HTTPS没有数据接收 [英] HTTPS No Data Received

问题描述

我在使用HTTPS的一个问题，我似乎无法来解决我自己或研究任何金额。有时，HTTPS请求将超时，导致无数据接收错误。这通常当我使用从HTTP虚拟主机重定向到HTTPS发生。它不会发生每一次，机器人也许在8次1，它只是坐在直到它次。 我传递这通过亚马逊的负载平衡器，然后到服务器（EC2）在Ubuntu 10.04上运行的Apache 2。 我不知道这是否是一个重定向的问题，但它似乎并不如此。这是最有可能是安装问题，所以我打算把我下面的设置，所以你可以看到它。

I'm having a problem with HTTPS that I can't seem to solve on my own or with any amount of research. Occasionally, an HTTPS request will timeout and result in a "No Data Received" error. This generally happens when I'm using a virtual host redirect from HTTP to HTTPS. It does not happen every time, bot maybe 1 in 8 times, it just sits until it times out. I am passing this through an Amazon Load Balancer then on to the server (EC2) running Apache 2 on Ubuntu 10.04. I can't tell whether this is a redirect issue, although it doesn't seem to be. It's most likely a setup issue, so I'm going to put my setup below so you can see it.

我想解决这个问题，尽快给任何帮助将不胜AP preciated。 在此先感谢！

I'd like to solve this problem as quickly as possible to any help would be greatly appreciated. Thanks in advance!

启用站点的虚拟主机文件myurl.com。这应该强制HTTPS的一切，除了deploy.php。

Virtual Host file in sites-enabled for 'myurl.com'. This should force HTTPS on everything except for deploy.php.

<VirtualHost *:80>
ServerName myurl.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} !^[A-Z]+\s/deploy.php [NC]
RewriteRule !^deploy.php https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
</VirtualHost>

在myurl SSL的虚拟主机文件的网站功能。

Virtual Host file for 'myurl-ssl' in sites-enabled.

<VirtualHost *:80>
        ServerName www.myurl.com
        RewriteCond %{HTTPS} !=on
    RewriteCond %{THE_REQUEST} !^[A-Z]+\s/deploy.php [NC]
    RewriteRule !^depoy.php https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
    NameVirtualHost *:443
    </VirtualHost> 

    <IfModule mod_ssl.c> 
    <VirtualHost *:443>
        SSLEngine on
        ServerAdmin admin@myurl.com
        ServerName myurl.com
        SSLCertificateFile /etc/apache2/certs/myurl.pem
        SSLCertificateKeyFile /etc/apache2/certs/private.key
        SSLCertificateChainFile /etc/apache2/certs/AddTrustExternalCARoot.crt
    SSLProtocol all
    SSLCipherSuite HIGH:MEDIUM
        DocumentRoot /var/www

        ErrorLog /var/log/apache2/error.log
        LogLevel info
        CustomLog /var/log/apache2/access.log combined
    </VirtualHost>

再次出现问题，要的东西我设置或我的重定向内强制HTTPS在那里我会得到一个没有数据接收错误（324浏览器，但发生在每一个浏览器这个问题）。我不相信这是与我们的HTTPS设置的地方，但我无法弄清楚它是什么。

Again, the issue appears to be something within my setup or my redirect to force HTTPS where I'll get a "No Data Received" error (324 in Chrome, but this problem occurs in every browser). I do believe it has something to do with our HTTPS setup somewhere but I can't figure out what it is.

谢谢！

推荐答案

我一直患有这个问题很长时间了，它不是依赖于浏览器。这是比较容易重现的任何浏览器。

I have been suffering from this issue a long time now, and it's not browser-dependent. It is relatively easy to reproduce on any browser.

中存在的问题，因为NAT路由表溢出很容易，因为它只能处理这么多的并发连接。现代AJAX网站，如Facebook和Twitter的使​​用很多，很多的连接。此问题是由事实，大多数这样的网站现在使用SSL连接加剧。

The issue exists because a NAT router table overflows very easily, because it can only handle so many simultaneous connections. Modern AJAX sites, such as Facebook and Twitter use lots and lots of connections. This issue is exacerbated by the fact that most such sites nowadays use SSL connections.

为什么这加剧了问题？

由于SSL连接握手后相对固定的，如果的路由的是通过NAT路由器掉线，浏览器不能真正处理的情况，并点击了长期SSL超时无数据或类似错误。然而，即使这个时候出来似乎并没有正确地重新连接并重新握手的主流浏览器的SSL连接，因为SSL握手是如此之慢，浏览器尝试重用现有的连接，尽量不理解的NAT路由相关在连接已经不存在了。

Because SSL connections are relatively permanent after handshake, and if the routing is dropped by the NAT router, the browser cannot really handle the situation, and hits the long SSL time out with NO DATA or similar error. However, even this time out doesn't seem to properly reconnect and re-handshake the SSL connections in major browsers, because SSL handshake is so slow, the browsers try to reuse the existing connections as far as possible without understanding that the NAT routing related to the connection does not exist anymore.

此外，多个选项卡相同的SSL服务器似乎都重复使用同一个TCP连接，从而使成交只有一个选项卡绝对不实际关闭连接。

In addition, multiple tabs to the same SSL server seem to all reuse the same TCP connection, so that closing only one tab definitely doesn't actually close the connection.

所以，一个解决方法是在某种程度上降低SSL NO DATA超时，甚至有可能解决的浏览器，使这实际上将删除pre-现有的SSL连接的任何和所有的知识，打开一个全新的TCP连接，使NAT路由器快乐和舒畅。

So, a workaround would be to somehow reduce the SSL NO DATA timeout, and possibly fix the browsers so that this actually erases any and all knowledge of pre-existing SSL connections, opening a totally new TCP connection to make the NAT router happy and refreshed.

我还没有找到解决这个问题的一条可行之路，但上面的错误是绝对相关的，但它似乎并不像Chrome浏览器工程师了解根本原因。

I haven't yet found a practical way to solve this issue, but the bug above is definitely related to it, but it doesn't seem like the Chrome engineers understand the root cause.

这篇关于HTTPS没有数据接收的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！