apache 如何解决localhost发送无效响应:ERR_SSL_PROTOCOL_ERROR

oprakyz7  于 2022-11-30  发布在  Apache
关注(0)|答案(2)|浏览(540)

我尝试让apache 2在Ubuntu 20上使用证书(selc创建)。当我尝试使用Chrome打开端点(https://local.pretzel.com/editor)时,我得到:

This site can’t provide a secure connection
local.pretzel.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

花了整个晚上在这上面,可以用一些帮助来了解我做错了什么,以及如何propely调试这个。
// Apache配置文件
/etc/apache 2/中的httpd.配置文件

LoadModule mpm_prefork_module libexec/apache2/mod_mpm_prefork.so
LoadModule log_config_module libexec/apache2/mod_log_config.so
LoadModule mime_module libexec/apache2/mod_mime.so
LoadModule dir_module libexec/apache2/mod_dir.so
LoadModule authz_core_module libexec/apache2/mod_authz_core.so
LoadModule unixd_module libexec/apache2/mod_unixd.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
LoadModule php7_module libexec/apache2/libphp7.so
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so
User _www
Group _www
DirectoryIndex index.html
ErrorLog "/var/log/apache2/error_log"
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "/var/log/apache2/access_log" common
TypesConfig /etc/apache2/mime.types
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
DirectoryIndex index.html index.php
<Directory /home/prtz/workspace/frontend/build>
    Options Indexes FollowSymLinks
    Require all granted
    AllowOverride All 
</Directory>
ServerName local.pretzel.com
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<VirtualHost *:443>
    DocumentRoot "/home/prtz/workspace/frontend/build"
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile "/etc/apache2/local.pretzel.com.crt"
    SSLCertificateKeyFile "/etc/apache2/local.pretzel.com.nopass.key"
    
    ServerName local.pretzel.com
     
</VirtualHost>

/etc/apache 2/站点可用/默认-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName local.pretzel.com
        DocumentRoot "/home/prtz/workspace/frontend/build"

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile "/etc/apache2/local.pretzel.com.crt"
        SSLCertificateKeyFile "/etc/apache2/local.pretzel.com.nopass.key"

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

    </VirtualHost>
</IfModule>

/etc/apache 2/可用站点/000-默认.conf

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
<VirtualHost *:443>
    ServerName local.pretzel.com
</VirtualHost>

nmap --脚本ssl枚举密码-p 443 local.pretzel.com:

nmap --script ssl-enum-ciphers -p 443 local.pretzel.com

Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-28 21:27 PDT
Nmap scan report for local.pretzel.com (127.0.0.1)
Host is up (0.000064s latency).

PORT    STATE SERVICE
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 15.49 seconds

cat /etc/主机:

cat /etc/hosts
127.0.0.1 local.pretzel.com
127.0.0.1   localhost
127.0.1.1   ubuntu

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

创建证书

openssl openssl req -newkey rsa:2048 -x509 -nodes \\
                -keyout local.pretzel.com.key \\
                -new \\
                -out local.pretzel.com.crt \\
                -subj /CN=local.pretzel.com \\
                -reqexts SAN \\
                -extensions SAN \\
                -config <(cat /usr/lib/ssl/openssl.cnf \\
                    <(printf '[SAN]\nsubjectAltName=DNS:local.pretzel.com')) \\
                -sha256 \\
                -days 3650

sudo openssl rsa -in local.pretzel.com.key -out local.pretzel.com.nopass.key

sudo mv *.key *.crt /etc/apache2

已将证书添加到/usr/local/share/ca证书/

sudo update-ca-certificates         
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping duplicate certificate in server.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

//检查证书

openssl verify local.pretzel.com.crt 

local.pretzel.com.crt: OK

//使用openssl连接检查

openssl s_client -connect local.pretzel.com:443 -CApath /etc/ssl/certs
CONNECTED(00000003)
140129913148736:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

//检查防火墙

sudo ufw status  
[sudo] password for prtz: 
Status: active

To                         Action      From
--                         ------      ----
Apache                     ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
Apache (v6)                ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)

//将curl与https一起使用

curl https://local.pretzel.com
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

而如果没有https,则会返回“Apache 2Ubuntu默认页面:它起作用了”

curl https://local.pretzel.com
apache

2条答案

按热度按时间
e0bqpujr

e0bqpujr1#

对于证书,它是用Getting Chrome to accept self-signed localhost certificate解决的,apache配置将〈VirtualHost *:443〉部分从httpd.conf移动到sites-available/文件夹,其中的conf文件与我使用的域相同。

赞(0)分享  回复(0)举报  2022-11-30
d8tt03nd

d8tt03nd2#

我从https中删除了额外的s,它解决了我的错误。
http://localhost:xxxx/nifi-registry

赞(0)分享  回复(0)举报  2022-11-30
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com