Nginx NSposiXerorDomain:尝试打开HTTPS时Safari上出现100错误
我正在创建一个网站,它在Chrome和FireFox上运行良好,但在Safari上出现了一个错误: “NSposiXerorDomain:100” 我发现有一篇帖子告诉我Safari显然不喜欢HTTP/2下的多行HTTP头,并告诉我编辑配置文件并删除所有多行配置 我的服务器使用CPnginx,这是我的配置文件:Nginx NSposiXerorDomain:尝试打开HTTPS时Safari上出现100错误,nginx,https,safari,http-headers,Nginx,Https,Safari,Http Headers,我正在创建一个网站,它在Chrome和FireFox上运行良好,但在Safari上出现了一个错误: “NSposiXerorDomain:100” 我发现有一篇帖子告诉我Safari显然不喜欢HTTP/2下的多行HTTP头,并告诉我编辑配置文件并删除所有多行配置 我的服务器使用CPnginx,这是我的配置文件: #:hybrid:Nginx serve static files apache serve dynamic files:2.0: server { li
#:hybrid:Nginx serve static files apache serve dynamic files:2.0:
server {
listen 107.161.189.242:443 ssl http2 ;
server_name meusite.com.br www.meusite.com.br;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#.............. Cpnginx OCSP stapling protection for security start ....................
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /usr/local/nginx/conf/ssl.ca.d/meusite.com.br_ca-bundle;
resolver 127.0.0.1 8.8.8.8 4.2.2.1 8.8.4.4 4.2.2.2 valid=300s;
resolver_timeout 5s;
#.............. Cpnginx OCSP stapling protection for security end....................
location = /favicon.ico {
log_not_found off;
}
access_log /usr/local/apache/domlogs/meusite.com.br-bytes_log bytes_log buffer=32k flush=5m;
access_log /usr/local/apache/domlogs/meusite.com.br-ssl_log combined buffer=32k flush=5m;
referer_hash_bucket_size 512;
# Static files directly from nginx
location ~* ^.+.(jpg|jpeg|gif|png|svg|webp|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css|3gp|sis|sisx|nth)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
root /home/meusitecom/public_html;
error_page 404 = @apache;
log_not_found off;
}
keepalive_requests 100;
keepalive_timeout 60s;
# Symlink attack
disable_symlinks on from=$document_root;
autoindex on;
# Disable direct access to .ht files and folders
location ~ /\.ht {
deny all;
}
# Access all cpanel services
location ~* ^/(cpanel|webmail|whm|bandwidth|img-sys|java-sys|mailman/archives|pipermail|sys_cpanel|cgi-sys|mailman) {
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Enabled MP4 streaming
location ~ .mp4$ {
mp4;
mp4_buffer_size 4M;
mp4_max_buffer_size 10M;
}
# X-FRAME attach protection
add_header X-Frame-Options "SAMEORIGIN";
# Protect sql injections
set $block_sql_injections 0;
if ($query_string ~ "union.*select.*\(") {
set $block_sql_injections 1;
}
if ($query_string ~ "union.*all.*select.*") {
set $block_sql_injections 1;
}
if ($query_string ~ "concat.*\(") {
set $block_sql_injections 1;
}
if ($block_sql_injections = 1) {
return 403;
}
# common exploit protection
set $block_common_exploits 0;
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}
# Hot Link protections
location ~ \.(jpe?g|png|gif|svg|tiff|bmp|webp|bpg)$ {
valid_referers none blocked meusite.com.br *.meusite.com.br;
if ($invalid_referer) {
return 403;
}
}
location @apache {
internal;
# Internal 404 redirect of static file to apache
access_log off;
log_not_found off;
client_max_body_size 2000m;
client_body_buffer_size 512k;
proxy_buffering on;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_connect_timeout 300s;
proxy_http_version 1.1;
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location / {
access_log off;
# include /usr/local/nginx/conf/vhost.ssl.d/meusite.com.br.rewrite;
log_not_found off;
client_max_body_size 2000m;
client_body_buffer_size 512k;
proxy_buffering on;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_connect_timeout 300s;
proxy_http_version 1.1;
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
