主页 / computer / 问题 / 1422079
Accepted
Max
Asked: 2019-04-06 18:33:11 +0800 CST

续订 letsencrypt SSL 证书后,服务器仅返回响应代码 400

  • 772

我最近尝试更新我的 letsencrypt ssl 证书,但是一旦我这样做了,每当我尝试连接到我的网站时,我都会收到 400 个服务器响应。我已经尝试了我能想到的一切。我附上了我的 Nginx 错误日志文件的副本,级别设置为调试,以及我的服务器配置文件。非常感谢任何帮助。

我在我的服务器上使用 Django、Nginx 和 Gunicorn。

我运行了certbot renew更新证书的命令。

完成后,我只收到 400 条回复。

此外,当我尝试连接到该站点时,我得到 Django 错误输出:

Invalid HTTP_HOST header: 'testing.com,testing.com'. The domain name provided is not valid according to RFC 1034/1035.

Report at /
Invalid HTTP_HOST header: 'testing.com,testing.com'. The domain name provided is not valid according to RFC 1034/1035.

它可能与重复的网址有关,但我不确定是否就是这样。

下面是我在 sites-available 中的 nginx 配置文件。

server { # redirection logic
        listen 80; # port to listen on
        return 301 https://$host$request_uri*;
}

server {
    listen 443 ssl; # listen for HTTPS
    server_name testing.com www.testing.com; # server name to use
    ssl_certificate /etc/letsencrypt/live/testing.com/fullchain.pem; # ssl certs
    ssl_certificate_key /etc/letsencrypt/live/dt-testing.com/privkey.pem;   
    location = /favicon.ico { access_log off; log_not_found off; } # site icon to use
    location /static/ { # location of static files
        root /websites/DT/path/;
    }

    location / {
        proxy_set_header Host $host;
        include proxy_params;
        proxy_pass http://unix:/websites/DT/run/gunicorn.sock; # connector to gunicorn
    #error_page 405 =200 $uri;
    }

    rewrite_log on;
    error_log /var/log/nginx/error_log debug;
}

这是我的 nginx 调试日志输出。

"GET / HTTP/1.0
Host: testing.com
Host: testing.com
X-Real-IP: 185.252.151.5
X-Forwarded-For: 185.252.151.5
X-Forwarded-Proto: https
Connection: close
User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Nexus 6P Build/NOF27C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.81 Mobile Safari/537.36
Accept-Language: en-us,en-gb,en;q=0.7,*;q=0.3
Accept-Charset: utf-8,ISO-8859-1;q=0.7,*;q=0.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: x-gzip, gzip, deflate

"
2019/04/06 00:02:56 [debug] 11579#11579: *12 http cleanup add: 000055DF21463240
2019/04/06 00:02:56 [debug] 11579#11579: *12 get rr peer, try: 1
2019/04/06 00:02:56 [debug] 11579#11579: *12 stream socket 15
2019/04/06 00:02:56 [debug] 11579#11579: *12 epoll add connection: fd:15 ev:80002005
2019/04/06 00:02:56 [debug] 11579#11579: *12 connect to unix:/websites/DT/run/gunicorn.sock, fd:15 #13
2019/04/06 00:02:56 [debug] 11579#11579: *12 connected
2019/04/06 00:02:56 [debug] 11579#11579: *12 http upstream connect: 0
2019/04/06 00:02:56 [debug] 11579#11579: *12 posix_memalign: 000055DF2142F410:128 @16
2019/04/06 00:02:56 [debug] 11579#11579: *12 http upstream send request
2019/04/06 00:02:56 [debug] 11579#11579: *12 http upstream send request body
2019/04/06 00:02:56 [debug] 11579#11579: *12 chain writer buf fl:1 s:524
2019/04/06 00:02:56 [debug] 11579#11579: *12 chain writer in: 000055DF214F97D0
2019/04/06 00:02:56 [debug] 11579#11579: *12 writev: 524 of 524
2019/04/06 00:02:56 [debug] 11579#11579: *12 chain writer out: 0000000000000000
2019/04/06 00:02:56 [debug] 11579#11579: *12 event timer add: 15: 60000:4664042409
2019/04/06 00:02:56 [debug] 11579#11579: *12 http finalize request: -4, "/?" a:1, c:2
2019/04/06 00:02:56 [debug] 11579#11579: *12 http request count:2 blk:0
2019/04/06 00:02:56 [debug] 11579#11579: *12 http run request: "/?"
2019/04/06 00:02:56 [debug] 11579#11579: *12 http upstream check client, write event:1, "/"
2019/04/06 00:02:56 [debug] 11579#11579: *12 http upstream request: "/?"
2019/04/06 00:02:56 [debug] 11579#11579: *12 http upstream dummy handler
2019/04/06 00:02:57 [debug] 11579#11579: *12 http upstream request: "/?"
2019/04/06 00:02:57 [debug] 11579#11579: *12 http upstream process header
2019/04/06 00:02:57 [debug] 11579#11579: *12 malloc: 000055DF21502980:4096
2019/04/06 00:02:57 [debug] 11579#11579: *12 recv: eof:1, avail:1
2019/04/06 00:02:57 [debug] 11579#11579: *12 recv: fd:15 160 of 4096
2019/04/06 00:02:57 [debug] 11579#11579: *12 http proxy status 400 "400 Bad Request"
2019/04/06 00:02:57 [debug] 11579#11579: *12 http proxy header: "Server: gunicorn/19.9.0"
2019/04/06 00:02:57 [debug] 11579#11579: *12 http proxy header: "Date: Sat, 06 Apr 2019 00:02:57 GMT"
2019/04/06 00:02:57 [debug] 11579#11579: *12 http proxy header: "Connection: close"
2019/04/06 00:02:57 [debug] 11579#11579: *12 http proxy header: "Content-Type: text/html"
2019/04/06 00:02:57 [debug] 11579#11579: *12 http proxy header done
2019/04/06 00:02:57 [debug] 11579#11579: *12 xslt filter header
2019/04/06 00:02:57 [debug] 11579#11579: *12 HTTP/1.1 400 Bad Request
Server: nginx/1.15.5 (Ubuntu)
Date: Sat, 06 Apr 2019 00:02:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

编辑:在这一点上,我认为我在某处加倍了 url。我还提供了我的 nginx.conf 文件,希望我能在其中加倍。

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}



http {

    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    #include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}
nginx ssl webserver

1 个回答

  1. Best Answer

    该问题似乎与 SSL 没有直接关系,但看起来更像是您使用的是发送多个 HTTPHost字段的损坏的 HTTP 客户端。这是完全错误的,完全违反了 HTTP 标准:

    GET / HTTP/1.0
Host: testing.com
Host: testing.com
...

    这些多个Host字段连接在一起并提供给 Web 应用程序,它正确地抱怨标头没有意义:

    无效的 HTTP_HOST 标头:'dt-testing.com,dt-testing.com'。根据 RFC 1034/1035,提供的域名无效。

    这可能会导致400 Bad Request.

    要解决此问题,您需要修复损坏的 HTTP 客户端。我不知道这是什么客户端,但是因为没有现代客户端会使用HTTP/1.0(至少全部使用HTTP/1.1)并且没有现代客户端会接受压缩x-gzip(请参阅Accept-Encoding字段)我建议这是一些自制客户端而不是它声称的客户端在User-Agent外地。

    • 1

相关问题