GET:ERR_SSL_PROTOCOL_ERROR nginx + vue.js

ep6jt1vc  于 2023-04-20  发布在  Nginx
关注(0)|答案(1)|浏览(260)

在Google Chrome的控制台日志中,我收到这些错误:

GET https://192.168.1.7:8081/sockjs-node/info?t=1579798623564 net::ERR_SSL_PROTOCOL_ERROR
GET https://192.168.1.7/sockjs-node/info?t=1579798623562 net::ERR_CERT_COMMON_NAME_INVALID

如果在/etc/nginx/conf/default.conf(Ubuntu 18.04.03 Server Edition)中:

server {
    listen 443 ssl http2 default_server;
    server_name example.com www.example.com
    ssl_certificate /etc/ssl/certs/chained.pem;
    ssl_certificate_key /etc/ssl/private/domain.key;
    ssl_certificate /etc/ssl/certs/chained.pem;
    ssl_certificate_key /etc/ssl/private/domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=31536000";
    location / {
        proxy_pass http://192.168.1.7:8081;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
    add_header Strict-Transport-Security "max-age=31536000";
    location / {
        proxy_pass http://192.168.1.7:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

我设置vue.config.js如下:

module.exports = {
  productionSourceMap: false,
  pluginOptions: {
    i18n: {
      enableInSFC: true
    }
  },
  devServer: {
    host: '192.168.1.7',
    hot: true,
    disableHostCheck: true
  }
}

并定义webpack.config.js如下:

var path = require('path');
var fs = require('fs');

module.exports = {
    https: {
        key: fs.readFileSync('/etc/ssl/private/domain.key'),
        ca: fs.readFileSync('/etc/ssl/certs/chained.pem')
    }
};

更新1)
在/etc/nginx/conf.d/default.conf中修改http -〉https:

location / {
    proxy_pass https://192.168.1.7:8081;

502 Bad Gateway:

所以。。。我现在的问题是:如何让nginx服务器使用TLS应答?
我做错了什么?如何解决问题?

ua4mk5z4

ua4mk5z41#

GET https://192.168.1.7:8081/sockjs-node/info?t=1579798623564 net::ERR_SSL_PROTOCOL_ERROR
 ...
proxy_pass http://192.168.1.7:8081;

在nginx配置中,您访问192.168.1.7:8081作为http://。在第一行中,您访问与https://相同的IP:port,导致协议错误。虽然对此IP:port上的服务器一无所知,但很可能只有http://可以解释协议错误:尝试对不使用TLS应答的服务器执行TLS握手。

GET https://192.168.1.7/sockjs-node/info?t=1579798623562 net::ERR_CERT_COMMON_NAME_INVALID

192.168.1.7:443上的证书未知(443是https的默认端口),但此证书很可能不包含作为有效IP SAN的192.168.1.7。但这是使用URL https://192.168.1.7/时证书验证的预期值。

相关问题