最后更新

tag-icon tag-icon ssl apache-2.4 http2
最后更新

我正在为我的应用程序设置 HTTP2,但在 y 浏览器上随机收到 ERR_SSL_PROTOCOL_ERROR。

这只发生在 Google Chrome 浏览器上。在 Firefox 上一切正常。

我正在使用 Let's Encrypth 进行 SSL 加密,一切运行正常。今天启用 HTTP2 后出现了问题。我使用的是 Apache2。我将其更新到 2.4.38 以支持 HTTP2 模块

我尝试了以下操作:

  • 禁用 http2 模块/重新启动 apache2

  • 清除所有浏览器缓存

  • 使用 .htacess 重置 HSTS 标头:

标头设置 Strict-Transport-Security“max-age=0; includeSubDomains;” env=HTTPS

没有结果,这仍然有随机错误。

这是我的虚拟主机配置:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
            DocumentRoot /var/www/domain/prod/web
            ServerName sub.domain.tld
            ServerAlias domain
            ServerAdmin [email protected]

    <Directory "/var/www/domain/prod/web/">
            Options FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            Allow from All
    </Directory>
    ErrorLog /var/www/domain/prod/logs/error.log
    LogLevel warn
    CustomLog /var/www/domain/prod/logs/access.log combined
    ServerSignature On

            SSLEngine On
            Include /etc/letsencrypt/options-ssl-apache.conf

            Protocols h2 http/1.1

            SSLCertificateFile 
            /etc/letsencrypt/live/domain/fullchain.pem
            SSLCertificateKeyFile 
           /etc/letsencrypt/live/domain/privkey.pem
    </VirtualHost>
 </IfModule>

最后更新

我把马丁的答案推崇为最佳答案,因为安装 PHP-FPM 似乎解决了我的问题(没有看到 SSL_ERROR)我做了以下事情:https://www.vultr.com/docs/use-php5-fpm-with-apache-2-on-ubuntu-14-04

但是对于我的一个网站,我在特定页面上收到 500 错误。Apache 错误日志显示:

[Mon Apr 01 14:58:31.844703 2019] [:error] [pid 30434] [client 81.200.189.9:30902] FastCGI: server "/usr/lib/cgi-bin/php5-fcgi" stderr: PHP message: PHP  12. Project->projectFormat() /var/www/jachete/models/Project.php:137

我不太明白错误是什么,有什么想法吗?

更新

禁用“pagespeed”模块后,这里发生了一些有趣的事情,这是我从 error.log 中得到的错误

[Sun Mar 31 16:13:07.090348 2019] [http2:warn] [pid 16845] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Sun Mar 31 16:13:07.119247 2019] [mpm_prefork:notice] [pid 16845] AH00163: Apache/2.4.38 (Ubuntu) OpenSSL/1.1.1b mpm-itk/2.4.6-01 PHP/5.5.9-1ubuntu4.27 configured -- resuming normal operations

根据https://http2.pro/doc/Apache这是因为 mpm-itk 不支持 http2。因为它只是通知/警告,我认为没有理由导致 SSL_ERROR?

以下是 Qualys Lab 的测试结果(A)Qualyshttps://i.stack.imgur.com/deMnu.jpg

以下是一些 apache2 错误日志:

    [Sun Mar 31 15:31:07.393421 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Failed to make directory /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld: Permission denied
[Sun Mar 31 15:31:07.393454 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/loading.gif,.temp
[Sun Mar 31 15:31:07.393488 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/loading.gif,.tempqeySBV:0: opening temp file: No such file or directory
[Sun Mar 31 15:31:08.115111 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Failed to make directory /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld: Permission denied
[Sun Mar 31 15:31:08.115142 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/favicon.png,.temp
[Sun Mar 31 15:31:08.115162 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/favicon.png,.tempT2JwQU:0: opening temp file: No such file or directory
[Sun Mar 31 15:31:08.118059 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Failed to make directory /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld: Permission denied
[Sun Mar 31 15:31:08.118103 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] Could not create directories for file /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/xfavicon.png.pagespeed.ic.coNvSghNBK.webp,.temp
[Sun Mar 31 15:31:08.118126 2019] [pagespeed:error] [pid 13785] [mod_pagespeed 1.13.35.2-0 @13785] /var/cache/mod_pagespeed/v3/domain.tld/https,3A/,2Fapp.domain.tld/views/assets/img/logo/xfavicon.png.pagespeed.ic.coNvSghNBK.webp,.tempg9bR5T:0: opening temp file: No such file or directory

存在权限被拒绝错误,但是当我查看权限时,我得到了这个

drwxr-xr-x  6 www-data www-data 4096 Oct 30 06:34 http,3A/
drwxr-xr-x  3 www-data www-data 4096 Jun 30  2018 https,3A/

我应该为所有用户添加写权限吗?(chmod a+w dir/ -R)?

顺便说一句,即使我禁用 PageSpeed 模块,SSL 错误仍然会发生,所以我猜测上面日志中的错误与我的 SSL 问题无关?

答案1

禁用 mpm_prefork,不要使用 mod_php 使用 PHP FPM 作为快速 CGI 代理,一切都会好起来。

看:https://http2.pro/doc/Apache

我希望这能有所帮助。

相关内容