服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 尝试将HTTPredirect到nginx中的HTTPS作为jenkins的反向代理时,从服务器返回空回复
Intereting Posts
无法在Debian上为Apache 2设置SSL支持 有效的CNAME响应是否包含NXDOMAIN状态? networking中断 – 映射,检查networking,BGP,Traceroute,RIPE Percona MySQL 5.5无法启动 如何进行异地AWS RDS PostgreSQL备份? 如果我的服务器有直接的Internet访问权限,并且没有局域网,我如何创build一台主机来主持IPsec VPN? mysql:从前面的sql dump导入多个数据库 如何阻止用户访问Linux中的root用户 如何处理自定义存储库和apt-mirror? 在Ubuntu 10.04上恢复/etc/init.d/apache2 如何连接到本地SQL Server? 在Centos服务器上使用BIND和Lighttpd(Vhosts)设置子域名 将客户端计算机添加到活动目录域控制器 Windows XP的代理代理(如Mac的Authoxy) 在Ubuntu上configurationFTP以默认到某个目录

尝试将HTTPredirect到nginx中的HTTPS作为jenkins的反向代理时,从服务器返回空回复

我正在Jenkins后面运行Jenkins,并使用Let's Encrypt来获得SSL证书。 如果我通过https://jenkins.mydomain.de/访问该网站,一切工作正常。 但是,当我通过http://jenkins.mydomain.de/访问它,Firefox说:“连接被重置。”和curl说:“从服务器的空回复”

我如何debugging? 我真的不知道该在哪里寻找问题。 nginx日志不包含任何关于它的事情。 我怀疑在下面的configuration中关于端口80的部分是由其他指令无效,但我不知道我将如何调查。 

 $ curl -svL http://jenkins.mydomain.de/ * Hostname was NOT found in DNS cache * Trying my.ip.add.ress... * Connected to jenkins.mydomain.de (my.ip.add.ress) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.38.0 > Host: jenkins.mydomain.de > Accept: */* > * Empty reply from server * Connection #0 to host jenkins.mydomain.de left intact

当使用telnet与服务器通话时,一旦我只返回一次(即在GET / HTTP/1.1 ),连接就会closures。

即使Firefox没有SSL证书的问题,curl也会这样做: 

 $ curl -svL https://jenkins.mydomain.de/ * Hostname was NOT found in DNS cache * Trying my.ip.add.ress... * Connected to jenkins.mydomain.de (my.ip.add.ress) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Server hello (2): { [data not shown] * SSLv3, TLS handshake, CERT (11): { [data not shown] * SSLv3, TLS alert, Server hello (2): } [data not shown] * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 * SSLv3, TLS alert, Client hello (1): } [data not shown]

我的Nginxconfiguration: 

 upstream jenkins { server localhost:8080 fail_timeout=0; } server { listen 80 default; server_name jenkins.mydomain.de; return 301 https://$server_name$request_uri; # Replacing $server_name with $host does not work either. } server { listen 443 default ssl; server_name jenkins.mydomain.de; ssl on; ssl_certificate /etc/letsencrypt/live/jenkins.mydomain.de/cert.pem; ssl_certificate_key /etc/letsencrypt/live/jenkins.mydomain.de/privkey.pem; ssl_ciphers HIGH:!ADH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_session_cache builtin:1000 shared:SSL:10m; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect http://localhost:8080 https://$server_name; proxy_pass https://jenkins; } }

Nginx正在监听端口80: 

 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3895/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1048/sshd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3895/nginx tcp6 0 0 :::41117 :::* LISTEN 19911/java tcp6 0 0 :::8080 :::* LISTEN 19911/java tcp6 0 0 :::22 :::* LISTEN 1048/sshd tcp6 0 0 :::49208 :::* LISTEN 19911/java