为什么卷曲不适合我的TLS ngrok隧道?

时间:2015-08-07 22:16:21

标签: apache ssl curl ngrok

当我在我的TLS隧道上运行curl --insecure 'https://foo/page'到我的基于Apache IP的虚拟主机时,我收到一条“400 Bad Request”回复,说“您的浏览器发送了一条请求此服务器无法理解的原因...原因:您正在向支持SSL的服务器端口说明HTTP ...请使用HTTPS方案访问此URL。“

但是,如果我使用curl直接向我的localhost地址发出请求,例如https://foo.ngrok.io/page我得到了正确的答复。另外,如果我在浏览器中向foo.ngrok.io发出请求,我会得到正确的回复。

我正在运行:OS X 10.9.5,Apache 2.4,ngrok2和curl 7.43.0。我的SSL证书是自签名的。

我在访问日志中注意到,当我在HTTP/1.1上使用curl时,我的HTTP/1.0请求已更改为ssl_engine_kernel.c(1824): [client 127.0.0.2:50517] OpenSSL: Exit: error in SSLv2/v3 read client hello A [client 127.0.0.2:50517] AH01996: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking HTTP to HTTPS port!? protocol.c(616): [client 127.0.0.2:50517] Request received from client: GET / HTTP/1.0 http_filters.c(1042): [client 127.0.0.2:50517] Response sent with status 400, headers: 个请求。另外,这是我的错误日志中的相应相关位:

Listen 127.0.0.2:443
<VirtualHost 127.0.0.2:443>
        ServerName foo
        DocumentRoot /Users/me/site
        ErrorLog "/usr/local/var/log/apache2/foo_error_log"
        CustomLog "/usr/local/var/log/apache2/foo_access_log" common
        <Directory "/Users/me/site">
                AllowOverride All
                Allow from All
                Options -Indexes
        </Directory>
        <IfModule ssl_module>
                SSLEngine on
                <Directory "/Users/me/site">
                        SSLOptions +StdEnvVars
                </Directory>
                SSLCertificateKeyFile "/usr/local/etc/apache2/2.4/ssl/foo.key"
                SSLCertificateFile "/usr/local/etc/apache2/2.4/ssl/foo.crt"
        </IfModule>
</VirtualHost>

Apache虚拟主机配置 

SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/usr/local/var/run/apache2/ssl_scache(512000)"
SSLSessionCacheTimeout 300

Apache SSL配置 

authtoken: <omitted>
tunnels:
  foo:
    addr: 127.0.0.2:443
    proto: tls
    hostname: "foo.ngrok.io"

ngrok.yml配置 

    $command = $s3->getCommand('GetObject', array(
       'Bucket' => 'bucket_name',
       'Key'    => 'object_name_in_s3'  
       'ResponseContentDisposition' => 'attachment; filename="'.$my_file_name.'"'
    ));

    $signedUrl = $command->createPresignedUrl('+15 minutes');
    echo $signedUrl;
    header('Location: '.$signedUrl);
    die();

2 个答案:

答案 0 :(得分:0)

目前,HTTP客户端(curl,浏览器等)必须支持SNI才能通过HTTPS与ngrok进行通信。这暗示了TLS和HTTP ngrok隧道。

答案 1 :(得分:0)

尝试在curl命令后添加-k。例如:

curl https://www {domain} com.ngrok.io/webhook -k

相关问题
最新问题