Nginx 是1.6.2
平台是 bananapro 开发板 装的 armbian 内核是4.1.6 的Debian Jessie
情况是 只要在配置文件中启用SPDY
一部分请求,多数为POST请求 Chrome 会报 error: net::ERR_SPDY_PROTOCOL_ERROR
之前在一VPS里的CentOS(v6.5)也报过同样的错误,
但是那时配了2个SSL的domain,只有1个用于科学翻墙的有问题
Nginx 是自己编译的1.8.x
同时,之前开发板一直跑的是Ubuntu,源里面的Nginx较新,从未出现这样的问题...
日志里面也没什么特别的信息,除了偶尔出现如下的信息:
2015/09/07 21:16:46 [error] 1593#0: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: ocsp.startssl.com
2015/09/07 21:18:41 [error] 1686#0: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: ocsp.startssl.com
2015/09/07 21:18:45 [error] 1688#0: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: ocsp.startssl.com
SSL配置用的是很普通的配置:
listen 443 ssl;
server_name a.mydomain.com;
#SSL Certificate
ssl_certificate /etc/nginx/certs/a.mydomain.com-unified.crt;
ssl_certificate_key /etc/nginx/certs/a.mydomain.com-decrypt.key;
#TLS only
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#SSL Session Cache
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/a.mydomain.com-unified.crt;
resolver 223.5.5.5;
#Disable Beast Attacks
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5:!DSS:!RC4;
#Stronger DHE Parameters
ssl_dhparam /etc/nginx/certs/dh4096.pem;
#HSTS
add_header Strict-Transport-Security "max-age=31536000";
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
同时附上相关文件&文件夹的权限
/etc/nginx# ls -al
drwxr-xr-x 6 root root 4096 Sep 7 10:27 .
drwxr-xr-x 86 root root 4096 Sep 7 20:21 ..
lrwxrwxrwx 1 root root 40 Sep 7 10:27 certs -> /mnt/config/etc/nginx/certs
drwxr-xr-x 2 root root 4096 Dec 1 2014 conf.d
-rw-r--r-- 1 root root 1034 Dec 1 2014 fastcgi.conf
-rw-r--r-- 1 root root 964 Dec 1 2014 fastcgi_params
-rw-r--r-- 1 root root 2837 Dec 1 2014 koi-utf
-rw-r--r-- 1 root root 2223 Dec 1 2014 koi-win
-rw-r--r-- 1 root root 3957 Dec 1 2014 mime.types
-rw-r--r-- 1 root root 1459 Dec 1 2014 nginx.conf
-rw-r--r-- 1 root root 180 Dec 1 2014 proxy_params
-rw-r--r-- 1 root root 596 Dec 1 2014 scgi_params
drwxr-xr-x 2 root root 4096 Sep 7 02:01 sites-available
drwxr-xr-x 2 root root 4096 Sep 7 10:38 sites-enabled
drwxr-xr-x 2 root root 4096 Sep 7 02:01 snippets
-rw-r--r-- 1 root root 623 Dec 1 2014 uwsgi_params
-rw-r--r-- 1 root root 3071 Dec 1 2014 win-utf
/var/lib/nginx# ls -al
drwxr-xr-x 7 root root 4096 Sep 7 02:01 .
drwxr-xr-x 32 root root 4096 Sep 7 02:06 ..
drwx------ 2 www-data root 4096 Sep 7 02:01 body
drwx------ 2 www-data root 4096 Sep 7 02:01 fastcgi
drwx------ 12 www-data root 4096 Sep 7 21:07 proxy
drwx------ 2 www-data root 4096 Sep 7 02:01 scgi
drwx------ 2 www-data root 4096 Sep 7 02:01 uwsgi
/var/lib/nginx# ps -aux | grep nginx
root 1725 0.0 0.2 24024 2348 ? Ss 21:19 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 1726 0.1 0.4 24448 4760 ? S 21:19 0:00 nginx: worker process
www-data 1727 0.1 0.4 24328 4592 ? S 21:19 0:00 nginx: worker process
www-data 1728 0.0 0.2 24180 2988 ? S 21:19 0:00 nginx: worker process
www-data 1729 0.0 0.2 24180 2988 ? S 21:19 0:00 nginx: worker process
实在是想不出问题的原因了,请哪位了解的来解答一下,谢谢了。
OpenSSL のバージョンに問題がありますか?
開発ボードは CentOS をインストールできるとしますか?
昨夜 jessie-backport に nginx 1.9.3 をインストールしたところ、問題は解消されました
1.9 未満のすべての nginx にこの問題があると言えるでしょうか?