Question

如果我的问题没有得到正确解释，我在使用服务器方面相对较新，所以道歉。

我已按照以下教程在 DigitalOcean 上托管了 Parse-Server
1. www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04
2。的 www.digitalocean.com/community/tutorials/how-to-secure-nginx-on-ubuntu-14-04

一切正常，除非我的iOS应用程序尝试获取任何文件（使用URL进行PFFile）时遇到错误＆＃34; CFNetwork SSLHandshake失败（-9806）＆＃34; 并且浏览器我得到＆＃34;无法与服务器建立安全连接＆＃34; 。

我要提取的文件网址是 - ＆＃34; https://cobbet.com:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png＆＃34;

但是，如果我更改＆＃34; https ＆＃34;到＆＃34; http ＆＃34;并替换我的domain_name＆＃34; cobbet.com ＆＃34;通过实际IP地址＆＃34; 104.236.228.111 ＆＃34;，我可以在浏览器上访问该文件。

有效的文件URL - ＆＃34; http://104.236.228.111:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png＆＃34;

我的 Nginx服务器配置是

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    server_name cobbet.com
    return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
        listen 443 default_server ssl;
        server_name cobbet.com;

        root /usr/share/nginx/html;
        index index.html index.htm;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/cobbet.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cobbet.com/privkey.pem;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128$
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        location ~ /.well-known {
                allow all;
        }


        # Pass requests for /parse/ to Parse Server instance at localhost:1337
        location /parse/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:1337/parse/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        # Pass requests for /dashboard/ to Parse Server instance at localhost:4040
        location /dashboard/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:4040/dashboard/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }



        location / {
                try_files $uri $uri/ =404;
        }
}

如何解决此问题，以便我的应用可以下载没有SSL错误的文件？

谢谢！

Answer 1

你混淆了你的端口：

此http://104.236.228.111:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png绕过nginx并直接转到后端，后端正在1337端口侦听此服务器。

此https://cobbet.com:1337/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png也尝试在1337上连接到您的后端，但您的后端不会在该端口上提供https。

访问nginx的正确网址是https://cobbet.com/parse/files/IpFrZ8h4ZFjv9fKhUq3p7C2ca2WOBuAkbbzmtrxe/50c99849-9e31-4414-9552-f640fb43eb53_iphone_6.png

您不需要该端口，因为客户端知道https端口是443.使用浏览器访问此内容会显示内容和正在运行的Let的加密证书，因此这应该有效。

注意：将您的后端端口（1337）暴露在互联网上通常不是一个好主意。关闭防火墙中的端口或至少将后端应用程序绑定到ip 127.0.0.1（而不是0.0.0.0）。

Nginx服务器中的SSL握手失败

1 个答案: