Nginx SSL配置在移动浏览器上不起作用 [英] Nginx SSL configuration not working on mobile browsers

问题描述

我已经设置了一个服务于ssl的Nginx服务器，其中一个http服务器块重定向到了一个安全的服务器块.该证书由我的域提供商(1& 1)颁发.在大多数台式机浏览器上都可以正常工作，但是在移动设备上的Firefox上我得到了SSL_ERROR_INTERNAL_ERROR_ALERT，在Chrome移动设备上(Android Pie)得到了ERR_SSL_PROTOCOL_ERROR.

I've set up an Nginx server serving ssl, with an http server block redirecting to a secured server block. The certificate is issued by my domain provider (1&1). It works perfectly fine on most desktop browsers, but I get an SSL_ERROR_INTERNAL_ERROR_ALERT on Firefox on mobile, and an ERR_SSL_PROTOCOL_ERROR on Chrome mobile (Android Pie).

这是nginx的配置:

Here is the nginx configuration:

server {
         listen 80 deferred;
         listen [::]:80 deferred;
         server_name meetoko.com www.meetoko.com;

         return 301 https://meetoko.com$request_uri;
 }


server {

         listen 443 ssl;
         listen [::]:443 ssl;

        ssl on;
        ssl_certificate                 /etc/ssl/meetoko.com.pem;
        ssl_certificate_key             /etc/ssl/meetoko.com.key;

        root /var/www/html;
        
        server_name meetoko.com;
        server_name  www.meetoko.com;
        try_files $uri $uri/ /index.html;

        location / {
                try_files $uri $uri/ /index.html;
        }

        location /api/ {
                proxy_pass http://localhost:3000;
                proxy_http_version 1.1;
        }


        location /public/ {
                alias /root/oko-back/public/;
        }
}

                                                                                  

.pem密钥是主证书和中间证书的串联，而.key是私钥.

The .pem key is a concatenation of the primary and the intermediate issued certificates, and the .key is the private key.

在手机和台式机上都使用HTTPS之前，所有设备都运行良好，因此很难弄清楚什么地方出了错...有什么想法吗?

All was working well before going to HTTPS on both mobiles and desktop, so it's hard to figure out what might be wrong... Any ideas?

谢谢！

推荐答案

该站点的配置不一致如SSLLabs所示.尽管它具有IPv6地址，但已为IPv4正确配置，但未为IPv6配置.

The site has an inconsistent configuration as shown by SSLLabs. It is properly configured for IPv4 but has no configuration for IPv6 although it has an IPv6 address.

我的猜测是，经过测试的桌面环境仅是IPv4(至少在Internet访问方面)，因此不会出现问题.相反，移动环境支持IPv6，在这种情况下，IPv6是首选协议.只是，由于配置不完整，使用IPv6访问站点失败.

My guess is that the tested desktop environment is IPv4 only (at least regarding internet access) and therefore no problem occurs. The mobile environment instead is IPv6 capable and in this case IPv6 is the preferred protocol. Only, accessing the site with IPv6 fails due to an incomplete configuration.

这篇关于Nginx SSL配置在移动浏览器上不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！