Linux.nginx: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Root (Diskussion | Beiträge) |
|||
(25 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 3: | Zeile 3: | ||
* Ich verwendet nginx als HTTP/2 Server auf einem Raspberry Pi | * Ich verwendet nginx als HTTP/2 Server auf einem Raspberry Pi | ||
* PHP soll in allen Stufen möglich sein | * PHP soll in allen Stufen möglich sein | ||
== Auslieferung von Android-Apps == | |||
* Hinzufügen zu /etc/nginx/mime.types | |||
application/vnd.android.package-archive apk; | |||
== Authentifizierung == | == Authentifizierung == | ||
Zeile 22: | Zeile 29: | ||
apt-get install nginx | apt-get install nginx | ||
apt-get install php php- | apt-get install php-fpm php-mbstring php-xml php-mysql | ||
* orgamon-2.dyndns.org | * orgamon-2.dyndns.org | ||
Zeile 82: | Zeile 89: | ||
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | ||
} | } | ||
} | |||
== Stufe 3, :443 HTTP/2 Server mit TLS 1.2 == | == Stufe 3, :443 HTTP/2 Server mit TLS 1.2 == | ||
Zeile 92: | Zeile 100: | ||
== Stufe 4, :443 HTTP/2 Server mit TLS 1.3 (only!) == | == Stufe 4, :443 HTTP/2 Server mit TLS 1.3 (only!) == | ||
* Es muss ein ganz aktueller Build von openssl und nginx gemacht werden: https://github.com/MatthewVance/nginx-build | |||
Zeile 112: | Zeile 121: | ||
openssl dhparam -out /etc/nginx/dhparam-4096.pem 4096 | openssl dhparam -out /etc/nginx/dhparam-4096.pem 4096 | ||
* Das dauerte bei mir von 14:58 h bis 23:03 h, also ca. 8 Stunden | |||
* Auf einem V10 Server von Strato dauert es 11 Sekunden | |||
=== nginx.conf === | === nginx.conf === | ||
Zeile 160: | Zeile 172: | ||
CAA 1 issue “letsencrypt.org” | CAA 1 issue “letsencrypt.org” | ||
=== Meilensteine | ssl_stapling on; | ||
resolver 192.0.2.1; | |||
ssl_trusted_certificate chain_path; | |||
ssl_stapling_verify on; | |||
TLS1.2 ECDHE-RSA-AES256-GCM-SHA384 | |||
openssl s_client -connect orgamon.com:https -alpn h2 -debug | |||
https://scotthelme.co.uk/ecdsa-certificates/ | |||
* ECDSA | |||
https://community.letsencrypt.org/t/howto-obtain-ecdsa-cert-in-addition-to-rsa-with-certbot/61687 | |||
== PHP == | |||
* Ich verwende nginx mit dem Fast CGI PHP Module | |||
* Hier muss man ein bischen eingereifen | |||
systemctl status php-fpm.service | |||
=== /etc/php7/fpm/php-fpm.conf === | |||
* aus der .default-Datei kopiert mit einer Änderung | |||
error_log = /var/log/php-fpm.log | |||
=== /etc/php7/fpm/php-fpm.d/www.conf === | |||
* aus der .default-Datei kopiert mit der Änderung | |||
user = nobody | |||
group = nobody | |||
=== /etc/nginx/fastcgi_params === | |||
* Datei schon vorhanden aber erste, dick formatierte Zeile fehlt | |||
<b>fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;</b> | |||
fastcgi_param QUERY_STRING $query_string; | |||
fastcgi_param REQUEST_METHOD $request_method; | |||
fastcgi_param CONTENT_TYPE $content_type; | |||
fastcgi_param CONTENT_LENGTH $content_length; | |||
fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |||
fastcgi_param REQUEST_URI $request_uri; | |||
fastcgi_param DOCUMENT_URI $document_uri; | |||
