NGINX 和 Chrome

tag-icon tag-icon ubuntu nginx web-server
NGINX 和 Chrome

有点疯狂,抓狂。该网站http://alpha.draser.co.uk在 IE 和 Firefox 上有效(仅测试过这些),但在 Chrome 上无效。我在我的电脑和远程服务器上测试过,出现了同样的问题。

alpha.draser.co.uk 配置

server {
    listen 37.230.100.89:80;
    root /var/www/draser/alpha/public;
    index index.php index.html index.htm;
    server_name alpha.draser.co.uk;
    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}`

drser.co.uk 配置

server {
    listen 37.230.100.89:80;

    if ($http_referer ~* (buttons-for-website.com)) { return 444; }

    server_name www.draser.co.uk draser.co.uk;
    return 301 https://draser.co.uk$request_uri;
}

server {
    listen 37.230.100.89:443 ssl;

    if ($http_referer ~* (buttons-for-website.com)) { return 444; }

    root /var/www/draser/live/public;
    index index.php index.html index.htm;

    server_name www.draser.co.uk draser.co.uk;
    ssl_certificate /etc/nginx/certs/draser/draser.crt;
    ssl_certificate_key /etc/nginx/certs/draser/draser.key;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

`

编辑:在两台电脑上测试了所有 3 种浏览器。尝试清除 Chrome 缓存,但无济于事。

答案1

命中SSL的原因alpha.draser.co.uk是这样的定义:

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";

这告诉浏览器始终使用 HTTPS 连接到 的任何子域draser.co.uk。您在第一次请求 时就从服务器收到了此设置https://draser.co.uk

这是 SSL/TLS 连接的安全功能。

配置中的另一个问题:

您的证书文件缺少来自 StartCom 的中级证书,如下所示Qualys SSL 测试

因此,您需要下载http://www.startssl.com/certs/sub.class1.server.ca.pem并将其添加到draser.crt文件中的证书后面。

相关内容