前言

假如你在配置nginx ssl 也报这样的错,请你在nginx 配置里加入ssl on,祝你配置nginx 没有痛苦

ssl  on

最近在配置 nginx https 的时候发现,如果只配置http 80端口,http 可以正常访问,如果只配置https,则访问报错,但是很奇怪,我配了很多nginx ssl,同样的配置都没有问题,唯独这次不行?服务器是华为云的,之前都是阿里云,或者腾讯云,难不成华为云有毒?同样的配置,同样的nginx 版本,可能只有服务器和,ssl 证书都是免费的腾讯云证书。。

curl: (35) SSL received a record that exceeded the maximum permissible length

看下具体配置吧

这是我在腾讯云服务器配置nginx ssl,可以正常访问的配置

server {
    #listen    80;
    listen    443 ssl;
    server_name test.aaaa.com;
	
    
    ssl_certificate /usr/local/nginx/ssl/1_test.aaa.com_bundle.crt;
    ssl_certificate_key /usr/local/nginx/ssl/2_test.aaa.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers  on;
    
     location / {
        root   html;
        index  index.html index.htm;
     }
     
     location /gateway/ {
	 
        root html;
        index index.html index.htm;
        proxy_pass http://aaaa:3001/;
		proxy_set_header tenant_id 'fem';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
        proxy_headers_hash_max_size 51200;
        proxy_headers_hash_bucket_size 6400;
        client_max_body_size 1024m;
    }
    }
    
   
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

华为云服务器配置 nginx ssl 配置,这里我加了 ssl on;配置

    server {
        #listen       8011;
		listen       4011;
        server_name  elf.aaa.com;
		
		
			ssl_certificate /usr/local/nginx/ssl/aaa.com_bundle.crt;
			ssl_certificate_key /usr/local/nginx/ssl/aaa.com.key;

			#ssl_session_cache    shared:SSL:1m;
			#ssl_session_timeout  5m;
			#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
			#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
			#ssl_prefer_server_ciphers  on;
			
			ssl_session_cache    shared:SSL:1m;
			ssl_session_timeout  10m;
			#这个不用瞎改,否则会出现意象不到的bug,ios手机无法访问静态资源,安卓可以
			ssl_ciphers  HIGH:!aNULL:!MD5;
			ssl_prefer_server_ciphers  on;
			ssl on;

        #charset koi8-r;
        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }
		
		location /gateway/ {
	 
			root html;
			index index.html index.htm;
			proxy_pass http://127.0.0.1:3001/;
			proxy_set_header tenant_id 'fem';
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $http_x_forwarded_for;
			proxy_headers_hash_max_size 51200;
			proxy_headers_hash_bucket_size 6400;
			client_max_body_size 1024m;
		}
		
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }
Logo
华为云开发者联盟

为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。

更多推荐

cover

小窗口大魔力,实况窗服务实时掌控重要信息变化

avatar 华为云开发者联盟
cover

GeminiDB全面联动MySQL:热点数据,一键加速

avatar 华为云开发者联盟
cover

GaussDB数据库查询重写的自动挖掘与生成

avatar 华为云开发者联盟