Tentando acessar meu site em Chrome Version 66.0.3359.139 (Official Build) (64-bit) , sou recebido com o seguinte erro:
ExperimentandocomFirefox60.0(64bit),funciona!
Versãodonginxqueestouusando
nginx-Vnginxversion:nginx/1.13.12builtbygcc6.3.020170516(Debian6.3.0-18+deb9u1)builtwithOpenSSL1.1.0f25May2017TLSSNIsupportenabledconfigurearguments:--prefix=/etc/nginx--sbin-path=/usr/sbin/nginx--modules-path=/usr/lib/nginx/modules--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx.pid--lock-path=/var/run/nginx.lock--http-client-body-temp-path=/var/cache/nginx/client_temp--http-proxy-temp-path=/var/cache/nginx/proxy_temp--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp--http-scgi-temp-path=/var/cache/nginx/scgi_temp--user=nginx--group=nginx--with-compat--with-file-aio--with-threads--with-http_addition_module--with-http_auth_request_module--with-http_dav_module--with-http_flv_module--with-http_gunzip_module--with-http_gzip_static_module--with-http_mp4_module--with-http_random_index_module--with-http_realip_module--with-http_secure_link_module--with-http_slice_module--with-http_ssl_module--with-http_stub_status_module--with-http_sub_module--with-http_v2_module--with-mail--with-mail_ssl_module--with-stream--with-stream_realip_module--with-stream_ssl_module--with-stream_ssl_preread_module--with-cc-opt='-g-O2-fdebug-prefix-map=/data/builder/debuild/nginx-1.13.12/debian/debuild-base/nginx-1.13.12=.-specs=/usr/share/dpkg/no-pie-compile.specs-fstack-protector-strong-Wformat-Werror=format-security-Wp,-D_FORTIFY_SOURCE=2-fPIC'--with-ld-opt='-specs=/usr/share/dpkg/no-pie-link.specs-Wl,-z,relro-Wl,-z,now-Wl,--as-needed-pie'
curlmedáum200OK
curl-Ihttps://v4tailor.comHTTP/2200date:Sat,12May201814:49:46GMTcontent-type:text/html;charset=UTF-8set-cookie:__cfduid=d54d82d396e2f2bad73930fda4a6b883a1526136586;expires=Sun,12-May-1914:49:46GMT;path=/;domain=.v4tailor.com;HttpOnlycache-control:no-cache,privatestrict-transport-security:max-age=31536000;expect-ct:max-age=604800,report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 419db19f1d899a04-EWR
A configuração do Nginx. Eu uso o LetsEncrypt.
//nginx.conf
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.php;
server_name v4tailor.com www.v4tailor.com;
# SSL Certificates
ssl_certificate "/etc/letsencrypt/live/v4tailor.com/cert.pem";
ssl_certificate_key "/etc/letsencrypt/live/v4tailor.com/privkey.pem";
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache shared:SSL:1m;
ssl_session_tickets off;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000;
#includeSubDomains" always;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
}
Isso tudo começou quando eu mudei para o LetsEncrypt, inicialmente eu não percebi isso, já que todos os navegadores que eu uso são implementados no motor Gecko, mas quando eu queria mostrar ao meu chefe a demo, não funcionava embaraçosamente. .
Inicialmente, eu estava usando apenas o Cloud-flare para SSL.
Eu limpei o cache e tentei checar em chrome: // net-internals / events. Também testado em máquinas diferentes.
Pesquisando no Google o erro se torna difícil devido à sua natureza vaga.
Corrigir
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html/main/public;
index index.php;
server_name v4tailor.com www.v4tailor.com;
# SSL Certificates
ssl_certificate "/etc/letsencrypt/live/v4tailor.com/cert.pem";
ssl_certificate_key "/etc/letsencrypt/live/v4tailor.com/privkey.pem";
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache shared:SSL:1m;
ssl_session_tickets off;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security: max-age=31536000;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /render {
proxy_pass http://127.0.0.1:5000/render;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# optionally set the value of the environment variables used in the application
fastcgi_param APP_ENV prod;
fastcgi_param APP_SECRET 23kl86a56;
fastcgi_param DATABASE_URL "mysql://root:patriot356@@localhost:3306/v4tailor";
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
location /blog {
try_files $uri $uri/ /blog/index.php?$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}
O Firefox ignorou o erro de cabeçalho, mas o Chrome parou. Obrigado pessoal !! Eu me pergunto como diabos ele passou nos testes de configuração do Nginx. Isso foi uma dor de cabeça.