我有一个在laravel 5框架上运行的网站,并通过laravel forge在DigitalOcean上托管。我刚刚从Namecheap购买了一个简单的SSL证书,以便尝试使用该证书。在安装证书之前,一切都很好,我能够正确加载我的网站。通过Laravel Forge安装证书后,我的网站不再可加载(http或https)。我不知道发生了什么,以及从哪里开始调试。希望有人能够为我提供一些帮助。
我将在下面为您提供尽可能多的信息。
Nginx.conf通过Laravel伪造
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 128M;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
服务器详细信息VPS提供商:DigitalOcean
部署:Laravel Forge
平台:Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic
框架:Laravel 5
域注册:Namecheap
DNS Svr:ns1,ns2,ns3.digitalocean.com
CA:Comodo PositiveSSL
更新1:根据下面建议检查iptables的伙伴,这就是我所拥有的
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
更新2:curl -i测试确实显示该站点现在已重定向到https://连接。但是浏览器说ERR_CONNECTION_CLOSED
root@Apocalypse:/etc/nginx/ssl/www.example.com/10784# curl -i http://example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 01 Aug 2015 09:52:53 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.example.com/
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
root@Apocalypse:/etc/nginx/ssl/www.example.com/10784# curl -i http://www.example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 01 Aug 2015 09:53:24 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.example.com/
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
更新3:openssl s_client返回此错误
openssl s_client -connect www.example.com:443
CONNECTED(00000003)
140000289871520:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
更新4:我已经发现了问题..显然这行
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
造成了问题。一旦我将其删除,则所有内容都像魅力一样工作...但是现在,我的问题是我应该如何重新路由https://example.com
到https://www.example.com
?假设上面的代码将执行该操作。
好的,我已经解决了这个问题。现在我从哪里开始。
第一的
我想澄清一下,证书,Laravel forge和nginx配置文件没有问题。一切都设置正确并且配置正确。
第二
就像我在上面的问题中所做的一样,将您的nginx.conf配置如下:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 128M;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
请注意,在本部分中,我希望您注意一件事。当您重定向https连接(端口433至端口433)时,需要再次指定要使用的证书和密钥。当服务器执行重定向时,自然会建立一个新的连接,因此需要一个新的握手序列。这就是为什么我https://example.com
重定向
server {
listen 443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
return 301 $scheme://www.example.com$request_uri;
}
我将不得不重新指定证书,否则服务器将断开连接,因为没有要验证的凭据。完成此操作后,您应该完成一半。
第三
为了进行正确的重定向,您需要检查一些事情并确保已正确配置它。
http://example.com
,http://www.example.com
,https://example.com
,成https://www.example.com
。执行此检查,您可以使用@Wizzard的建议curl -i http://example.com/
最后
正确配置所有内容后,就应该开始进行安全的连接浏览。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句