我正在尝试使用 Nginx 1.8.0 实现 spdy 协议。我已经使用 spdy 模块构建了它。
当我通过 spdycheck.org 检查我的网站时,一切都是绿色的,并说支持 spdy 3.1,但 Chrome 42 中的 chrome 扩展没有显示绿色箭头,并说它未启用。我还检查了 chrome://net-internals/#spdy,我的网站没有列在那里。
我在 StartSSL 获得了我的 SHA2 证书。
SSL Labs 给了我 A+ 等级,几乎是完美的分数。
Nginx 配置:
server {
listen xx.xx.xx.xx:80;
server_name domain.com www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen xx.xx.xx.xx:443 ssl spdy;
server_name domain.com www.domain.com;
if ($host = 'domain.com' ) {
return 301 https://www.domain.com$request_uri;
}
if ($host = 'it.domain.com' ) {
return 301 http://it.domain.com$request_uri;
}
ssl on;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Cloudflare recommended
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# Mozilla recommended
#ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_certificate /var/nginx/ssl/site.crt;
ssl_certificate_key /var/nginx/ssl/site.key;
ssl_dhparam /var/nginx/ssl/dhparam.pem;
ssl_trusted_certificate /var/nginx/ssl/startssl_trust_chain.crt;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
add_header Strict-Transport-Security "max-age=63072000; preload";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
access_log /home/virtual/domain.com/logs/access.log main;
error_log /home/virtual/domain.com/logs/error.log notice;
root /home/virtual/domain.com/subs/www;
index index.php index.html;
rewrite ^/it\.html http://it.domain.com permanent;
location ~* ^.+\.(jpg|jpeg|gif|png|js|css|ico|swf)$ {
expires 30d;
access_log off;
}
location ~ /\. {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfarm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/virtual/domain.com/subs/www/$fastcgi_script_name;
fastcgi_buffer_size 32k;
fastcgi_buffers 32 32k;
fastcgi_intercept_errors on;
include /var/nginx/conf/fastcgi.conf;
if ($request_uri ~* "^/index.php\??$") {
rewrite ^/.*$ http://$host? permanent;
}
}
}
有谁知道它为什么不起作用?
谢谢!
答案1
我找到了解决方案,但我不知道它是 Chrome 缓存还是 Avast。
清空整个浏览器缓存、删除所有浏览器数据并禁用 Avast 10 分钟后,它开始显示绿色箭头。
现在,即使 Avast 已启用,它仍会显示。
编辑
这是 Avast 的错。Web Shield HTTPS 扫描存在一些问题。
答案2
您可以尝试使用 ECDHE-RSA-AES128-GCM-SHA256 密码吗?这对我有用。我使用的是谷歌浏览器版本 44.0.2403.125 m