因此,我只需集成我的证书,然后我的 nginx conf 会在我重新启动时对其进行验证。当我执行以下操作时:
netstat -anp | grep 443
它返回:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 22241/nginx
但是当我尝试通过浏览器访问它时它就超时了。
我的 nginx 配置是:
http {
server_names_hash_bucket_size 64;
server {
listen 80;
listen 443 ssl;
fastcgi_param HTTPS on;
server_name www.example.com example.com;
ssl on;
ssl_certificate /root/ssl/example_com/example.com.chained.crt;
ssl_certificate_key /root/ssl/example_com/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#rewrite ^/(.*) https://example.com/$1 permanent;
location / {
# Works on port 80....
}
}
}
events {
worker_connections 1024;
}
除此之外 iv'd 设置联邦快递在我的服务器上,我打开了端口 22、80 和 443。
TCP 转储
14:43:33.951775 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 216993490 ecr 0,sackOK,eol], length 0
14:43:34.980760 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 216994490 ecr 0,sackOK,eol], length 0
14:43:36.052331 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 216995490 ecr 0,sackOK,eol], length 0
14:43:37.101006 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 216996490 ecr 0,sackOK,eol], length 0
14:43:38.140117 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 216997490 ecr 0,sackOK,eol], length 0
14:43:39.210849 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 216998491 ecr 0,sackOK,eol], length 0
14:43:40.688591 IP LOCALIP.54653 > HOSTIP.443: Flags [S], seq 743769181, win 65535, options [mss 1460,sackOK,eol], length 0
14:43:41.311110 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 217000492 ecr 0,sackOK,eol], length 0
14:43:43.368351 IP LOCALIP.54660 > HOSTIP.443: Flags [S], seq 797790670, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 217002440 ecr 0,sackOK,eol], length 0
14:43:43.419444 IP LOCALIP.54661 > HOSTIP.443: Flags [S], seq 2577678109, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 217002490 ecr 0,sackOK,eol], length 0
14:43:45.534502 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 217004492 ecr 0,sackOK,eol], length 0
14:43:53.981084 IP LOCALIP.54664 > HOSTIP.443: Flags [S], seq 3123601024, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 217012492 ecr 0,sackOK,eol], length 0
会是什么呢?
答案1
为了确定数据包是否真的到达你的服务器,请运行
tcpdump -ni <outer network interface> host <IP of remote client> and port 443
例如:
tcpdump -ni eth0 host 12.34.56.78 and port 443
如果您看到数据包,则说明您的防火墙有问题。
如果没有,则说明您的客户端和 Web 服务器之间存在连接问题。
要解决此问题,您可以在客户端上运行:(
tracert <webserver's IP>在 Windows 上)
或
traceroute <webserver's IP>(在 Unix 上)
将输出保存到文件并致电您的 ISP/网络管理员/其他关心的人。他们可能会要求跟踪 - 您已将其保存在文件中。