Golang + nginx + https

时间:2016-11-26 09:51:52

标签: nginx go https

我 - 转发作为听众 http https 加入服务器。 Nginx 配置为处理http + https的传入请求。证书有序。 使用单独的服务器可以在https协议上对它们的查询结果完美运行。但是,当我使用代理 nginx 时,https无法从服务器和服务器获得响应转到

  

" http:来自127.0.0.1:54037的TLS握手错误:tls:第一条记录   看起来不像是TLS握手

可能是什么问题?

客户去:

package main

import (
    "net/http"
    "log"

)

func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.\n"))
    // fmt.Fprintf(w, "This is an example server.\n")
    // io.WriteString(w, "This is an example server.\n")
}

func main() {
    http.HandleFunc("/", HelloSSLServer)
    go http.ListenAndServe("192.168.1.2:80", nil)
    err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)

    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }



}

Nginx配置:

server {
    listen       192.168.1.2:80;
    server_name   somedomain;
    rewrite ^ https://$host$request_uri? permanent;    
}
server {
    listen        192.168.1.2:443 ssl;
    server_name   somedomain;
    access_log    /var/log/nginx/dom_access.log;
    error_log     /var/log/nginx/dom_error.log;
    ssl_certificate     /stuff/ssl/domain.cert;
    ssl_certificate_key /stuff/ssl/private.cert;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;


    location /
    {
        proxy_pass http://localhost:9007;
#       proxy_redirect    http://localhost:1500 http://site1;
        proxy_cookie_domain localhost somedomain;
        proxy_buffering off;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Client-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

3 个答案:

答案 0 :(得分:5)

https与proxy_pass一起使用

location /
{
    proxy_pass https://localhost:9007;
    ...
}

答案 1 :(得分:0)

nginx .config文件应该是这样的

server {
        listen 443 ssl http2;
        listen 80;
        server_name www.mojotv.cn;
        ssl_certificate     /home/go/src/my_go_web/ssl/**.pem; 
        ssl_certificate_key /home/go/src/my_go_web/ssl/**.key; 
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;
        location /(css|js|fonts|img)/ {
            access_log off;
            expires 1d;
            root "/home/go/src/my_go_web/static";
            try_files $uri @backend;
        }
        location / {
            try_files /_not_exists_ @backend;
        }
        location @backend {
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header Host $http_host;
           proxy_pass http://127.0.0.1:********;
        }
        access_log  /home/wwwroot/www.mojotv.cn.log;## nginx log path
}

the golang web app with http2 ssl feature shiped with nginx

答案 2 :(得分:0)

我收到类似的错误信息给OP,以获得一个没有额外配置的更基本的Go服务器。

  

tls:第一条记录看起来不像是TLS握手

我的临时修复只是为了确保测试网址包含" https://"以及URL中的端口号。

没有工作 - ipaddress

没有工作 - https://ipaddress

工作 - https://ipaddress:8081

它会进行测试,直到更高级的设置。只需将其发布以帮助其他人进行故障排除。

相关问题
最新问题