我正在创建一个网站,并且可以在Chrome和FireFox上正常运行,但是在Safari上却出现错误:
“ NSPOSIXErrorDomain:100”
我发现一则帖子,讲述了Safari显然不喜欢HTTP / 2下的多行HTTP标头,并告诉我编辑配置文件并删除所有多行配置。
我的服务器使用CPnginx,而那是我的配置文件:
#:hybrid:Nginx serve static files apache serve dynamic files:2.0:
server {
listen 107.161.189.242:443 ssl http2 ;
server_name meusite.com.br www.meusite.com.br;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#.............. Cpnginx OCSP stapling protection for security start ....................
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /usr/local/nginx/conf/ssl.ca.d/meusite.com.br_ca-bundle;
resolver 127.0.0.1 8.8.8.8 4.2.2.1 8.8.4.4 4.2.2.2 valid=300s;
resolver_timeout 5s;
#.............. Cpnginx OCSP stapling protection for security end....................
location = /favicon.ico {
log_not_found off;
}
access_log /usr/local/apache/domlogs/meusite.com.br-bytes_log bytes_log buffer=32k flush=5m;
access_log /usr/local/apache/domlogs/meusite.com.br-ssl_log combined buffer=32k flush=5m;
referer_hash_bucket_size 512;
# Static files directly from nginx
location ~* ^.+.(jpg|jpeg|gif|png|svg|webp|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css|3gp|sis|sisx|nth)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
root /home/meusitecom/public_html;
error_page 404 = @apache;
log_not_found off;
}
keepalive_requests 100;
keepalive_timeout 60s;
# Symlink attack
disable_symlinks on from=$document_root;
autoindex on;
# Disable direct access to .ht files and folders
location ~ /\.ht {
deny all;
}
# Access all cpanel services
location ~* ^/(cpanel|webmail|whm|bandwidth|img-sys|java-sys|mailman/archives|pipermail|sys_cpanel|cgi-sys|mailman) {
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Enabled MP4 streaming
location ~ .mp4$ {
mp4;
mp4_buffer_size 4M;
mp4_max_buffer_size 10M;
}
# X-FRAME attach protection
add_header X-Frame-Options "SAMEORIGIN";
# Protect sql injections
set $block_sql_injections 0;
if ($query_string ~ "union.*select.*\(") {
set $block_sql_injections 1;
}
if ($query_string ~ "union.*all.*select.*") {
set $block_sql_injections 1;
}
if ($query_string ~ "concat.*\(") {
set $block_sql_injections 1;
}
if ($block_sql_injections = 1) {
return 403;
}
# common exploit protection
set $block_common_exploits 0;
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}
# Hot Link protections
location ~ \.(jpe?g|png|gif|svg|tiff|bmp|webp|bpg)$ {
valid_referers none blocked meusite.com.br *.meusite.com.br;
if ($invalid_referer) {
return 403;
}
}
location @apache {
internal;
# Internal 404 redirect of static file to apache
access_log off;
log_not_found off;
client_max_body_size 2000m;
client_body_buffer_size 512k;
proxy_buffering on;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_connect_timeout 300s;
proxy_http_version 1.1;
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location / {
access_log off;
# include /usr/local/nginx/conf/vhost.ssl.d/meusite.com.br.rewrite;
log_not_found off;
client_max_body_size 2000m;
client_body_buffer_size 512k;
proxy_buffering on;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_connect_timeout 300s;
proxy_http_version 1.1;
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
# include /usr/local/nginx/conf/vhost.ssl.d/meusite.com.br.include;
}
server {
listen 107.161.189.242:443 ssl http2 ;
server_name cpanel.meusite.com.br whm.meusite.com.br webmail.meusite.com.br webdisk.meusite.com.br cpcalendars.meusite.com.br cpcontacts.meusite.com.br mail.meusite.com.br;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log off;
location / {
location ~ /.well-known{
root /home/meusitecom/public_html;
}
proxy_pass https://127.0.0.1:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
我需要对此文件进行哪些更改?
答案 0 :(得分:0)
我无法回答您的问题;但是,我可以为您提供诊断问题的策略。
首先,nginx配置(尽管如此)不包含答案。我看到的是几条proxy_pass行。这些上游服务器中的一个(或多个)正在返回违反RFC7230的内容。
通过直接将Bowser指向https://107.161.189.242:9443,可以证明nginx不会引起问题。或者,您可以停止nginx并将服务端口9443的进程移至端口443。
答案 1 :(得分:0)
好吧,经过多次测试,我找到了解决问题的方法。
我在我的nginx.conf上添加了指令"proxy_hide_header Upgrade;",以忽略标头Upgrade,由于某种原因它在Safari上崩溃了。