NGINX不会设置SSL连接（未知的协议错误）

Heeey全部，

我有一个nginx反向代理与有效的SSL证书（通过让encryption完成），但我不能得到SSL的工作。

upstream backend_haakselsenkwaaksels_nl { server amaya.leonweemen.nl:9050; } server { listen 80; server_name haakselsenkwaaksels.nl; return 301 https://$server_name$request_uri; } server { listen 80; server_name www.haakselsenkwaaksels.nl; return 301 https://haakselsenkwaaksels.nl$request_uri; } server { listen 443 ssl; server_name haakselsenkwaaksels.nl; ssl_certificate /domain-certificates/haakselsenkwaaksels.nl/fullchain.pem; ssl_certificate_key /domain-certificates/haakselsenkwaaksels.nl/privkey.pem; # ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/haakselsenkwaaksels.nl.access.log; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Fix the “It appears that your reverse proxy set up is broken" error. proxy_pass https://backend_haakselsenkwaaksels_nl; proxy_read_timeout 90; proxy_redirect https://127.0.0.1:9050 https://haakselsenkwaaksels.nl; } } 

nginx说我的configuration很好：

 weemen@amaya:/domain-certificates# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful 

我只在我的通用访问日志（/var/log/nginx/access.log）中获取数据

• 为什么我不能使用Digital Ocean私有IP进行反向代理，使用这个Salt Cloud设置？
• 如何“重写”ReverseProxied网站上的服务器响应标题？
• 我怎么能在同一个Apache 2.2服务器上有两个virutalhosts
• 如何创build一个非高速caching的nginx反向代理？
• Apache 2.4.7 mod_proxy_wstunnel隧道太多（HTTP以及WS）

 XXX.XXX.XXX.XXX - - [30/Dec/2016:10:20:26 +0000] "\x16\x03\x01\x00\xD3\x01\x00\x00\xCF\x03\x03\xBD\x07\xDA" 400 182 "-" "-" XXX.XXX.XXX.XXX - - [30/Dec/2016:10:20:26 +0000] "\x16\x03\x01\x00\xD3\x01\x00\x00\xCF\x03\x03\xABFB\xC158\x8AE\xF7V\xEE\xE2}%i\xF4\x86!\xFA\xCE\xF7\xF4l\xF55\xD0%Ev\xEE\xFFb\x00\x00$\xAA\xAA\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xCC\x14\xCC\x13\xC0\x09\xC0\x13\xC0" 400 182 "-" "-" 

如果我连接openssl客户端，我看到这个：

  ~  openssl s_client -connect haakselsenkwaaksels.nl:443 CONNECTED(00000003) write:errno=54 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 308 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1483094367 Timeout : 300 (sec) Verify return code: 0 (ok) 

我尝试了一些东西，但我真的出去select有没有人在这个configuration中看到一些奇怪的东西？

如果您需要更多信息，请告诉我。

已经有很多很多很多谢了。

 weemen@amaya:/# ls -la total 404 drwxr-xr-x 27 root root 4096 Dec 29 15:12 . drwxr-xr-x 27 root root 4096 Dec 29 15:12 .. lrwxrwxrwx 1 root root 21 Dec 15 12:08 domain-certificates -> /etc/letsencrypt/live weemen@amaya:/domain-certificates/haakselsenkwaaksels.nl# ls -la total 8 drwxr-xr-x 2 root root 4096 Dec 30 17:46 . drwx------ 7 root root 4096 Dec 30 17:46 .. lrwxrwxrwx 1 root root 46 Dec 30 17:46 cert.pem -> ../../archive/haakselsenkwaaksels.nl/cert3.pem lrwxrwxrwx 1 root root 47 Dec 30 17:46 chain.pem -> ../../archive/haakselsenkwaaksels.nl/chain3.pem lrwxrwxrwx 1 root root 51 Dec 30 17:46 fullchain.pem -> ../../archive/haakselsenkwaaksels.nl/fullchain3.pem lrwxrwxrwx 1 root root 49 Dec 30 17:46 privkey.pem -> ../../archive/haakselsenkwaaksels.nl/privkey3.pem 

 --mount type=bind,source=/domain-certificates,destination=/domain-certificates