_connection on;
    send_timeout 20;

    types_hash_max_size 2048;

    gzip on;
    gzip_disable "msie6";
    gzip_proxied any;
    gzip_min_length 256;
    gzip_comp_level 4;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;

    server_names_hash_bucket_size 128;

    include mime.conf;
    charset UTF-8;

    open_file_cache max=100000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    server_tokens off;

    include proxy.conf;
    include fcgi.conf;

    include conf.d/*.conf;
    include /etc/nginx.custom.d/*.conf;
}

conf.d/example-com.conf

server {
    listen *:80;
    listen *:443 ssl;
    ssl_certificate /srv/example.com/example.com.unified.crt;
    ssl_certificate_key /srv/example.com/example.com.key;
    server_name example.com www.example.com;

    access_log /var/log/nginx/example-com.access.log;
    error_log /var/log/nginx/example-com.error.log;

    root /srv/example.com/root;
    index index.html index.htm index.php;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;



    location  / {

        try_files $uri $uri/ /index.php?$query_string;

    }


    location ~ \.php$ {

        gzip off;

fastcgi_keep_conn on;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
include        fcgi.conf;


    }


    location ^~ \.(jpg|jpeg|gif|css|png|js|ico|html)$ {

        access_log off;



    }

}

我不明白为什么 HTTPS 可以工作而 HTTP 却不可以?!

尝试将 application/octet-stream 更改为 text/html,但没有任何区别。

答案1

我遇到了同样的问题。检查端口 80 的监听指令。它不能包含“spdy”或“http2”

答案2

拆分服务器块(虽然有效,但它受到推崇的使用单独的块。)

(假设您只想要 ssl,否则复制内容。)

301 到 SSL

server {
        listen 80;
        listen [::]:80;
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen 443 ssl;
.....

使用相同配置进行拆分

server {
    listen *:80;
    server_name example.com www.example.com;

    access_log /var/log/nginx/example-com.access.log;
    error_log /var/log/nginx/example-com.error.log;

    root /srv/example.com/root;
    index index.html index.htm index.php;


    location  / {

        try_files $uri $uri/ /index.php?$query_string;

    }


    location ~ \.php$ {

        gzip off;

fastcgi_keep_conn on;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
include        fcgi.conf;


    }


    location ^~ \.(jpg|jpeg|gif|css|png|js|ico|html)$ {

        access_log off;



    }

}
server {
    listen *:443 ssl;
    ssl_certificate /srv/example.com/example.com.unified.crt;
    ssl_certificate_key /srv/example.com/example.com.key;
    server_name example.com www.example.com;

    access_log /var/log/nginx/example-com.access.log;
    error_log /var/log/nginx/example-com.error.log;

    root /srv/example.com/root;
    index index.html index.htm index.php;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;



    location  / {

        try_files $uri $uri/ /index.php?$query_string;

    }


    location ~ \.php$ {

        gzip off;

fastcgi_keep_conn on;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
include        fcgi.conf;


    }


    location ^~ \.(jpg|jpeg|gif|css|png|js|ico|html)$ {

        access_log off;



    }

}

相关内容