设置让我们用Go-handshake错误进行加密 [英] Setting up Let's encrypt with Go - handshake errors
问题描述
我试图设置让我们用Go编写的负载均衡器进行加密,我尝试了自动和手动设置,但是我总是收到错误。
域指向我们的服务器(数字海洋)正确,我甚至可以从浏览器打开网站没有错误,也是ssl检查报告没有错误在这个域。事实是,当我从CLI服务器上运行Go可执行文件时,我反复出现错误。- 自动(acme / autocert)设置:
服务器代码是,证书和密钥是在第一次从浏览器查看域时创建的服务器启动:
go func(){
log.Printf(Sting HTTP service on%s ... ,:80)
http.HandleFunc(/ *,http.HandlerFunc(func(w http.ResponseWriter,r * http.Request){
http.Redirect w,r,https://+ app.Cfg.S_HOST +:443+ r.RequestURI,http.StatusMovedPermanently)
}))
if err:= http .ListenAndServe(:80,nil); err!= nil {
errs < - err
}
}()
log.Printf( 在%s ...上盯着HTTPS服务,:443)
http.HandleFunc(/ hello,http.HandlerFunc(func(w http.ResponseWriter,r * http.Request ){
w.Header()。Set(Content-Type,text / plain)
w.Write([] byte(This is a server server.\\\
)) )
$)
certManager:= autocert.Manager {
提示:autocert.AcceptTOS,
HostPolicy:autocert.HostWhitelist(app.Cfg .S_HOST)//你的域在这里
Cache:autocert.DirCache(certs),//存放证书的文件夹
}
server:=& http。服务器{
Addr::443,
TLSConfig:& tls.Config {
ServerName:app.Cfg.S_HOST,
GetCertificate:certManager.GetCertificate,
},
}
如果err:= server.ListenAndServeTLS(,); err!= nil {
print(err.Error())
} // key and cert are comming from Let's Encrypt
我得到这些错误:
$ b
-
http: :59451:read tcp(myserver IP):443 - >(ip):59451:read:connection by peer
-
hello.ServerName empty: 04/01 17:14:38 http:TLS握手错误来自(ip):58193:acme / autocert:缺少服务器名称
http:TLS握手错误从(ip):45822:acme / autocert:host not configured / li>
然后我尝试手动创建证书(成功),并简单地使用该代码,并且一次又一次地得到错误:
服务器代码为:
go func(){
log .Printf(Staring HTTP service on%s ...,:80)
http.HandleFunc(/ *,http.HandlerFunc(func(w http.ResponseW riter,r * http.Request){
http.Redirect(w,r,https://+ app.Cfg.S_HOST +:443+ r.RequestURI,http.StatusMovedPermanently)
)))
if err:= http.ListenAndServe(:80,nil); err!= nil {
errs < - err
}
}()
log.Printf( 在%s ...上盯着HTTPS服务,:443)
http.HandleFunc(/ hello,http.HandlerFunc(func(w http.ResponseWriter,r * http.Request ){
w.Header()。Set(Content-Type,text / plain)
w.Write([] byte(This is a server server.\\\
)) )
$)
// ssl [cert]和ssl [key]是证书和密钥路径(letsencrypt / live ...)
if err:= http.ListenAndServeTLS(sslAddr,ssl [cert],ssl [key],nil); err!= nil {
errs < - err
}
错误:
$ b
-
http2:server:从客户端(ip)读取前言时出错:10319:bogus
greetingPOST / HTTP /1.1\r\\\
Host:4\" -
HTTP:10322::EOF
从(IP)TLS握手错误(IP):13504:读取TCP(我的服务器IP):443 - >(IP):13504:读取:连接重置由同级 / LI> -
http2:服务器:错误读取来自客户端(IP)前言:9672:超时等待客户前言
- Automatic (acme/autocert) setup:
http: TLS handshake error from (ip):59451: read tcp (myserver IP):443->(ip):59451: read: connection reset by peer
hello.ServerName empty:2017/04/01 17:14:38 http: TLS handshake error from (ip):58193: acme/autocert: missing server name
http: TLS handshake error from (ip):45822: acme/autocert: host not configured
http: TLS handshake error from (ip):58440: EOF
http2: server: error reading preface from client (ip):10319: bogus greeting "POST / HTTP/1.1\r\nHost: 4"
http: TLS handshake error from (ip):10322: EOF
http: TLS handshake error from (ip):13504: read tcp (my server ip):443->(ip):13504: read: connection reset by peer
http2: server: error reading preface from client (ip):9672: timeout waiting for client preface
有人可以帮我吗?谢谢
正如JimB和其他人在评论中所说,这可能是错误请求的结果。使用 https://www.ssllabs.com/ssltest/ 进行测试时会记录无效请求一个网站的https配置。好的测试分数可以让你确信日志消息是良性的,可以安全地忽略。
另外顶极/ autocert 软件包正在迅速发展(2018年1月),请检查您的版本是否为最新版本。
I'm trying to set up let's encrypt on a load balancer written in Go, I tried both the automatic and manual setup but I always get errors.
The domain is pointing correctly to our server (Digital Ocean) and I can even open the site from a browser without errors, also an ssl check report no errors on this domain. The fact is that when I run the Go executable on server from CLI I get errors repeatedly.
The server code is that, the certificate and the key are created when I look at the domain from a browser for the first time after the server start:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}))
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(app.Cfg.S_HOST), //your domain here
Cache: autocert.DirCache("certs"), //folder for storing certificates
}
server := &http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
ServerName: app.Cfg.S_HOST,
GetCertificate: certManager.GetCertificate,
},
}
if err := server.ListenAndServeTLS("", ""); err != nil {
print(err.Error())
} //key and cert are comming from Let's Encrypt
I get those errors:
Then I tried also creating the certificate manually (succesfully) and simply using that code and I get errors again and again:
The server code is:
go func() {
log.Printf("Staring HTTP service on %s ...", ":80")
http.HandleFunc("/*", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "https://" + app.Cfg.S_HOST + ":443" + r.RequestURI, http.StatusMovedPermanently)
}))
if err := http.ListenAndServe(":80", nil); err != nil {
errs <- err
}
}()
log.Printf("Staring HTTPS service on %s ...", ":443")
http.HandleFunc("/hello", http.HandlerFunc(func (w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}))
// ssl["cert"] and ssl["key"] are the cert and key path (letsencrypt/live...)
if err := http.ListenAndServeTLS(sslAddr, ssl["cert"], ssl["key"], nil); err != nil {
errs <- err
}
Errors:
Can someone help me please? Thanks
As JimB and others said in the comments, this can be the result of bad requests. Invalid requests will be logged when using https://www.ssllabs.com/ssltest/ to test a site's https configuration. A good test score can give you confidence the log messages are benign and can be safely ignored.
Also the acme/autocert package is evolving rapidly (at Jan 2018), please check your version is up to date.
这篇关于设置让我们用Go-handshake错误进行加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