fastcgi_param DOCUMENT_ROOT $document_root; | |||
fastcgi_param SERVER_PROTOCOL $server_protocol; | |||
fastcgi_param REQUEST_SCHEME $scheme; | |||
fastcgi_param HTTPS $https if_not_empty; | |||
fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; | |||
fastcgi_param REMOTE_ADDR $remote_addr; | |||
fastcgi_param REMOTE_PORT $remote_port; | |||
fastcgi_param SERVER_ADDR $server_addr; | |||
fastcgi_param SERVER_PORT $server_port; | |||
fastcgi_param SERVER_NAME $server_name; | |||
# PHP only, required if PHP was built with --enable-force-cgi-redirect | |||
fastcgi_param REDIRECT_STATUS 200; | |||
== Script zur Erstellung von Servern == | |||
=== Freepascal Consolen Programm === | |||
# Das Programm liesst ablagen.conf (Template) und ablagen.csv (Datenbank) | |||
# Für jeden Datensatz in der .csv wird eine Konfigurations Datei geschrieben | |||
# ablagen.conf wird gelesen, vor dem Doppelpunkt werden Parameter gesetzt und Befehle ausgeführt | |||
# Nach dem Doppelpunkt werden alle ~Spaltenüberschriften~ der .csv in den jeweiligen Wert umgesetzt | |||
# die Konfiguration wird nach sites-enabled gespeichert | |||
program massConf; | |||
{$mode objfpc}{$H+} | |||
uses | |||
Classes, SysUtils, Unix; | |||
function split(s:string; Delimiter:string=';'):TStringList; | |||
var | |||
n : Integer; | |||
begin | |||
result := TStringList.create; | |||
repeat | |||
n := pos(Delimiter,s); | |||
if (n>0) then | |||
begin | |||
result.add( copy(s,1,pred(n))); | |||
s := copy(s,succ(n),MaxInt); | |||
end else | |||
begin | |||
result.add(s); | |||
break; | |||
end; | |||
until false; | |||
end; | |||
var | |||
sHeaders : TStringList; | |||
sValues : TStringList; | |||
const | |||
Param = 'ablagen'; | |||
function eval(s:string):string; | |||
var | |||
n,m : Integer; | |||
begin | |||
if (pos('~',s)>0) then | |||
begin | |||
for n := 0 to pred(sHeaders.count) do | |||
begin | |||
m := pos('~'+sHeaders[n]+'~',s); | |||
if (m>0) then | |||
begin | |||
s := | |||
copy(s,1,pred(m)) + | |||
sValues[n] + | |||
copy(s,m+length(sHeaders[n])+2,MaxInt); | |||
if (pos('~',s)=0) then | |||
break; | |||
end; | |||
end; | |||
end; | |||
result := s; | |||
end; | |||
var | |||
sConf : TStringList; | |||
sParameter : TStringList; | |||
sTemplate : TStringList; | |||
sOutPut : TStringList; | |||
sData : TStringList; | |||
sCopy : TStringList; | |||
n,m : Integer; | |||
StartDataFlag : boolean; | |||
// Parameter | |||
pOutput : string; | |||
begin | |||
sConf := TStringList.create; | |||
sConf.loadfromFile(Param+'.conf'); | |||
StartDataFlag := false; | |||
sTemplate := TStringList.create; | |||
sParameter := TStringList.create; | |||
for n := 0 to pred(sConf.count) do | |||
begin | |||
if StartDataFlag then | |||
begin | |||
sTemplate.add(sConf[n]); | |||
end else | |||
begin | |||
if (pos('#',sConf[n])<>1) then | |||
sParameter.add(sConf[n]); | |||
end; | |||
if not(StartDataFlag) then | |||
if (sConf[n]=':') then | |||
StartDataFlag := true; | |||
end; | |||
sConf.free; | |||
// Load the parameter, more to come | |||
