Golang + nginx + https(安全套接层)

huangapple go评论88阅读模式
英文:

Golang + nginx + https

问题

我已经将您提供的内容翻译成中文,如下所示:

我有一个服务器,作为监听器使用Go来处理httphttps请求。我已经配置了Nginx来处理传入的http和https请求,并且证书也是正确的。

当我使用单独的服务器在https协议上运行时,查询结果完全正常。然而,当我使用nginx进行代理时,https无法从服务器获取响应,而服务器Go会报错:

> "http: TLS handshake error from 127.0.0.1:54037: tls: first record
> does not look like a TLS handshake

可能是什么问题呢?

Go客户端代码:

package main

import (
	"net/http"
	"log"

)

func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
	w.Header().Set("Content-Type", "text/plain")
	w.Write([]byte("This is an example server.\n"))
	// fmt.Fprintf(w, "This is an example server.\n")
	// io.WriteString(w, "This is an example server.\n")
}

func main() {
	http.HandleFunc("/", HelloSSLServer)
	go http.ListenAndServe("192.168.1.2:80", nil)
	err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)

	if err != nil {
		log.Fatal("ListenAndServe: ", err)
	}
}

Nginx配置文件:

server {
    listen       192.168.1.2:80;
    server_name   somedomain;
    rewrite ^ https://$host$request_uri? permanent;    
}
server {
    listen        192.168.1.2:443 ssl;
    server_name   somedomain;
    access_log    /var/log/nginx/dom_access.log;
    error_log     /var/log/nginx/dom_error.log;
    ssl_certificate     /stuff/ssl/domain.cert;
    ssl_certificate_key /stuff/ssl/private.cert;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

    location / {
        proxy_pass http://localhost:9007;
        proxy_cookie_domain localhost somedomain;
        proxy_buffering off;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Client-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

希望对您有所帮助!如果您有任何其他问题,请随时提问。

英文:

I have - Go to the server as a listener http and https. Nginx configured to process incoming requests for http + https. Certificates in order.
Using separate servers runs perfectly on the results of queries to them on https protocol. However, when I use a proxying nginx https is not getting a response from the server and the server Go

> "http: TLS handshake error from 127.0.0.1:54037: tls: first record
> does not look like a TLS handshake

What could be the problem?

Client Go:

package main

import (
	"net/http"
	"log"

)

func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
	w.Header().Set("Content-Type", "text/plain")
	w.Write([]byte("This is an example server.\n"))
	// fmt.Fprintf(w, "This is an example server.\n")
	// io.WriteString(w, "This is an example server.\n")
}

func main() {
	http.HandleFunc("/", HelloSSLServer)
	go http.ListenAndServe("192.168.1.2:80", nil)
	err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)

	if err != nil {
		log.Fatal("ListenAndServe: ", err)
	}
}

Nginx config:

server {
    listen       192.168.1.2:80;
    server_name   somedomain;
    rewrite ^ https://$host$request_uri? permanent;    
}
server {
    listen        192.168.1.2:443 ssl;
    server_name   somedomain;
    access_log    /var/log/nginx/dom_access.log;
    error_log     /var/log/nginx/dom_error.log;
    ssl_certificate     /stuff/ssl/domain.cert;
    ssl_certificate_key /stuff/ssl/private.cert;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;


    location /
    {
        proxy_pass http://localhost:9007;
#       proxy_redirect    http://localhost:1500 http://site1;
        proxy_cookie_domain localhost somedomain;
        proxy_buffering off;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Client-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

答案1

得分: 5

使用httpsproxy_pass一起使用

location /
{
    proxy_pass https://localhost:9007;
    ...
}
英文:

Use https with the proxy_pass

location /
{
    proxy_pass https://localhost:9007;
    ...
}

答案2

得分: 0

nginx的配置文件应该像这样:

server {
    listen 443 ssl http2;
    listen 80;
    server_name www.mojotv.cn;
    ssl_certificate     /home/go/src/my_go_web/ssl/**.pem; 
    ssl_certificate_key /home/go/src/my_go_web/ssl/**.key; 
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
    ssl_prefer_server_ciphers on;
    location /(css|js|fonts|img)/ {
        access_log off;
        expires 1d;
        root "/home/go/src/my_go_web/static";
        try_files $uri @backend;
    }
    location / {
        try_files /_not_exists_ @backend;
    }
    location @backend {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:********;
    }
    access_log  /home/wwwroot/www.mojotv.cn.log;## nginx日志路径
}

golang web应用程序带有nginx的http2 ssl功能

英文:

nginx .config file should like this

server {
        listen 443 ssl http2;
        listen 80;
        server_name www.mojotv.cn;
        ssl_certificate     /home/go/src/my_go_web/ssl/**.pem; 
        ssl_certificate_key /home/go/src/my_go_web/ssl/**.key; 
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;
        location /(css|js|fonts|img)/ {
            access_log off;
            expires 1d;
            root "/home/go/src/my_go_web/static";
            try_files $uri @backend;
        }
        location / {
            try_files /_not_exists_ @backend;
        }
        location @backend {
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header Host $http_host;
           proxy_pass http://127.0.0.1:********;
        }
        access_log  /home/wwwroot/www.mojotv.cn.log;## nginx log path
}

the golang web app with http2 ssl feature shiped with nginx

1: https://www.mojotv.cn "the golang app with http2 ssl feature"

答案3

得分: 0

我遇到了与OP类似的错误信息,这是针对一个更基本的Go服务器,没有额外的配置。

tls: first record does not look like a TLS handshake

我的临时解决方法是确保测试URL包括"https://"和URL中的端口号。

不起作用 - ipaddress

不起作用 - https://ipaddress

起作用 - https://ipaddress:8081

这对于测试来说足够了,直到进行更高级的设置。我发表这篇帖子是为了帮助其他人进行故障排除。

英文:

I get a similar error message to OP for a more basic Go server that doesn't have extra config.

> tls: first record does not look like a TLS handshake

My temp fix was simply to make sure the test URL includes both "https://" and the port number in the URL.

didn't work - ipaddress

didn't work - https://ipaddress

worked - https://ipaddress:8081

It'll do for testing, until a more advanced setup. Just posting this to help others in troubleshooting.

huangapple
  • 本文由 发表于 2016年11月26日 17:51:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/40817027.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定