如果我的问题没有得到正确解释,我在使用服务器方面相对较新,所以道歉。
我已按照以下教程在 DigitalOcean 上托管了 Parse-Server
1. www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04
2。的 www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04
一切正常,除非我的iOS应用程序尝试获取任何文件(使用URL进行PFFile)时遇到错误" CFNetwork SSLHandshake失败(-9806)" 并且浏览器我得到"无法与服务器建立安全连接" 。
我要提取的文件网址是 - " https://cobbet.com:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png"
但是,如果我更改" https "到" http "并替换我的domain_name" cobbet.com "通过实际IP地址" 104.236.228.111 ",我可以在浏览器上访问该文件。
有效的文件URL -
" http://104.236.228.111:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png"
我的 Nginx服务器配置是
# HTTP - redirect all requests to HTTPS
server {
listen 80;
server_name cobbet.com
return 301 https://$host$request_uri;
}
# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
listen 443 default_server ssl;
server_name cobbet.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/cobbet.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cobbet.com/privkey.pem;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128$
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
# Pass requests for /parse/ to Parse Server instance at localhost:1337
location /parse/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1337/parse/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
# Pass requests for /dashboard/ to Parse Server instance at localhost:4040
location /dashboard/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4040/dashboard/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location / {
try_files $uri $uri/ =404;
}
}
如何解决此问题,以便我的应用可以下载没有SSL错误的文件?
谢谢!
答案 0 :(得分:1)
你混淆了你的端口:
此http://104.236.228.111:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png绕过nginx并直接转到后端,后端正在1337端口侦听此服务器。
此https://cobbet.com:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png也尝试在1337上连接到您的后端,但您的后端不会在该端口上提供https。
您不需要该端口,因为客户端知道https端口是443.使用浏览器访问此内容会显示内容和正在运行的Let的加密证书,因此这应该有效。
注意:将您的后端端口(1337)暴露在互联网上通常不是一个好主意。关闭防火墙中的端口或至少将后端应用程序绑定到ip 127.0.0.1(而不是0.0.0.0)。