pOutPut := sParameter.values['Output']; | |||
sData := TStringList.create; | |||
sData.loadfromFile(Param+'.csv'); | |||
sHeaders := split(sData[0]); | |||
for n := 1 to pred(sData.count) do | |||
begin | |||
// prepare Data | |||
sValues := split(sData[n]); | |||
// assume [0] is speakfull | |||
write( sValues[0] + ' ... ' ); | |||
// Dateien sicherstellen? | |||
for m := 0 to pred(sParameter.count) do | |||
if (pos('cp ',sParameter[m])=1) then | |||
begin | |||
sCopy := split(eval(sParameter[m]),' '); | |||
if not(FileExists(sCopy[2])) then | |||
fpsystem('cp '+sCopy[1]+' '+sCopy[2]); | |||
sCopy.free; | |||
end; | |||
// Template ausbelichten | |||
sOutPut := TStringList.create; | |||
for m := 0 to pred(sTemplate.count) do | |||
sOutPut.add( eval(sTemplate[m])); | |||
sOutPut.saveToFile(eval(pOutPut)); | |||
sOutPut.free; | |||
// unprepare | |||
sValues.free; | |||
writeln('OK'); | |||
end; | |||
sData.free; | |||
sHeaders.free; | |||
sTemplate.free; | |||
sParameter.free; | |||
end. | |||
=== Template für http === | |||
* ablagen.conf | |||
# | |||
# Konfigurations-Template für nginx für Internet-Ablagen | |||
# - für die alten Ablagen - | |||
# | |||
Output=/etc/nginx/sites-enabled/~Name~.orgamon.de | |||
cp /srv/ftp/favicon.ico /srv/ftp/~Name~/favicon.ico | |||
: | |||
server { | |||
listen 80; | |||
root /srv/ftp/~Name~; | |||
server_name | |||
~Name~.orgamon.de | |||
~Name~.netzumbau.de | |||
~Name~.websrv.lummerland; | |||
auth_basic "~Name~"; | |||
auth_basic_user_file /srv/ftp/~Name~/.htpasswd; | |||
index index.php; | |||
location / { | |||
# First attempt to serve request as file, then | |||
# as directory, then fall back to displaying a 404. | |||
index index.php index.html; | |||
try_files $uri $uri/ =404; | |||
} | |||
location ~ \.php$ { | |||
include snippets/fastcgi-php.conf; | |||
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |||
} | |||
} | |||
=== Template für https === | |||
# | |||
# Konfigurations-Template für nginx für Internet-Ablagen | |||
# | |||
Output=/etc/nginx/sites-enabled/~Name~.orgamon.org | |||
cp /srv/ftp/favicon.ico /srv/ftp/~Name~/favicon.ico | |||
: | |||
server { | |||
listen 443 ssl http2; | |||
ssl_protocols TLSv1.2; | |||
root /srv/ftp/~Name~; | |||
index index.php; | |||
server_name ~Name~.orgamon.org; | |||
ssl_certificate /etc/letsencrypt/live/orgamon.org/fullchain.pem; | |||
ssl_certificate_key /etc/letsencrypt/live/orgamon.org/privkey.pem; | |||
auth_basic "~Name~"; | |||
auth_basic_user_file /srv/ftp/~Name~/.htpasswd; | |||
location / { | |||
# First attempt to serve request as file, then | |||
# as directory, then fall back to displaying a 404. | |||
index index.php index.html; | |||
try_files $uri $uri/ =404; | |||
} | |||
location ~ \.php$ { | |||
include snippets/fastcgi-php.conf; | |||
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |||
} | |||
} | |||
=== Liste der Server === | |||
* ablagen.csv | |||
Name;FTP;ZIP | |||
subdomain1;***;*** | |||
subdomain2;***;*** | |||
== Meilensteine == | |||
==== 13.09.2018 ==== | ==== 13.09.2018 ==== | ||
