英文:
Golang + nginx + https
问题
我已经将您提供的内容翻译成中文,如下所示:
我有一个服务器,作为监听器使用Go来处理http和https请求。我已经配置了Nginx来处理传入的http和https请求,并且证书也是正确的。
当我使用单独的服务器在https协议上运行时,查询结果完全正常。然而,当我使用nginx进行代理时,https无法从服务器获取响应,而服务器Go会报错:
> "http: TLS handshake error from 127.0.0.1:54037: tls: first record
> does not look like a TLS handshake
可能是什么问题呢?
Go客户端代码:
package mainimport ("net/http""log")func HelloSSLServer(w http.ResponseWriter, req *http.Request) {w.Header().Set("Content-Type", "text/plain")w.Write([]byte("This is an example server.\n"))// fmt.Fprintf(w, "This is an example server.\n")// io.WriteString(w, "This is an example server.\n")}func main() {http.HandleFunc("/", HelloSSLServer)go http.ListenAndServe("192.168.1.2:80", nil)err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)if err != nil {log.Fatal("ListenAndServe: ", err)}}
Nginx配置文件:
server {listen 192.168.1.2:80;server_name somedomain;rewrite ^ https://$host$request_uri? permanent;}server {listen 192.168.1.2:443 ssl;server_name somedomain;access_log /var/log/nginx/dom_access.log;error_log /var/log/nginx/dom_error.log;ssl_certificate /stuff/ssl/domain.cert;ssl_certificate_key /stuff/ssl/private.cert;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;location / {proxy_pass http://localhost:9007;proxy_cookie_domain localhost somedomain;proxy_buffering off;proxy_http_version 1.1;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header Client-IP $remote_addr;proxy_set_header X-Forwarded-For $remote_addr;}}
希望对您有所帮助!如果您有任何其他问题,请随时提问。
英文:
I have - Go to the server as a listener http and https. Nginx configured to process incoming requests for http + https. Certificates in order.
Using separate servers runs perfectly on the results of queries to them on https protocol. However, when I use a proxying nginx https is not getting a response from the server and the server Go
> "http: TLS handshake error from 127.0.0.1:54037: tls: first record
> does not look like a TLS handshake
What could be the problem?
Client Go:
package mainimport ("net/http""log")func HelloSSLServer(w http.ResponseWriter, req *http.Request) {w.Header().Set("Content-Type", "text/plain")w.Write([]byte("This is an example server.\n"))// fmt.Fprintf(w, "This is an example server.\n")// io.WriteString(w, "This is an example server.\n")}func main() {http.HandleFunc("/", HelloSSLServer)go http.ListenAndServe("192.168.1.2:80", nil)err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)if err != nil {log.Fatal("ListenAndServe: ", err)}}
Nginx config:
server {listen 192.168.1.2:80;server_name somedomain;rewrite ^ https://$host$request_uri? permanent;}server {listen 192.168.1.2:443 ssl;server_name somedomain;access_log /var/log/nginx/dom_access.log;error_log /var/log/nginx/dom_error.log;ssl_certificate /stuff/ssl/domain.cert;ssl_certificate_key /stuff/ssl/private.cert;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;location /{proxy_pass http://localhost:9007;# proxy_redirect http://localhost:1500 http://site1;proxy_cookie_domain localhost somedomain;proxy_buffering off;proxy_http_version 1.1;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header Client-IP $remote_addr;proxy_set_header X-Forwarded-For $remote_addr;}}
答案1
得分: 5
使用https与proxy_pass一起使用
location /{proxy_pass https://localhost:9007;...}
英文:
Use https with the proxy_pass
location /{proxy_pass https://localhost:9007;...}
答案2
得分: 0
nginx的配置文件应该像这样:
server {listen 443 ssl http2;listen 80;server_name www.mojotv.cn;ssl_certificate /home/go/src/my_go_web/ssl/**.pem;ssl_certificate_key /home/go/src/my_go_web/ssl/**.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;ssl_prefer_server_ciphers on;location /(css|js|fonts|img)/ {access_log off;expires 1d;root "/home/go/src/my_go_web/static";try_files $uri @backend;}location / {try_files /_not_exists_ @backend;}location @backend {proxy_set_header X-Forwarded-For $remote_addr;proxy_set_header Host $http_host;proxy_pass http://127.0.0.1:********;}access_log /home/wwwroot/www.mojotv.cn.log;## nginx日志路径}
golang web应用程序带有nginx的http2 ssl功能
英文:
nginx .config file should like this
server {listen 443 ssl http2;listen 80;server_name www.mojotv.cn;ssl_certificate /home/go/src/my_go_web/ssl/**.pem;ssl_certificate_key /home/go/src/my_go_web/ssl/**.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;ssl_prefer_server_ciphers on;location /(css|js|fonts|img)/ {access_log off;expires 1d;root "/home/go/src/my_go_web/static";try_files $uri @backend;}location / {try_files /_not_exists_ @backend;}location @backend {proxy_set_header X-Forwarded-For $remote_addr;proxy_set_header Host $http_host;proxy_pass http://127.0.0.1:********;}access_log /home/wwwroot/www.mojotv.cn.log;## nginx log path}
the golang web app with http2 ssl feature shiped with nginx
1: https://www.mojotv.cn "the golang app with http2 ssl feature"
答案3
得分: 0
我遇到了与OP类似的错误信息,这是针对一个更基本的Go服务器,没有额外的配置。
tls: first record does not look like a TLS handshake
我的临时解决方法是确保测试URL包括"https://"和URL中的端口号。
不起作用 - ipaddress
不起作用 - https://ipaddress
起作用 - https://ipaddress:8081
这对于测试来说足够了,直到进行更高级的设置。我发表这篇帖子是为了帮助其他人进行故障排除。
英文:
I get a similar error message to OP for a more basic Go server that doesn't have extra config.
> tls: first record does not look like a TLS handshake
My temp fix was simply to make sure the test URL includes both "https://" and the port number in the URL.
didn't work - ipaddress
didn't work - https://ipaddress
worked - https://ipaddress:8081
It'll do for testing, until a more advanced setup. Just posting this to help others in troubleshooting.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论