Niginx服务器:SSL_ERROR_RX_RECORD_TOO_LONG

时间:2019-10-06 18:42:33

标签: http ssl nginx https

我最近在Nginx的EC2上托管了一个react应用。 react应用程序在端口3000上运行。

所以我使用-

将HTTP和HTTPS请求重定向到端口3000 
{
  "data": {"name": "results"},
  "transform": [
    {"pivot": "type", "groupby": ["name"], "value": "count"},
    {
      "calculate": "datum.tests - (datum.failures + datum.skipped + datum.errors)",
      "as": "passed"
    },
    {
      "fold": ["passed", "failures", "skipped", "errors"],
      "as": ["type", "count"]
    }
  ],
  "mark": "bar",
  "encoding": {
    "x": {"aggregate": "sum", "type": "quantitative", "field": "count"},
    "y": {"type": "nominal", "field": "name"},
    "color": {
      "type": "nominal",
      "field": "type",
      "sort": ["passed", "failures", "skipped", "errors"],
      "scale": {"range": ["green", "red", "grey", "yellow"]}
    },
    "order": {"range": ["passed", "failures", "skipped", "errors"]}
  },
  "datasets": {
    "results": [
      {"count": 10, "name": "test_suite_0", "type": "tests"},
      {"count": 10, "name": "test_suite_1", "type": "tests"},
      {"count": 10, "name": "test_suite_2", "type": "tests"},
      {"count": 10, "name": "test_suite_3", "type": "tests"},
      {"count": 10, "name": "test_suite_4", "type": "tests"},
      {"count": 10, "name": "general-test-suite", "type": "tests"},
      {"count": 2, "name": "test_suite_0", "type": "skipped"},
      {"count": 2, "name": "test_suite_1", "type": "skipped"},
      {"count": 3, "name": "test_suite_2", "type": "skipped"},
      {"count": 4, "name": "test_suite_3", "type": "skipped"},
      {"count": 3, "name": "test_suite_4", "type": "skipped"},
      {"count": 1, "name": "general-test-suite", "type": "skipped"},
      {"count": 3, "name": "test_suite_0", "type": "failures"},
      {"count": 2, "name": "test_suite_1", "type": "failures"},
      {"count": 0, "name": "test_suite_2", "type": "failures"},
      {"count": 2, "name": "test_suite_3", "type": "failures"},
      {"count": 3, "name": "test_suite_4", "type": "failures"},
      {"count": 3, "name": "general-test-suite", "type": "failures"},
      {"count": 4, "name": "test_suite_0", "type": "errors"},
      {"count": 4, "name": "test_suite_1", "type": "errors"},
      {"count": 4, "name": "test_suite_2", "type": "errors"},
      {"count": 1, "name": "test_suite_3", "type": "errors"},
      {"count": 4, "name": "test_suite_4", "type": "errors"},
      {"count": 2, "name": "general-test-suite", "type": "errors"}
    ]
  }
}

我在/ etc / nginx / sites-available中的conf文件中添加了域名和证书详细信息。 conf文件是-

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3000

sudo service netfilter-persistent save

运行此命令时-

server {
   listen 443 ssl;
   root /var/www/myapp/client/build;
   server_name example.com;
   index index.html index.htm;
   ssl_certificate /etc/ssl/bundle.crt;
   ssl_certificate_key /etc/ssl/mykey.key;

   location / {
   }
}

server {
    listen 80;

    server_name example.com ip_address;
    return 301 https://example.com$request_uri;
}

我明白了 

sudo lsof -i -P -n

我可以在 http://example.com 上看到该网站,但是在尝试访问 https://example.com 时出现错误。我收到错误-

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-n  630 systemd-network   19u  IPv4  25765      0t0  UDP 172.11.25.109:68 
systemd-r  641 systemd-resolve   12u  IPv4  15768      0t0  UDP 127.0.0.53:53 
systemd-r  641 systemd-resolve   13u  IPv4  15769      0t0  TCP 127.0.0.53:53 (LISTEN)
sshd       973            root    3u  IPv4  19516      0t0  TCP *:22 (LISTEN)
sshd       973            root    4u  IPv6  19533      0t0  TCP *:22 (LISTEN)
sshd      1388            root    3u  IPv4  21610      0t0  TCP 172.11.25.109:22->95.91.208.58:60491 (ESTABLISHED)
sshd      1523          ubuntu    3u  IPv4  21610      0t0  TCP 172.11.25.109:22->95.91.208.58:60491 (ESTABLISHED)
node      1743            root   24u  IPv4  23414      0t0  TCP *:3000 (LISTEN)
nginx     1924            root    8u  IPv4  25687      0t0  TCP *:443 (LISTEN)
nginx     1924            root    9u  IPv4  25688      0t0  TCP *:80 (LISTEN)
nginx     1928        www-data    8u  IPv4  25687      0t0  TCP *:443 (LISTEN)
nginx     1928        www-data    9u  IPv4  25688      0t0  TCP *:80 (LISTEN)

如何在HTTPS上正确托管Web应用?

1 个答案:

答案 0 :(得分:0)

  

所以我使用...将HTTP和HTTPS请求重定向到端口3000。

这会将IP数据包直接定向到端口80,并将443直接定向到端口3000,这意味着将完全绕过nginx。因此,nginx的任何配置都是无关紧要的。

https://example.com的访问将尝试在端口443上进行TLS握手,该握手实质上是端口3000(由于IP数据包的重定向)-但是端口3000无法理解TLS。端口3000上的服务器将改为使用纯HTTP并返回HTTP错误,因为TLS握手的开始显然不是有效的HTTP请求。然后,此错误消息将被解释为TLS响应,从而导致此奇怪的错误消息。

您需要代替iptables规则进行配置的是将nginx配置为反向代理,例如,请参见here

相关问题
最新问题