Zeile 207: | Zeile 527: | ||
openssl s_client -connect orgamon.com:https -tls1_3 -servername orgamon.com -tlsextdebug -debug -msg -state | openssl s_client -connect orgamon.com:https -tls1_3 -servername orgamon.com -tlsextdebug -debug -msg -state | ||
== | ==== 26.02.2019 ==== | ||
* https://wiki.orgamon.org/ | |||
== | == Windows == | ||
* nginx wird auch für win32 als download zur Verfügung gestellt | |||
** Mache als Admin <code>net stop WAS</code> | |||
=== root === | |||
* Laufwerksbuchstaben haben bei mir nicht funktioniert | |||
* Nur UNC Pfade | |||
location / { | |||
root //raib23/r/html; | |||
index index.html index.htm; | |||
} | |||
Aktuelle Version vom 22. Dezember 2022, 12:15 Uhr
Überblick
- Ich verwendet nginx als HTTP/2 Server auf einem Raspberry Pi
- PHP soll in allen Stufen möglich sein
Auslieferung von Android-Apps
- Hinzufügen zu /etc/nginx/mime.types
application/vnd.android.package-archive apk;
Authentifizierung
- System-Voraussetzung
apt-get install apache2-utils
- in der Host.conf
auth_basic "Administrator’s Area"; auth_basic_user_file /etc/apache2/.htpasswd;
- in der Kommandozeile
htpasswd -bc /srv/ngx/orgamon-2.dyndns.org/.htpasswd username ***pwd***
Stufe 1, :80 HTTP-Server
apt-get install nginx apt-get install php-fpm php-mbstring php-xml php-mysql
- orgamon-2.dyndns.org
server { listen 80 default_server; listen [::]:80 default_server; root /srv/ngx/orgamon-2.dyndns.org; index index.html index.htm index.nginx-debian.html; server_name orgamon-2.dyndns.org; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; } }
Stufe 2, :443 HTTPS-Server (TLS 1.2)
- Port 80 + 443 auf den Server lenken
apt-get install certbot certbot certonly --rsa-key-size 4096
- /etc/nginx/sites-enabled/orgamon-2.dyndns.org
server { listen 443 ssl default_server; ssl_protocols TLSv1.2; root /srv/ngx/orgamon-2.dyndns.org; index index.html index.htm index.nginx-debian.html; server_name orgamon-2.dyndns.org; ssl_certificate /etc/letsencrypt/live/orgamon-2.dyndns.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/orgamon-2.dyndns.org/privkey.pem; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; } }
Stufe 3, :443 HTTP/2 Server mit TLS 1.2
server { listen 443 ssl http2; ...
Stufe 4, :443 HTTP/2 Server mit TLS 1.3 (only!)
- Es muss ein ganz aktueller Build von openssl und nginx gemacht werden: https://github.com/MatthewVance/nginx-build
wget https://github.com/MatthewVance/nginx-build/raw/master/build-nginx.sh
# ich versuche den Debug-Mode mit hineinzukompilieren: http://nginx.org/en/docs/debugging_log.html # und habe beim Build-Skript --with-debug hinzugemacht
chmod 777 build-nginx.sh ./build-nginx.sh
- Probier aus, ob wirklich openssl-1-1-1 verwendet wird
nginx -V
dhparam
openssl dhparam -out /etc/nginx/dhparam-4096.pem 4096
- Das dauerte bei mir von 14:58 h bis 23:03 h, also ca. 8 Stunden
- Auf einem V10 Server von Strato dauert es 11 Sekunden
nginx.conf
- LÖSUNG: einfach einen aktuellen Browser verwenden, TLS 1.3 "final" war einfach für die Browser zu aktuell, die hätten einen "Draft xx" erwartet.
server { # Content # server_name orgamon.com; root /srv/ngx/orgamon.com; index index.php; # location / { index index.php index.html; try_files $uri $uri/ =404; } # location ~ \.php$ { include fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; } # Transport # listen 443 ssl http2; ssl_protocols TLSv1.3; ssl_prefer_server_ciphers on; ssl_ecdh_curve auto; ssl_dhparam /etc/nginx/dhparam-4096.pem; ssl_certificate /etc/letsencrypt/live/orgamon.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/orgamon.com/privkey.pem; # Session # ssl_session_cache shared:SSL:20m; ssl_session_timeout 15m; ssl_session_tickets off; # Logging # error_log /srv/ngx/orgamon.com/error.log debug; }
todo
CAA 1 issue “letsencrypt.org”
ssl_stapling on; resolver 192.0.2.1; ssl_trusted_certificate chain_path; ssl_stapling_verify on;
TLS1.2 ECDHE-RSA-AES256-GCM-SHA384
openssl s_client -connect orgamon.com:https -alpn h2 -debug
https://scotthelme.co.uk/ecdsa-certificates/
- ECDSA
https://community.letsencrypt.org/t/howto-obtain-ecdsa-cert-in-addition-to-rsa-with-certbot/61687
PHP
- Ich verwende nginx mit dem Fast CGI PHP Module
- Hier muss man ein bischen eingereifen
systemctl status php-fpm.service
/etc/php7/fpm/php-fpm.conf
- aus der .default-Datei kopiert mit einer Änderung
error_log = /var/log/php-fpm.log
/etc/php7/fpm/php-fpm.d/www.conf
- aus der .default-Datei kopiert mit der Änderung
user = nobody group = nobody
/etc/nginx/fastcgi_params
- Datei schon vorhanden aber erste, dick formatierte Zeile fehlt
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
Script zur Erstellung von Servern
Freepascal Consolen Programm
- Das Programm liesst ablagen.conf (Template) und ablagen.csv (Datenbank)
- Für jeden Datensatz in der .csv wird eine Konfigurations Datei geschrieben
- ablagen.conf wird gelesen, vor dem Doppelpunkt werden Parameter gesetzt und Befehle ausgeführt
- Nach dem Doppelpunkt werden alle ~Spaltenüberschriften~ der .csv in den jeweiligen Wert umgesetzt
- die Konfiguration wird nach sites-enabled gespeichert
program massConf; {$mode objfpc}{$H+} uses Classes, SysUtils, Unix; function split(s:string; Delimiter:string=';'):TStringList; var n : Integer; begin result := TStringList.create; repeat n := pos(Delimiter,s); if (n>0) then begin result.add( copy(s,1,pred(n))); s := copy(s,succ(n),MaxInt); end else begin result.add(s); break; end; until false; end; var sHeaders : TStringList; sValues : TStringList; const Param = 'ablagen'; function eval(s:string):string; var n,m : Integer; begin if (pos('~',s)>0) then begin for n := 0 to pred(sHeaders.count) do begin m := pos('~'+sHeaders[n]+'~',s); if (m>0) then begin s := copy(s,1,pred(m)) + sValues[n] + copy(s,m+length(sHeaders[n])+2,MaxInt); if (pos('~',s)=0) then break; end; end; end; result := s; end; var sConf : TStringList; sParameter : TStringList; sTemplate : TStringList; sOutPut : TStringList; sData : TStringList; sCopy : TStringList; n,m : Integer; StartDataFlag : boolean; // Parameter pOutput : string; begin sConf := TStringList.create; sConf.loadfromFile(Param+'.conf'); StartDataFlag := false; sTemplate := TStringList.create; sParameter := TStringList.create; for n := 0 to pred(sConf.count) do begin if StartDataFlag then begin sTemplate.add(sConf[n]); end else begin if (pos('#',sConf[n])<>1) then sParameter.add(sConf[n]); end; if not(StartDataFlag) then if (sConf[n]=':') then StartDataFlag := true; end; sConf.free; // Load the parameter, more to come pOutPut := sParameter.values['Output']; sData := TStringList.create; sData.loadfromFile(Param+'.csv'); sHeaders := split(sData[0]); for n := 1 to pred(sData.count) do begin // prepare Data sValues := split(sData[n]); // assume [0] is speakfull write( sValues[0] + ' ... ' ); // Dateien sicherstellen? for m := 0 to pred(sParameter.count) do if (pos('cp ',sParameter[m])=1) then begin sCopy := split(eval(sParameter[m]),' '); if not(FileExists(sCopy[2])) then fpsystem('cp '+sCopy[1]+' '+sCopy[2]); sCopy.free; end; // Template ausbelichten sOutPut := TStringList.create; for m := 0 to pred(sTemplate.count) do sOutPut.add( eval(sTemplate[m])); sOutPut.saveToFile(eval(pOutPut)); sOutPut.free; // unprepare sValues.free; writeln('OK'); end; sData.free; sHeaders.free; sTemplate.free; sParameter.free; end.
Template für http
- ablagen.conf
# # Konfigurations-Template für nginx für Internet-Ablagen # - für die alten Ablagen - # Output=/etc/nginx/sites-enabled/~Name~.orgamon.de cp /srv/ftp/favicon.ico /srv/ftp/~Name~/favicon.ico : server { listen 80; root /srv/ftp/~Name~; server_name ~Name~.orgamon.de ~Name~.netzumbau.de ~Name~.websrv.lummerland; auth_basic "~Name~"; auth_basic_user_file /srv/ftp/~Name~/.htpasswd; index index.php; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. index index.php index.html; try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; } }
Template für https
# # Konfigurations-Template für nginx für Internet-Ablagen # Output=/etc/nginx/sites-enabled/~Name~.orgamon.org cp /srv/ftp/favicon.ico /srv/ftp/~Name~/favicon.ico : server { listen 443 ssl http2; ssl_protocols TLSv1.2; root /srv/ftp/~Name~; index index.php; server_name ~Name~.orgamon.org; ssl_certificate /etc/letsencrypt/live/orgamon.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/orgamon.org/privkey.pem; auth_basic "~Name~"; auth_basic_user_file /srv/ftp/~Name~/.htpasswd; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. index index.php index.html; try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; } }
Liste der Server
- ablagen.csv
Name;FTP;ZIP subdomain1;***;*** subdomain2;***;***
Meilensteine
13.09.2018
- kein Erfolg, der firefix Client sagt Protokoll-Error
06.10.2018
- Es gibt neue SSL Debug Strings
- Ich will es nochmal mit TLS 1.3 versuchen
- OpenSSL 1.1.1
- nginx 1.15.5
- geht wieder nicht (TLS 1.2 geht jedoch)!
- FireFox meldet
SSL_ERROR_PROTOCOL_VERSION_ALERT
- Nginx-Debug
2018/10/05 20:18:47 [debug] 3021#3021: epoll add event: fd:9 op:1 ev:00002001 2018/10/05 20:19:05 [debug] 3021#3021: accept on 0.0.0.0:443, ready: 0 2018/10/05 20:19:05 [debug] 3021#3021: posix_memalign: 01F3F810:256 @16 2018/10/05 20:19:05 [debug] 3021#3021: *1 accept: 79.246.106.81:52415 fd:3 2018/10/05 20:19:05 [debug] 3021#3021: *1 event timer add: 3: 60000:78931291 2018/10/05 20:19:05 [debug] 3021#3021: *1 reusable connection: 1 2018/10/05 20:19:05 [debug] 3021#3021: *1 epoll add event: fd:3 op:1 ev:80002001 2018/10/05 20:19:05 [debug] 3021#3021: *1 http check ssl handshake 2018/10/05 20:19:05 [debug] 3021#3021: *1 http recv(): 1 2018/10/05 20:19:05 [debug] 3021#3021: *1 https ssl handshake: 0x16 2018/10/05 20:19:05 [debug] 3021#3021: *1 tcp_nodelay 2018/10/05 20:19:05 [debug] 3021#3021: *1 SSL_do_handshake: -1 2018/10/05 20:19:05 [debug] 3021#3021: *1 SSL_get_error: 1 2018/10/05 20:19:05 [info] 3021#3021: *1 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 79.246.106.81, server: .0.0.0:443 2018/10/05 20:19:05 [debug] 3021#3021: *1 close http connection: 3 2018/10/05 20:19:05 [debug] 3021#3021: *1 event timer del: 3: 78931291 2018/10/05 20:19:05 [debug] 3021#3021: *1 reusable connection: 0 2018/10/05 20:19:05 [debug] 3021#3021: *1 free: 01F3F810, unused: 36
root@pi3x02:~/build/openssl-1.1.1/apps# ./openssl s_client -servername orgamon.com -connect orgamon.com:443 -tls1_3 -debug
openssl s_client -connect orgamon.com:https -tls1_3 -servername orgamon.com -tlsextdebug -debug -msg -state
26.02.2019
Windows
- nginx wird auch für win32 als download zur Verfügung gestellt
- Mache als Admin
net stop WAS
- Mache als Admin
root
- Laufwerksbuchstaben haben bei mir nicht funktioniert
- Nur UNC Pfade
location / { root //raib23/r/html; index index.html index.htm; }