首页   注册   登录
 constructor 最近的时间轴更新
constructor

constructor

V2EX 第 301921 号会员,加入于 2018-03-21 00:00:13 +08:00
今日活跃度排名 8446
“科技树”到底是啥东西
科技  •  constructor  •  37 分钟前  •  最后回复来自 WingOnSummit
15
https SSL 握手时间过长,大于 3 秒
程序员  •  constructor  •  81 天前  •  最后回复来自 BitCert
14
9.9 元注册阿里云云上公司,很诱人
程序员  •  constructor  •  74 天前  •  最后回复来自 devli
97
Redis 也被挖矿攻击!
程序员  •  constructor  •  253 天前  •  最后回复来自 dnsaq
27
孙正义 1975 年就挣了 100 万美元!
程序员  •  constructor  •  277 天前  •  最后回复来自 snw
49
双拼域名 pinshuang.com 才 3000 元
问与答  •  constructor  •  2019-07-16 21:14:48 PM  •  最后回复来自 PressOne
5
度娘这些都是些什么?
问与答  •  constructor  •  2019-04-25 19:24:05 PM  •  最后回复来自 longxiaoyun
42
constructor 最近回复了
自己买电池?自己拆卸换电池?电池多少钱?
好文章,争论地很激烈更是学到不少东西。我想用 Snowflake 生成 MySQL 不可预测的主键 id 看来是合适的。只是单机服务,还有更好的方案吗?
这个月经贴很有价值!看得不亦乐乎
76 天前
回复了 GeekSky 创建的主题 程序员 求助!关于 OCSP 装订的问题。
@dingyx99 看看前几天我怎么从坑里出来的: https://v2ex.com/t/672952,看附言部分的总结。
81 天前
回复了 constructor 创建的主题 程序员 https SSL 握手时间过长,大于 3 秒
OCSP 服务器连接不上, ping ocsp.int-x3.letsencrypt.org 超时

通过 openssl 验证超时:

```
openssl ocsp -issuer fullchain.pem -cert cert.pem -text -url http://ocsp.int-x3.letsencrypt.org
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: 25AA0A105713B51AB5A49554679566211FA63FCF
Serial Number: 03638E20AC5D648DA7DB51EA00638CFAEF33
Request Extensions:
OCSP Nonce:
0410053BDB6861C216D9924BC81A9295430F
Error connecting BIO
Error querying OCSP responder
4733388396:error:02FFF03C:system library:func(4095):Operation timed out:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/bio/bss_conn.c:244:host=ocsp.int-x3.letsencrypt.org:80
4733388396:error:20FFF067:BIO routines:CRYPTO_internal:connect error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/bio/bss_conn.c:247:
```
81 天前
回复了 constructor 创建的主题 程序员 https SSL 握手时间过长,大于 3 秒
@jacklin96
"更换证书"是指换其他 CA 比如 Symantec 、GlobalSign 、GeoTrust 还是用 Let's Encrypt 重新生成证书?
81 天前
回复了 constructor 创建的主题 程序员 https SSL 握手时间过长,大于 3 秒
@jaylee4869

### 1. ngxin.conf 配置如下

```conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
```

### 2. 网站 dev.example.com 配置如下:

```conf
server {
listen 80;
listen [::]:80;

server_name dev.example.com;

location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://112.74.113.106:8090;
}

listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
```conf

### 3. curl -vvv https://dev.example.com 输出如下:

```conf
* Rebuilt URL to: https://dev.example.com/
* Trying 112.74.90.77...
* TCP_NODELAY set
* Connected to dev.example.com (112.74.90.77) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.example.com
* start date: Apr 29 13:04:41 2020 GMT
* expire date: Jul 28 13:04:41 2020 GMT
* subjectAltName: host "dev.example.com" matched cert's "*.example.com"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: dev.example.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Mon, 18 May 2020 10:38:26 GMT
< Content-Type: text/html
< Content-Length: 2878
< Last-Modified: Sun, 17 May 2020 10:44:30 GMT
< Connection: keep-alive
< ETag: "5ec1158e-b3e"
< Accept-Ranges: bytes
```

* 域名和 IP 进行了替换,还请谅解。 *
113 天前
回复了 yafoo 创建的主题 程序员 赶紧起床了, vue3 beta 发布了!
什么时候才能有配套的 UI 库, element-ui 还打算更新吗
支持楼主,虽第一次了解到 iina,但剽窃可耻
134 天前
回复了 sszxcss 创建的主题 GitHub 轮到劫持 github.com 了
@127000 链接 404
关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   2632 人在线   最高记录 5168   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 20ms · UTC 06:16 · PVG 14:16 · LAX 23:16 · JFK 02:16
♥ Do have faith in what you're doing.