# include /usr/local/nginx/conf/vhost.ssl.d/meusite.com.br.include;
}
server {
listen 107.161.189.242:443 ssl http2 ;
server_name cpanel.meusite.com.br whm.meusite.com.br webmail.meusite.com.br webdisk.meusite.com.br cpcalendars.meusite.com.br cpcontacts.meusite.com.br mail.meusite.com.br;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log off;
location / {
location ~ /.well-known{
root /home/meusitecom/public_html;
}
proxy_pass https://127.0.0.1:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#:混合:Nginx服务静态文件apache服务动态文件:2.0:
服务器{
听107.161.189.242:443 ssl http2;
服务器名称:meusite.com.br www.meusite.com.br;
ssl-on;
ssl_certificate/usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key/usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_协议TLSv1 TLSv1.1 TLSv1.2;
ssl首选服务器上的密码;
ssl\u密码"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA228-SHA256:ECDHE-ECDHE-ECDSA-RSA-AES128-SHA:ECDHE-ECDSA-128-ESA256:ECDHE-ECAESSA-384E-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK”;
ssl_会话_缓存共享:ssl:10m;
ssl_会话_超时;
#用于安全启动的Cpnginx OCSP装订保护。。。。。。。。。。。。。。。。。。。。
ssl_钉合;
ssl_装订_验证打开;
ssl_trusted_certificate/usr/local/nginx/conf/ssl.ca.d/meusite.com.br_ca-bundle;
分解器127.0.0.1 8.8.8.8.4.2.2.1 8.8.4.4.2.2有效=300s;
分解器超时5s;
#用于安全端的Cpnginx OCSP装订保护。。。。。。。。。。。。。。。。。。。。
位置=/favicon.ico{
未发现注销日志;
}
access_log/usr/local/apache/domlogs/meusite.com.br-bytes_log bytes_log buffer=32k flush=5m;
access_log/usr/local/apache/domlogs/meusite.com.br-ssl_log组合缓冲区=32k flush=5m;
referer\u hash\u bucket\u大小512;
#直接来自nginx的静态文件
(jpg | jpg | jpg | jpg | jpg | jpg | jpg | jpg | jpg | jpg | jpg | jpg 124;jpg | jpg | jpg | jpg | jpg| JPP 124政政政政政政政政政政政协124;以及以及以及其他网站网站网站124412441244|香港香港香港的网站124412441244|;香港香港的网站|网站|香港的网站|网站|中国中国|;中国|;中国|;中国|;互联网| mp4 | avi | wmv | js | css | 3gp | sis | sisx | nth |美元{
过期30天;
添加标题Pragma public;
添加_头缓存控制“public,必须重新验证,代理重新验证”;
root/home/meusitecom/public\u html;
错误\u第404页=@apache;
未发现注销日志;
}
保持100个请求;
保持生命超时60秒;
#符号链接攻击
禁用from=$document\u root上的符号链接;
自动索引;
#禁用对.ht文件和文件夹的直接访问
位置~/\.ht{
否认一切;
}
#访问所有cpanel服务
位置~*^/(cpanel |网络邮件| whm |带宽| img系统| java系统|邮递员/档案| pipermail |系统| cgi系统|邮递员){
代理通行证https://107.161.189.242:9443;
代理设置头主机$Host;
代理集头X-Real-IP$remote\u addr;
proxy\u set\u header X-Forwarded-For$proxy\u add\u X\u Forwarded\u For;
}
#已启用MP4流媒体
地点~.mp4${
mp4;
mp4缓冲区尺寸为4M;
mp4最大缓冲区尺寸为10M;
}
#X-框连接保护
添加标题X-Frame-Options“SAMEORIGIN”;
#保护sql注入
将$block\u sql\u设置为0;
如果($query_string~“union.*select.*\(”){
将$block\u sql\u设置为1;
}
if($query_string~“union.*all.*select.*”){
将$block\u sql\u设置为1;
}
if($query_string~“concat.*\(”){
将$block\u sql\u设置为1;
}
如果($block\u sql\u injections=1){
返回403;
}
#通用漏洞保护
设置$block\u common\u漏洞0;
if($query_string~“(|%3E)”){
将$block\u common\u漏洞设置为1;
}
if($query\u string~“全局(\[\%[0-9A-Z]{0,2})”){
将$block\u common\u漏洞设置为1;
}
if($query\u string~“\u请求(\[\\%[0-9A-Z]{0,2})”){
将$block\u common\u漏洞设置为1;
}
if($query\u string~“proc/self/environ”){
将$block\u common\u漏洞设置为1;
}
if($query\u string~“mosConfig\u[a-zA-Z\u]{1,21}(\\%3D)”){
将$block\u common\u漏洞设置为1;
}
if($query_string~“base64(en|de)code\(.*)){
将$block\u common\u漏洞设置为1;
}
如果($block\u common\u漏洞=1){
返回403;
}
#热连接保护
地点~\(jpe?g|png | gif | svg | tiff | bmp | webp | bpg)${
有效的\u引用无阻止的meusite.com.br*.meusite.com.br;
如果($invalid\u referer){
返回403;
}
}
位置@apache{
内部的;
#内部404将静态文件重定向到apache
访问/注销;
未发现注销日志;
客户机最大机身尺寸2000m;
客户端\主体\缓冲区\大小512k;
代理缓存打开;
代理发送超时300s;
代理读取超时300s;
代理缓冲区大小64k;
代理缓存32 64k;
代理缓存大小128k;
代理临时文件写入大小128k;
代理连接超时300s;
proxy_http_版本1.1;
代理通行证https://107.161.189.242:9443;
代理设置头主机$Host;
代理集头X-Real-IP$remote\u addr;
代理服务器