centos - Nginx 启用 SPDY 一部分链接Chrome会报 error: net::ERR_SPDY_PROTOCOL_ERROR
某草草
某草草 2017-04-25 09:03:22
0
2
1807

Nginx 是1.6.2
平台是 bananapro 开发板 装的 armbian 内核是4.1.6 的Debian Jessie

情况是 只要在配置文件中启用SPDY
一部分请求,多数为POST请求 Chrome 会报 error: net::ERR_SPDY_PROTOCOL_ERROR

之前在一VPS里的CentOS(v6.5)也报过同样的错误,
但是那时配了2个SSL的domain,只有1个用于科学翻墙的有问题
Nginx 是自己编译的1.8.x

同时,之前开发板一直跑的是Ubuntu,源里面的Nginx较新,从未出现这样的问题...

日志里面也没什么特别的信息,除了偶尔出现如下的信息:

2015/09/07 21:16:46 [error] 1593#0: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: ocsp.startssl.com
2015/09/07 21:18:41 [error] 1686#0: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: ocsp.startssl.com
2015/09/07 21:18:45 [error] 1688#0: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: ocsp.startssl.com

SSL配置用的是很普通的配置:

    listen    443    ssl;
    server_name a.mydomain.com;

    #SSL Certificate 
    ssl_certificate      /etc/nginx/certs/a.mydomain.com-unified.crt;
    ssl_certificate_key  /etc/nginx/certs/a.mydomain.com-decrypt.key;
    #TLS only
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #SSL Session Cache
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    #OCSP stapling
    ssl_stapling on; 
    ssl_stapling_verify on; 
    ssl_trusted_certificate /etc/nginx/certs/a.mydomain.com-unified.crt;
    resolver 223.5.5.5;
    #Disable Beast Attacks
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5:!DSS:!RC4;
    #Stronger DHE Parameters
    ssl_dhparam /etc/nginx/certs/dh4096.pem;
    #HSTS
    add_header Strict-Transport-Security "max-age=31536000";
    #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

同时附上相关文件&文件夹的权限

/etc/nginx# ls -al
drwxr-xr-x  6 root root 4096 Sep  7 10:27 .
drwxr-xr-x 86 root root 4096 Sep  7 20:21 ..
lrwxrwxrwx  1 root root   40 Sep  7 10:27 certs -> /mnt/config/etc/nginx/certs
drwxr-xr-x  2 root root 4096 Dec  1  2014 conf.d
-rw-r--r--  1 root root 1034 Dec  1  2014 fastcgi.conf
-rw-r--r--  1 root root  964 Dec  1  2014 fastcgi_params
-rw-r--r--  1 root root 2837 Dec  1  2014 koi-utf
-rw-r--r--  1 root root 2223 Dec  1  2014 koi-win
-rw-r--r--  1 root root 3957 Dec  1  2014 mime.types
-rw-r--r--  1 root root 1459 Dec  1  2014 nginx.conf
-rw-r--r--  1 root root  180 Dec  1  2014 proxy_params
-rw-r--r--  1 root root  596 Dec  1  2014 scgi_params
drwxr-xr-x  2 root root 4096 Sep  7 02:01 sites-available
drwxr-xr-x  2 root root 4096 Sep  7 10:38 sites-enabled
drwxr-xr-x  2 root root 4096 Sep  7 02:01 snippets
-rw-r--r--  1 root root  623 Dec  1  2014 uwsgi_params
-rw-r--r--  1 root root 3071 Dec  1  2014 win-utf

/var/lib/nginx# ls -al
drwxr-xr-x  7 root     root 4096 Sep  7 02:01 .
drwxr-xr-x 32 root     root 4096 Sep  7 02:06 ..
drwx------  2 www-data root 4096 Sep  7 02:01 body
drwx------  2 www-data root 4096 Sep  7 02:01 fastcgi
drwx------ 12 www-data root 4096 Sep  7 21:07 proxy
drwx------  2 www-data root 4096 Sep  7 02:01 scgi
drwx------  2 www-data root 4096 Sep  7 02:01 uwsgi

/var/lib/nginx# ps -aux | grep nginx
root      1725  0.0  0.2  24024  2348 ?        Ss   21:19   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data  1726  0.1  0.4  24448  4760 ?        S    21:19   0:00 nginx: worker process
www-data  1727  0.1  0.4  24328  4592 ?        S    21:19   0:00 nginx: worker process
www-data  1728  0.0  0.2  24180  2988 ?        S    21:19   0:00 nginx: worker process
www-data  1729  0.0  0.2  24180  2988 ?        S    21:19   0:00 nginx: worker process

实在是想不出问题的原因了,请哪位了解的来解答一下,谢谢了。

某草草
某草草

Antworte allen(2)
黄舟

openssl版本问题?
话说开发板能装CentOS?

过去多啦不再A梦

昨晚装了jessie-backport中的nginx 1.9.3,问题消失

难道说 nginx<1.9的都有这个问题?

Beliebte Tutorials
Mehr>
Neueste Downloads
Mehr>
Web-Effekte
Quellcode der Website
Website-Materialien
Frontend-Vorlage