Question

我们最近在我们的nginx服务器上实现了SSL。将我的twilio号码的消息传递请求网址从http://mywebsite.com更改为https://www.mywebsite.com会导致对新网址的请求不会显示在nginx的日志中。通过curl的相同请求工作正常。

twilio请求中没有涉及重定向。

模拟该请求的curl请求是：

curl -X GET "https://www.mywebsite.com/twilio_receiver?ToCountry=US&ToState=VA&SmsMessageSid=XXXXX&NumMedia=0&ToCity=FREDERICKSBG&FromZip=22407&SmsSid=XXXXX&FromState=VA&SmsStatus=received&FromCity=FREDERICKSBG&Body=Whit&FromCountry=US&To=%2B11111111111&ToZip=22407&MessageSid=XXXXX&AccountSid=XXXXX&From=%2B11111111111&ApiVersion=2010-04-01"

...由nginx记录为：

68.98.147.198 - - [10/Jul/2014:21:24:23 +0000] "GET /twilio_receiver?ToCountry=US&ToState=VA&SmsMessageSid=XXXXX&NumMedia=0&ToCity=FREDERICKSBG&FromZip=22407&SmsSid=XXXXX&FromState=VA&SmsStatus=received&FromCity=FREDERICKSBG&Body=Whit&FromCountry=US&To=%2B11111111111&ToZip=22407&MessageSid=XXXXX&AccountSid=XXXXX&From=%2B111111111111&ApiVersion=2010-04-01 HTTP/1.1" 500 1266 "-" "curl/7.32.0"

我的nginx配置文件看起来像（{{XXX}}东西是ansible变量，但它们在服务器上展开了）：

upstream unicorn {
  server unix:{{ project_root }}/tmp/sockets/unicorn.sock fail_timeout=0;
}

# this server block redirects naked domains to www.*
server {
  listen 80;
  listen 443 ssl;
  server_name mywebsite.com;
  return 301 https://www.mywebsite.com$request_uri;
}

# this server block redirects http requests to https
server {
  listen 80;
  server_name www.mywebsite.com;
  return 301 https://www.mywebsite.com$request_uri;
}

server {
  listen 443 ssl spdy default_server;
  listen [::]:443 ssl spdy default_server ipv6only=on;

  root {{ project_root }}/public;

  ssl_certificate /etc/nginx/ssl/www_mywebsite_com.chained;
  ssl_certificate_key /etc/nginx/ssl/www_mywebsite_com.key;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

try_files $uri/maintenance.html $uri/index.html $uri @unicorn;

location @unicorn {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_redirect   off;
  proxy_pass       http://unicorn;
}

location ~ ^/(assets)/ {  
  gzip_static on;
  expires     max;
  add_header  Cache-Control public;
}

location ~ ^/(sidekiq)/ {
  try_files $uri @unicorn;
}

location = /favicon.ico {
  expires       max;
  add_header    Cache-Control public;
  log_not_found off;
  access_log    off;
}

location = /robots.txt {
  allow         all;
  log_not_found off;
  access_log    off;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
  expires       max;
  log_not_found off;
}

error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;   
}

我试过完全禁用防火墙;没有效果。服务器正在运行Ubuntu 12.04。

Answer 1

问题解决了！ Twilio使用SSLv3，因此需要将其添加到上面nginx配置中的ssl_protocols行，如下所示：

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

这实际上是nginx更高版本的默认设置，因此根本不包括ssl_protocols行也是一个选项！

实施SSL时，Twilio消息传递请求无法访问nginx

1 个答案: