我似乎遇到了一个无法解决的问题。
火狐
我已经使用 Chrome、IE 和 Safari 测试了设置,似乎只有 Firefox 在我的 nginx 服务器上的 SSL 配置存在问题。原因尚不清楚,也许有人有一些解决此问题的技巧。
NGINX 配置:
upstream mysite {
server 192.168.1.2:8080;
}
server {
listen 443 ssl;
server_name mysite.example.com;
ssl on;
ssl_certificate /etc/ssl/certs/mysite.example.com.crt;
ssl_certificate_key /etc/ssl/certs/mysite.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
access_log /var/log/nginx/mysite.example.com.access.log combined;
error_log /var/log/nginx/mysite.example.com.error.log;
keepalive_timeout 210;
client_max_body_size 25M;
location / {
proxy_pass http://mysite;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host mysite.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
该证书是 GeoTrust G3 通配符证书。