抱歉,我不是系统管理员。
我正在尝试安装我的 SSL 证书以用于加密目的,并使用 Nginx 作为我的 Tomcat Alfresco 应用程序的前端。
我无法按预期使用 HTTPS 访问我的域名,每次尝试连接时都会收到这些消息
铬合金:
SSL 连接错误
ERRSSLPROTOCOL_ERROR 隐藏详细信息 无法与服务器建立安全连接。这可能是服务器问题,或者可能需要您没有的客户端身份验证证书。
火狐浏览器:
连接到 www.example.com 时发生错误。SSL 收到的记录超出了最大允许长度。(错误代码:ssl_error_rx_record_too_long)无法显示您尝试查看的页面,因为无法验证收到的数据的真实性。
/var/log/nginx 上的日志文件(访问和错误)完全是空的,这是我的 nginx.conf 文件
user www-data;
worker_processes 2;
pid /run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 6;
#gzip_min_length 256;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/xml text/plain application/json text/javascript application/javascript application/x-javascript text/css text/csv text/x-markdown text/x-web-markdown application/atom+xml application/rss+xml application/atomsvc+xml;
#gzip_vary on;
# Set proxy cache path
proxy_cache_path /var/cache/nginx/alfresco levels=1 keys_zone=alfrescocache:256m max_size=512m inactive=1440m;
# Main website Tomcat instance
upstream alfresco {
server localhost:8080;
}
# Sharepoint Alfresco vti module
#upstream sharepoint {
# server localhost:7070;
#}
# Uncomment if you want redirect to https
server {
listen 80 default_server ;
listen [::]:80 default_server ipv6only=on;
server_name example.com www.example.com;
server_name_in_redirect off;
rewrite ^ https://$host$request_uri? permanent;
}
# Default server config. Update servername.
server {
#listen 80 default_server ;
#listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl;
#listen 443 ssl spdy;
server_name example.com www.example.com;
root /opt/alfresco/www;
index index.html index.htm;
# Redirecto root requests to Share
rewrite ^/$ /share;
ssl on;
ssl_certificate /etc/ssl/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_verify_client off;
ssl_session_timeout 15m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# spdy Support, use add_header if you do not use redirection from http to https
#add_header Alternate-Protocol 443:npn-spdy/2;
#spdy_headers_comp 4;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# redirect server error pages to the static page /50x.html
#
error_page 502 503 504 /maintenance.html;
location = /maintenance.html {
root /opt/alfresco/www;
}
# Access to old Alfresco web client. Remove this location if not needed.
location /alfresco {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share {
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
location /share/proxy/alfresco {
# This section is for allowing to rewrite 50x response to 401 on Ajax req.
# This forces Share to reload page, and thus display maintenance page
# Allow for large file uploads
client_max_body_size 0;
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
#proxy_buffering off;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_intercept_errors on;
error_page 502 503 504 =401 /maintenance.html;
}
location /share/res/ {
# Proxy all the requests to Tomcat
proxy_http_version 1.1;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_cache alfrescocache;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 1440m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504;
}
}
有人能帮我解决这个问题吗?我有 15 天的时间来完成这项工作或将其退回并要求 CA 退款。
额外信息:
Ubuntu 15.04
Java 版本“1.8.0_66”
Tomcat 7
nginx/1.8.0
GoDaddy 提供的 SSL
编辑:用户@主机:/ opt / alfresco / www $ ls -la total 20 drwxr-xr-x 2 www-data root 4096 Sep 17 18:21。drwxr-xr-x 9 alfresco alfresco 4096 Sep 17 19:23。-rw-r--r-- 1 www-data root 10563 Sep 17 18:21 Maintenance.html