我正在使用http2和ssl配置nginx。我遇到了以下错误:
处理HTTP / 2连接时SSL_read()失败(SSL:错误:14094418:SSL例程:ssl3_read_bytes:tlsv1 alert unknown ca:SSL警报号48)
以下是我的配置:
user www-data;
worker_processes auto;
events {
use epoll;
worker_connections 128;
multi_accept on;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
" close;
}
proxy_read_timeout 86400;
server {
listen 443 ssl http2 default_server;
ssl_password_file /etc/nginx/nginx_sscert.pass;
ssl_certificate /etc/nginx/ssl/nginx_sscert.crt;
ssl_certificate_key /etc/nginx/ssl/nginx_sscert.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
root /var/www/dist;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 1000;
gzip_types text/plain application/x-javascript text/xml text/css;
client_body_temp_path /tmp/nginx;
proxy_temp_path /tmp/nginx;
error_log /var/log/nginx/debug.log debug;
}
}
NGINX版本-1.10.3(稳定)& 1.11.9(主线)
$ nginx -V的输出:
nginx version: nginx/1.10.3
built with OpenSSL 1.0.2h 3 May 2016
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --prefix=/usr --pid-path=/var/run/nginx/nginx.pid --with-http_auth_request_module --with-http_v2_module --with-http_ssl_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module
配置后输出nginx:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Firefox版本 - 51.0.1
Chrome版本 - 54.0.2 ***
对此的任何指示表示赞赏。 TIA:)
答案 0 :(得分:-1)
很明显,您的证书配置不正确。我建议使用提供免费证书的Let’s Encrypt,并且非常易于使用。
有关详情,请参阅Nginx论坛上的this thread。