duankuaiwang2706
2016-11-26 09:51
浏览 196
已采纳

Golang + Nginx + https

I have - Go to the server as a listener http and https. Nginx configured to process incoming requests for http + https. Certificates in order. Using separate servers runs perfectly on the results of queries to them on https protocol. However, when I use a proxying nginx https is not getting a response from the server and the server Go

"http: TLS handshake error from 127.0.0.1:54037: tls: first record does not look like a TLS handshake

What could be the problem?

Client Go:

package main

import (
    "net/http"
    "log"

)

func HelloSSLServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.
"))
    // fmt.Fprintf(w, "This is an example server.
")
    // io.WriteString(w, "This is an example server.
")
}

func main() {
    http.HandleFunc("/", HelloSSLServer)
    go http.ListenAndServe("192.168.1.2:80", nil)
    err := http.ListenAndServeTLS("localhost:9007", "/etc/letsencrypt/live/somedomain/fullchain.pem", "/etc/letsencrypt/live/somedomain/privkey.pem", nil)

    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }



}

Nginx config:

server {
    listen       192.168.1.2:80;
    server_name   somedomain;
    rewrite ^ https://$host$request_uri? permanent;    
}
server {
    listen        192.168.1.2:443 ssl;
    server_name   somedomain;
    access_log    /var/log/nginx/dom_access.log;
    error_log     /var/log/nginx/dom_error.log;
    ssl_certificate     /stuff/ssl/domain.cert;
    ssl_certificate_key /stuff/ssl/private.cert;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;


    location /
    {
        proxy_pass http://localhost:9007;
#       proxy_redirect    http://localhost:1500 http://site1;
        proxy_cookie_domain localhost somedomain;
        proxy_buffering off;

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Client-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • duanji1924 2016-11-26 10:20
    已采纳

    Use https with the proxy_pass

    location /
    {
        proxy_pass https://localhost:9007;
        ...
    }
    
    点赞 评论
  • dongsu3654 2017-07-16 02:27

    nginx .config file should like this

    server {
            listen 443 ssl http2;
            listen 80;
            server_name www.mojotv.cn;
            ssl_certificate     /home/go/src/my_go_web/ssl/**.pem; 
            ssl_certificate_key /home/go/src/my_go_web/ssl/**.key; 
            ssl_session_timeout 5m;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
            ssl_prefer_server_ciphers on;
            location /(css|js|fonts|img)/ {
                access_log off;
                expires 1d;
                root "/home/go/src/my_go_web/static";
                try_files $uri @backend;
            }
            location / {
                try_files /_not_exists_ @backend;
            }
            location @backend {
               proxy_set_header X-Forwarded-For $remote_addr;
               proxy_set_header Host $http_host;
               proxy_pass http://127.0.0.1:********;
            }
            access_log  /home/wwwroot/www.mojotv.cn.log;## nginx log path
    }
    

    the golang web app with http2 ssl feature shiped with nginx

    点赞 评论
  • dongxianchu3541 2017-12-16 13:00

    I get a similar error message to OP for a more basic Go server that doesn't have extra config.

    tls: first record does not look like a TLS handshake

    My temp fix was simply to make sure the test URL includes both "https://" and the port number in the URL.

    didn't work - ipaddress

    didn't work - https://ipaddress

    worked - https://ipaddress:8081

    It'll do for testing, until a more advanced setup. Just posting this to help others in troubleshooting.

    点赞 评论

相关推荐 更多相似问题