英文:
Golang + nginx + https
问题
我已经将您提供的内容翻译成中文,如下所示:
我有一个服务器,作为监听器使用Go来处理http和https请求。我已经配置了Nginx来处理传入的http和https请求,并且证书也是正确的。
当我使用单独的服务器在https协议上运行时,查询结果完全正常。然而,当我使用nginx进行代理时,https无法从服务器获取响应,而服务器Go会报错:
> "http: TLS handshake error from 127.0.0.1:54037: tls: first record
> does not look like a TLS handshake
可能是什么问题呢?
Go客户端代码:
package main
import (
"net/http"
"log"
)
func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
// fmt.Fprintf(w, "This is an example server.\n")
// io.WriteString(w, "This is an example server.\n")
}
func main() {
http.HandleFunc("/", HelloSSLServer)
go http.ListenAndServe("192.168.1.2:80", nil)
err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}
Nginx配置文件:
server {
listen 192.168.1.2:80;
server_name somedomain;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 192.168.1.2:443 ssl;
server_name somedomain;
access_log /var/log/nginx/dom_access.log;
error_log /var/log/nginx/dom_error.log;
ssl_certificate /stuff/ssl/domain.cert;
ssl_certificate_key /stuff/ssl/private.cert;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
location / {
proxy_pass http://localhost:9007;
proxy_cookie_domain localhost somedomain;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
希望对您有所帮助!如果您有任何其他问题,请随时提问。
英文:
I have - Go to the server as a listener http and https. Nginx configured to process incoming requests for http + https. Certificates in order.
Using separate servers runs perfectly on the results of queries to them on https protocol. However, when I use a proxying nginx https is not getting a response from the server and the server Go
> "http: TLS handshake error from 127.0.0.1:54037: tls: first record
> does not look like a TLS handshake
What could be the problem?
Client Go:
package main
import (
"net/http"
"log"
)
func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
// fmt.Fprintf(w, "This is an example server.\n")
// io.WriteString(w, "This is an example server.\n")
}
func main() {
http.HandleFunc("/", HelloSSLServer)
go http.ListenAndServe("192.168.1.2:80", nil)
err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}
Nginx config:
server {
listen 192.168.1.2:80;
server_name somedomain;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 192.168.1.2:443 ssl;
server_name somedomain;
access_log /var/log/nginx/dom_access.log;
error_log /var/log/nginx/dom_error.log;
ssl_certificate /stuff/ssl/domain.cert;
ssl_certificate_key /stuff/ssl/private.cert;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
location /
{
proxy_pass http://localhost:9007;
# proxy_redirect http://localhost:1500 http://site1;
proxy_cookie_domain localhost somedomain;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
答案1
得分: 5
使用https与proxy_pass一起使用
location /
{
proxy_pass https://localhost:9007;
...
}
英文:
Use https with the proxy_pass
location /
{
proxy_pass https://localhost:9007;
...
}
答案2
得分: 0
nginx的配置文件应该像这样:
server {
listen 443 ssl http2;
listen 80;
server_name www.mojotv.cn;
ssl_certificate /home/go/src/my_go_web/ssl/**.pem;
ssl_certificate_key /home/go/src/my_go_web/ssl/**.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location /(css|js|fonts|img)/ {
access_log off;
expires 1d;
root "/home/go/src/my_go_web/static";
try_files $uri @backend;
}
location / {
try_files /_not_exists_ @backend;
}
location @backend {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:********;
}
access_log /home/wwwroot/www.mojotv.cn.log;## nginx日志路径
}
golang web应用程序带有nginx的http2 ssl功能
英文:
nginx .config file should like this
server {
listen 443 ssl http2;
listen 80;
server_name www.mojotv.cn;
ssl_certificate /home/go/src/my_go_web/ssl/**.pem;
ssl_certificate_key /home/go/src/my_go_web/ssl/**.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location /(css|js|fonts|img)/ {
access_log off;
expires 1d;
root "/home/go/src/my_go_web/static";
try_files $uri @backend;
}
location / {
try_files /_not_exists_ @backend;
}
location @backend {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:********;
}
access_log /home/wwwroot/www.mojotv.cn.log;## nginx log path
}
the golang web app with http2 ssl feature shiped with nginx
1: https://www.mojotv.cn "the golang app with http2 ssl feature"
答案3
得分: 0
我遇到了与OP类似的错误信息,这是针对一个更基本的Go服务器,没有额外的配置。
tls: first record does not look like a TLS handshake
我的临时解决方法是确保测试URL包括"https://"和URL中的端口号。
不起作用 - ipaddress
不起作用 - https://ipaddress
起作用 - https://ipaddress:8081
这对于测试来说足够了,直到进行更高级的设置。我发表这篇帖子是为了帮助其他人进行故障排除。
英文:
I get a similar error message to OP for a more basic Go server that doesn't have extra config.
> tls: first record does not look like a TLS handshake
My temp fix was simply to make sure the test URL includes both "https://" and the port number in the URL.
didn't work - ipaddress
didn't work - https://ipaddress
worked - https://ipaddress:8081
It'll do for testing, until a more advanced setup. Just posting this to help others in troubleshooting.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论