nginx 1.6上的SSL配置 [英] SSL configuration on nginx 1.6

问题描述

我tryng配置nginx 1.6在VM上接受https连接。
我已创建了自签名证书按照本教程，然后我添加了一个配置文件，如下所示：

  server {
 listen 443 ssl; 
 server_name localhost; 
 
 ssl_certificate /etc/nginx/ssl/nginx.crt; 
 ssl_certificate_key /etc/nginx/ssl/nginx.key; 
 
 ssl_session_cache shared：SSL：1m; 
 ssl_session_timeout 5m; 
 
 ssl_ciphers HIGH：！aNULL：！MD5; 
 ssl_prefer_server_ciphers on; 
 
 location / {
 root / usr / share / nginx / html; 
 index index.html index.htm; 
} 
} 
  

问题是，当我访问https url浏览器我没有结果，但是这个错误

 错误代码：ERR_CONNECTION_RESET 
  pre> 
 
 
我认为端口443是开放的
  netstat -tulpn | grep 443 
 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8603 / nginx.conf 
  
此外，我可以wget index.html：
  wget --no-check-certificate https：// < server_url> 
 
现在，我想问题是不受信任的证书，因为如果--no-check -certificate省略，但在这种情况下，我希望浏览器（Chrome或Firefox）提供某种警告，也许让我看到不受信任的证书，而不是重置连接。 
我做错了什么？提前感谢
 
 $ b 
   
 
 
 
 Firefox提供200 Connection Established没有显示任何内容或警告。只是说连接已取消
解决方案
问题可能与证书有关。您可以看到教程来创建* .pem证书而不是* .crt并添加为：
  ssl_certificate / etc / nginx / ssl /nginx.pem; 
  
 
I'm tryng to configure nginx 1.6 on a VM to accept https connection.
I have created a self signed certificate following this tutorial. and then I have added a configuration file like this
server {
    listen       443 ssl;
    server_name  localhost;

    ssl_certificate      /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key  /etc/nginx/ssl/nginx.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
The problem is that when I access the https url from the browser I have no results but this error
Error code: ERR_CONNECTION_RESET
I think that port 443 is open
netstat -tulpn | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      8603/nginx.conf
Moreover, I can wget the index.html:
wget -–no-check-certificate  https://<server_url>
Now, I suppose that the problem is the untrusted certificate because wget gives error if -–no-check-certificate is omitted but in this case I expect browser (Chrome or Firefox) to give some kind of warning and maybe let me see the untrusted certificate instead of reset connection.
What am I doing wrong? Thanks in advance

EDIT:

Firefox gives "200 Connection Established" but no content or warning is shown. It only says that connection has been canceled
解决方案
The problem might be with the certificate. You can see tutorial to create *.pem certificate instead of *.crt and add as:
ssl_certificate      /etc/nginx/ssl/nginx.pem;


                        
这篇关于nginx 1.6上的SSL配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！