Nginx + SSL 证书加密问题

Nginx + SSL 证书加密问题

抱歉,我不是系统管理员。

我正在尝试安装我的 SSL 证书以用于加密目的,并使用 Nginx 作为我的 Tomcat Alfresco 应用程序的前端。

我无法按预期使用 HTTPS 访问我的域名,每次尝试连接时都会收到这些消息

铬合金:

SSL 连接错误

ERRSSLPROTOCOL_ERROR 隐藏详细信息 无法与服务器建立安全连接。这可能是服务器问题,或者可能需要您没有的客户端身份验证证书。

火狐浏览器:

连接到 www.example.com 时发生错误。SSL 收到的记录超出了最大允许长度。(错误代码:ssl_error_rx_record_too_long)无法显示您尝试查看的页面,因为无法验证收到的数据的真实性。

/var/log/nginx 上的日志文件(访问和错误)完全是空的,这是我的 nginx.conf 文件

user www-data;
worker_processes 2;
pid /run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# Logging Settings
##

access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;

##
# Gzip Settings
##

gzip                on;
gzip_disable        "msie6";
gzip_http_version   1.1;
gzip_comp_level     6;
#gzip_min_length    256;
gzip_buffers        16 8k;
gzip_proxied        any;
gzip_types          text/xml text/plain application/json text/javascript application/javascript application/x-javascript text/css text/csv text/x-markdown text/x-web-markdown application/atom+xml application/rss+xml application/atomsvc+xml;
#gzip_vary           on;

# Set proxy cache path
proxy_cache_path /var/cache/nginx/alfresco levels=1 keys_zone=alfrescocache:256m max_size=512m inactive=1440m;

# Main website Tomcat instance
upstream alfresco {
    server localhost:8080;
}

# Sharepoint Alfresco vti module
#upstream sharepoint {
#    server localhost:7070;
#}

# Uncomment if you want redirect to https
server {
    listen        80 default_server ;
    listen   [::]:80 default_server ipv6only=on;
    server_name example.com www.example.com;
    server_name_in_redirect off;
    rewrite ^ https://$host$request_uri? permanent;
}

# Default server config. Update servername.
server {
    #listen        80 default_server ;
    #listen   [::]:80 default_server ipv6only=on;
    listen        443 default_server ssl;
    #listen        443 ssl spdy;
    server_name example.com www.example.com;

    root /opt/alfresco/www;
    index index.html index.htm;

    # Redirecto root requests to Share
    rewrite ^/$ /share;

    ssl         on;
    ssl_certificate       /etc/ssl/example.crt;
    ssl_certificate_key   /etc/ssl/private/example.key;
    ssl_verify_client off;

    ssl_session_timeout  15m;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    #ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    # spdy Support, use add_header if you do not use redirection from http to https
    #add_header        Alternate-Protocol  443:npn-spdy/2;
    #spdy_headers_comp 4;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.html;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page 502 503 504 /maintenance.html;
        location = /maintenance.html {
        root   /opt/alfresco/www;
    }

    # Access to old Alfresco web client. Remove this location if not needed.
    location /alfresco {

        # Allow for large file uploads
        client_max_body_size 0;

        # Proxy all the requests to Tomcat
        proxy_http_version 1.1;
        #proxy_buffering off;
        proxy_pass http://alfresco;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Server $host;
    }

    location /share {

        # Allow for large file uploads
        client_max_body_size 0;

        # Proxy all the requests to Tomcat
        proxy_http_version 1.1;
        #proxy_buffering off;
        proxy_pass http://alfresco;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Server $host;
    }

    location /share/proxy/alfresco {
        # This section is for allowing to rewrite 50x response to 401 on Ajax req.
        # This forces Share to reload page, and thus display maintenance page

        # Allow for large file uploads
        client_max_body_size 0;

        # Proxy all the requests to Tomcat
        proxy_http_version 1.1;
        #proxy_buffering off;
        proxy_pass http://alfresco;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_intercept_errors on;
        error_page 502 503 504 =401 /maintenance.html;
    }

    location /share/res/ {

        # Proxy all the requests to Tomcat
        proxy_http_version 1.1;
        proxy_pass http://alfresco;
        proxy_set_header  Host $http_host;

        proxy_cache alfrescocache;
        proxy_cache_min_uses 1;
        proxy_cache_valid  200 302 1440m;
        proxy_cache_valid  404 1m;
        proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504;
    }
}

有人能帮我解决这个问题吗?我有 15 天的时间来完成这项工作或将其退回并要求 CA 退款。

额外信息:

Ubuntu 15.04

Java 版本“1.8.0_66”

Tomcat 7

nginx/1.8.0

GoDaddy 提供的 SSL

编辑:用户@主机:/ opt / alfresco / www $ ls -la total 20 drwxr-xr-x 2 www-data root 4096 Sep 17 18:21。drwxr-xr-x 9 alfresco alfresco 4096 Sep 17 19:23。-rw-r--r-- 1 www-data root 10563 Sep 17 18:21 Maintenance.html

相关内容