Golang + nginx的+ HTTPS

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Golang + nginx的+ HTTPS相关的知识,希望对你有一定的参考价值。

我有 - 作为监听器http和https转到服务器。 nginx配置为处理http + https的传入请求。证书有序。使用单独的服务器可以在https协议上对它们的查询结果完美运行。但是,当我使用代理nginx时,https没有从服务器和服务器Go获得响应

“http:来自127.0.0.1:54037的TLS握手错误:tls:第一条记录看起来不像是TLS握手

可能是什么问题呢?

客户去:

package main

import (
    "net/http"
    "log"

)

func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.
"))
    // fmt.Fprintf(w, "This is an example server.
")
    // io.WriteString(w, "This is an example server.
")
}

func main() {
    http.HandleFunc("/", HelloSSLServer)
    go http.ListenAndServe("192.168.1.2:80", nil)
    err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)

    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }



}

Nginx配置:

server {
    listen       192.168.1.2:80;
    server_name   somedomain;
    rewrite ^ https://$host$request_uri? permanent;    
}
server {
    listen        192.168.1.2:443 ssl;
    server_name   somedomain;
    access_log    /var/log/nginx/dom_access.log;
    error_log     /var/log/nginx/dom_error.log;
    ssl_certificate     /stuff/ssl/domain.cert;
    ssl_certificate_key /stuff/ssl/private.cert;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;


    location /
    {
        proxy_pass http://localhost:9007;
#       proxy_redirect    http://localhost:1500 http://site1;
        proxy_cookie_domain localhost somedomain;
        proxy_buffering off;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Client-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}
答案

https与proxy_pass一起使用

location /
{
    proxy_pass https://localhost:9007;
    ...
}
另一答案

nginx .config文件应该是这样的

server {
        listen 443 ssl http2;
        listen 80;
        server_name www.mojotv.cn;
        ssl_certificate     /home/go/src/my_go_web/ssl/**.pem; 
        ssl_certificate_key /home/go/src/my_go_web/ssl/**.key; 
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;
        location /(css|js|fonts|img)/ {
            access_log off;
            expires 1d;
            root "/home/go/src/my_go_web/static";
            try_files $uri @backend;
        }
        location / {
            try_files /_not_exists_ @backend;
        }
        location @backend {
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header Host $http_host;
           proxy_pass http://127.0.0.1:********;
        }
        access_log  /home/wwwroot/www.mojotv.cn.log;## nginx log path
}

the golang web app with http2 ssl feature shiped with nginx

另一答案

对于没有额外配置的更基本的Go服务器,我向OP收到类似的错误消息。

tls:第一条记录看起来不像是TLS握手

我的临时修复只是为了确保测试URL包含“https://”和URL中的端口号。

没用 - ipaddress

没有用 - https://ipaddress

工作 - https://ipaddress:8081

它将用于测试,直到更高级的设置。只需发布此内容即可帮助其他人进

以上是关于Golang + nginx的+ HTTPS的主要内容,如果未能解决你的问题,请参考以下文章

(转)mac 搭建基于RTMP的本地Nginx服务器报错homebrew/nginx was deprecated. This tap is now empty as all its form(代码片

在 golang 中创建一片缓冲通道

nginx: [error] open() "/var/run/nginx/nginx.pid" failed (2: No such file or directory)(代码片

由于 CORS,Nginx 反向代理后面的 Golang 应用程序不会接受 ajax 请求

Golang中的GoschedGoexitGOMAXPROCS

golang读取email