部署 Nginx 添加 SSL 后网站打不开

maxchen · 2018年03月20日 · 最后由 maxchen 回复于 2018年03月20日 · 8316 次阅读

添加 ssl 后,网站显示

We're sorry, but something went wrong.
If you are the application owner check the logs for more information.

想在 production.log 中查找是什么问题,可是立面什么都没有,一下子没有头绪,所以贴出我的 nginx 配置如下,麻烦大家帮我看看是什么问题呢:

user               myusername;
worker_processes   1;
error_log          /var/log/nginx/error.log warn;
pid                /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                            '$status $body_bytes_sent "$http_referer" '
                            '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

          sendfile        on;
          #tcp_nopush     on;

          keepalive_timeout  65;

          #gzip  on; 
      server {
    listen       80 default_server;
        listen       443 ssl;
        server_name  snugnest.com;
        root /mnt/www/snugnest.com/current/public; 

        ssl_certificate   /etc/nginx/sites-enabled/ssl/214551715610547.pem;
        ssl_certificate_key  /etc/nginx/sites-enabled/ssl/214551715610547.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location ^~ /assets/ {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
        } 

    try_files $uri/index.html $uri @user1;
    location @user2 {
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass https://snugnest;
    } 
    error_page 500 502 503 504 /500.html;
    client_max_body_size 1G;
    keepalive_timeout 10;
  }
}

看 nginx 的日志呀~~

tassandar 回复
SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 223.72.91.245, server: snugnest.com, request: "GET / HTTP/1.1", upstream: "https://unix:///mnt/www/snugnest.com/shared/tmp/sockets/puma.sock:/", host: "snugnest.com"
tassandar 回复

把 TLSv1.1 删掉?

pass 是 http 还是 https, 我看你的配置有这一句:proxy_pass https://snugnest;, 日志是有这一句:https://unix:///

proxy_pass https://snugnest; 改成 http

协议换成 SSLv3 试试

tassandar 回复

sl_protocols TLSv1 TLSv1.1 TLSv1.2;

改成:

sl_protocols SSLv3;

是吗?这样还是不行。

tassandar 回复

可以了,proxy_pass https://snugnest; 改成 http 就可以,不需要改协议,谢谢你

maxchen 关闭了讨论。 03月20日 18:55
需要 登录 后方可回复, 如果你还没有账号请 注册新账号