我无法将我的http请求发送到https请求。我的服务器域名是myservers.com。我的前辈(离开办公室)从 comodo RSA域验证安全服务器CA 带来了通配证ssl证书。当我使用https://myservers.com时它工作正常,它显示默认页面。现在我的MD在服务器上安装了tomcat并告诉我将其设为https。所以我将我的war文件上传到webapps并且工作正常http://myservers.com:8080/。但是https://myservers.com:8443/显示此网页不可用 ERR_SSL_VERSION_OR_CIPHER_MISMATCH时效果不佳。 所有证书都可在etc / nginx / ssl。
位置获得这是我的server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="200" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/nginx/ssl/domain.keystore" keystorePass="changeit"/>
在我的搜索中,我找到了这两个文件 1)myservers.com - 在位置 - etc / nginx / sites-available 2)myservers.com - 位置 - etc / nginx / sites-enabled
两个文件都包含相同的代码
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /var/www/myservers.com/html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name myappdemo.com;
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/myservers.com.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
请帮助以找出问题
答案 0 :(得分:0)
只需在&#34; ssl_certificate_key&#34;之后添加这3行。解决问题:
ssl_ciphers HIGH:!ADH:!MD5:!aNULL:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;