首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
广告
popphen
V2EX  ›  问与答

nginx 反向代理 google 问题,现在访问提示 SSL 连接出错,大神帮忙看看

  •   
  •   popphen · 2014-11-25 14:28:34 +08:00 · 6648 次点击
    这是一个创建于 3645 天前的主题,其中的信息可能已经有所发展或是发生改变。
    proxy_cache_path /usr/local/nginx/cache/ levels=1:2 keys_zone=one:10m max_size=10g;
    proxy_cache_key "$host$request_uri";
    server {
    listen 80;
    server_name g.juxia.me;
    rewrite ^(.*) https://g.juxia.me$1 permanent;
    }

    upstream google {
    server 74.125.224.71:80 max_fails=3;
    server 74.125.224.72:80 max_fails=3;
    server 74.125.224.73:80 max_fails=3;
    server 74.125.224.74:80 max_fails=3;
    server 74.125.224.75:80 max_fails=3;
    server 74.125.224.76:80 max_fails=3;
    server 74.125.224.77:80 max_fails=3;
    server 74.125.224.78:80 max_fails=3;
    server 74.125.224.79:80 max_fails=3;
    server 74.125.224.80:80 max_fails=3;
    }
    server {
    listen 443;
    server_name g.juxia.me;
    ssl on;
    ssl_certificate /usr/local/nginx/ssl.crt;
    ssl_certificate_key /usr/local/nginx/ssl.key;
    location / {
    proxy_cache one;
    proxy_cache_valid 200 302 1h;
    proxy_cache_valid 404 1m;
    proxy_redirect https://www.google.com/ /;
    proxy_cookie_domain google.com g.juxia.me;
    proxy_pass http://google;
    proxy_set_header Host "www.google.com";
    proxy_set_header Accept-Encoding "";
    proxy_set_header User-Agent $http_user_agent;
    proxy_set_header Accept-Language "zh-CN";
    proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2w1IQ-Maw";
    sub_filter www.google.com g.juxia.me;
    sub_filter_once off;
    }
    }
  • Server
  • g.juxia.me
  • SSL
    15 条回复    2014-12-04 20:20:13 +08:00
    rex1901
        1
    rex1901  
       2014-11-25 14:41:23 +08:00   ❤️ 1
    proxy_pass http://74.125.224.207;
    popphen
        2
    popphen  
    OP
       2014-11-25 16:42:06 +08:00
    @rex1901 哥们,这个修正了还是提示ssl链接出错,无法访问,很奇怪
    sdcg1994
        3
    sdcg1994  
       2014-11-25 20:14:20 +08:00
    不加https能直接打开。。。
    sdcg1994
        4
    sdcg1994  
       2014-11-25 20:19:42 +08:00
    我的代码是这样,你可以参考下
    server {
    listen 80;
    server_name *.com www.*.com ;
    rewrite ^(.*) https://www.*.com$1 permanent;
    add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
    }

    server {
    listen 443 ssl spdy;
    server_name *.com www.*.com ;
    ssl on;
    ssl_certificate /cert/sever.crt ;
    ssl_certificate_key /cert/sever.key ;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
    location / {
    proxy_redirect https://www.google.com/ /;
    proxy_pass http://173.194.120.67;
    proxy_cookie_domain google.com *.com;
    proxy_set_header Accept-Language "zh-CN";
    proxy_set_header Accept-Encoding "";
    proxy_set_header User-Agent $http_user_agent;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_cache one;
    proxy_cache_valid 200 304 3h;
    proxy_cache_valid 301 3d;
    proxy_cache_valid any 1m;
    proxy_cache_use_stale invalid_header error timeout http_502;
    sub_filter google.com *.com;
    sub_filter_once off;
    }
    }
    popphen
        5
    popphen  
    OP
       2014-11-25 20:21:34 +08:00
    @sdcg1994 是啊我也郁闷,很奇怪加了及就不行
    popphen
        6
    popphen  
    OP
       2014-11-25 20:27:01 +08:00
    @sdcg1994 按照你这个提示
    nginx: [emerg] "proxy_cache" zone "one" is unknown in /usr/local/nginx/conf/nginx.conf:118
    rex1901
        7
    rex1901  
       2014-11-25 22:08:17 +08:00   ❤️ 1
    不加cache试试,我的就没有加,是可以用的。

    server {
    listen 80;
    server_name g.juxia.me;
    rewrite ^(.*) https://g.juxia.me$1 permanent;
    }

    server {
    listen 443;
    server_name g.juxia.me;

    ssl on;
    ssl_certificate /usr/local/nginx/ssl.crt;
    ssl_certificate_key /usr/local/nginx/ssl.key;

    location / {
    proxy_redirect http://www.google.com/ /;
    proxy_cookie_domain google.com g.juxia.me;
    proxy_pass http://74.125.224.207;
    proxy_set_header Accept-Encoding "";
    proxy_set_header User-Agent $http_user_agent;
    proxy_set_header Accept-Language "zh-TW";
    proxy_set_header Cookie "PREF=ID=136346c68dca691f:U=1b64135de4bae02b:FF=2:LD=zh-TW:NW=1:TM=1410449167:LM=1410449198:GM=1:SG=1:S=mandOuC2bhozpAdN";
    sub_filter www.google.com g.juxia.me;
    sub_filter_once off;
    }
    }
    popphen
        8
    popphen  
    OP
       2014-11-25 22:14:56 +08:00
    @rex1901 是没有错误了,但是奇怪https还是失败
    rex1901
        9
    rex1901  
       2014-11-25 22:43:39 +08:00
    @popphen 感觉你的443端口没有打开的样子,你用netstat查看一下是否冲突,iptables是否设置不正确呢。
    rex1901
        10
    rex1901  
       2014-11-25 22:45:25 +08:00   ❤️ 1
    @popphen nginx更改端口,需要重启nginx,单纯nginx -s reload貌似不能改变端口绑定。
    popphen
        11
    popphen  
    OP
       2014-11-25 22:56:48 +08:00
    @rex1901 3q,搞定,确实需要重启服务,
    camilletan
        12
    camilletan  
       2014-12-04 10:41:38 +08:00
    怎么解决的啊,能告诉我下么
    camilletan
        13
    camilletan  
       2014-12-04 10:42:02 +08:00
    @popphen
    camilletan
        14
    camilletan  
       2014-12-04 10:52:19 +08:00   ❤️ 1
    @popphen 我的也是ssl错误,443端口启用了啊,也重启了,但是还是错的
    popphen
        15
    popphen  
    OP
       2014-12-04 20:20:13 +08:00
    @camilletan 两个可能
    1.证书密码错误
    2。nginx服务要重启 restart
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1164 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 23:33 · PVG 07:33 · LAX 15:33 · JFK 18:33
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.