SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
程序员文章站
2022-03-19 16:52:37
...
今天升级了nginx,升级到1.16.1,然后发现SSL错误了,
upstream s_ssl{ #ip_hash; server 127.0.0.1:8080; } upstream s_oss{ #ip_hash; server demo.oss-cn-shanghai-internal.aliyuncs.com; } server { listen 443 ssl; server_name demo.mo8tech.com; access_log /yjdata/logs/nginx_access_sck.log; ssl_certificate /etc/nginx/conf.d/ssl/s.pem; ssl_certificate_key /etc/nginx/conf.d/ssl/s.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_buffer_size 64k; proxy_buffers 32 32k; proxy_busy_buffers_size 128k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://s_ssl; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; } #单服务器用推荐用此配置 location ~ VerificationCode\.(png|jpg|jpeg)$ { proxy_redirect off; proxy_set_header Host $host; proxy_pass https://s_ssl; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 1d; } location ~ QrCodeForWeixin\.(png|jpg|jpeg)$ { proxy_redirect off; proxy_set_header Host $host; proxy_pass http://s_ssl; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 1d; } location ~ /uniapp/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ { proxy_redirect off; proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 7d; } location ~ /pc/*.*\.(gif|jpg|jpeg|png|bmp|swf|ico|js|css|txt|zip|mov|mp4)$ { proxy_redirect off; proxy_set_header Host demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_pass https://demo.oss-cn-shanghai-internal.aliyuncs.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect false; access_log off; expires 7d; } }
启动后nginx可以正常启动,但是访问https,出现502错误,并且错误日志如下
2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:18 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8080/favicon.ico", host: "s.mo8tech.com", referrer: "https://s.mo8tech.com/" 2020/04/13 18:04:19 [error] 27728#27728: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 36.5.133.3, server: s.mo8tech.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8080/", host: "s.mo8tech.com"
更正的地方1个地方,重启后,问题解决
proxy_pass https://s_ssl; 修改为 proxy_pass http://s_ssl;