在nginx上配置了一个新的域名, 习惯性地用curl请求看看有没有配置错误
因为是https的, 所以
$curl ‘https://test.test.com/‘ -x 127.0.0.1:443 -i -L ?HTTP/1.1 400 Bad Request ?Server: nginx/1.9.12 ?Date: Mon, 08 Aug 2016 07:56:21 GMT ?Content-Type: text/html ?Content-Length: 173 ?Connection: close ???curl: (56) Received HTTP code 400 from proxy after CONNECT ?
400了..ToT
拿浏览器绑个hosts, 正常返回了... @.@
一定curl差了些什么参数了
看了下服务端上面的访问日志, 看到了形如以下的访问日志
[08/Aug/2016:16:07:27 +0800] "CONNECT test.test.com:443 HTTP/1.1" 400 173 "-" "-" "-" ?
果断先拿百度开刷
# curl ‘https://www.baidu.com/‘ -i -L -v ?* About to connect() to www.baidu.com port 443 (#0) ?* ??Trying 14.215.177.38... connected ?* Connected to www.baidu.com (14.215.177.38) port 443 (#0) ?* Initializing NSS with certpath: sql:/etc/pki/nssdb ?* ??CAfile: /etc/pki/tls/certs/ca-bundle.crt ???CApath: none ?* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA ?* Server certificate: ?* <span style="white-space:pre"> ?</span>subject: CN=baidu.com,OU=service operation department,O="Beijing Baidu Netcom Science Technology Co., Ltd.",L=Beijing,ST=Beijing,C=CN ?* <span style="white-space:pre"> ?</span>start date: Sep 17 00:00:00 2015 GMT ?* <span style="white-space:pre"> ?</span>expire date: Aug 31 23:59:59 2016 GMT ?* <span style="white-space:pre"> ?</span>common name: baidu.com ?* <span style="white-space:pre"> ?</span>issuer: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US ?> GET / HTTP/1.1 ?> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 ?> Host: www.baidu.com ?> Accept: */* ?> ?< HTTP/1.1 200 OK ?HTTP/1.1 200 OK ?< Server: bfe/1.0.8.14 ?Server: bfe/1.0.8.14 ?< Date: Mon, 08 Aug 2016 08:11:00 GMT ?Date: Mon, 08 Aug 2016 08:11:00 GMT ?< Content-Type: text/html ?Content-Type: text/html ?< Content-Length: 227 ?Content-Length: 227 ?< Connection: keep-alive ?Connection: keep-alive ?< Last-Modified: Thu, 09 Oct 2014 10:47:57 GMT ?Last-Modified: Thu, 09 Oct 2014 10:47:57 GMT ?< Set-Cookie: BD_NOT_HTTPS=1; path=/; Max-Age=300 ?Set-Cookie: BD_NOT_HTTPS=1; path=/; Max-Age=300 ?< Set-Cookie: BIDUPSID=4264F64D03A9A0D1FE68735BBB55FF4E; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com ?Set-Cookie: BIDUPSID=4264F64D03A9A0D1FE68735BBB55FF4E; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com ?< Set-Cookie: PSTM=1470643860; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com ?Set-Cookie: PSTM=1470643860; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com ?< P3P: CP=" OTI DSP COR IVA OUR IND COM " ?P3P: CP=" OTI DSP COR IVA OUR IND COM " ?< X-UA-Compatible: IE=Edge,chrome=1 ?X-UA-Compatible: IE=Edge,chrome=1 ?< Pragma: no-cache ?Pragma: no-cache ?< Cache-control: no-cache ?Cache-control: no-cache ?< Strict-Transport-Security: max-age=0 ?Strict-Transport-Security: max-age=0 ?< Accept-Ranges: bytes ?Accept-Ranges: bytes ?< Set-Cookie: __bsi=13639875133713009970_00_301_N_N_1_0301_002F_N_N_N_0; expires=Mon, 08-Aug-16 08:11:05 GMT; domain=www.baidu.com; path=/ ?Set-Cookie: __bsi=13639875133713009970_00_301_N_N_1_0301_002F_N_N_N_0; expires=Mon, 08-Aug-16 08:11:05 GMT; domain=www.baidu.com; path=/ ?????< ?<html> ?<head> ?<span style="white-space:pre"> ???</span><script> ?<span style="white-space:pre"> ???????</span>location.replace(location.href.replace("https://","http://")); ?<span style="white-space:pre"> ???</span></script> ?</head> ?<body> ?<span style="white-space:pre"> ???</span><noscript><meta http-equiv="refresh" content="0;url=http://www.baidu.com/"></noscript> ?</body> ?* Connection #0 to host www.baidu.com left intact ?* Closing connection #0 ?</html></pre><pre name="code" class="plain"> ?
# curl ‘https://www.baidu.com/‘ -i -L -v ?-x ‘103.235.46.39:443‘ ???###103.235.46.39是跑到 8.8.8.8 dns出来的ip ?* About to connect() to proxy 103.235.46.39 port 443 (#0) ?* ??Trying 103.235.46.39... connected ?* Connected to 103.235.46.39 (103.235.46.39) port 443 (#0) ?<pre name="code" class="plain">* Establish HTTP proxy tunnel to www.baidu.com:443 ?> CONNECT www.baidu.com:443 HTTP/1.1 ?
> Host: www.baidu.com:443> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2> Proxy-Connection: Keep-Alive>< HTTP/1.1 302 Moved TemporarilyHTTP/1.1 302 Moved Temporarily< Server: bfe/1.0.8.14Server: bfe/1.0.8.14< Date: Mon, 08 Aug 2016 07:49:07 GMTDate: Mon, 08 Aug 2016 07:49:07 GMT< Content-Type: text/htmlContent-Type: text/html< Content-Length: 161Content-Length: 161< Connection: closeConnection: close< Location: https://www.baidu.com/search/error.htmlLocation: https://www.baidu.com/search/error.html<* Received HTTP code 302 from proxy after CONNECT* Closing connection #0curl: (56) Received HTTP code 302 from proxy after CONNECT ?
两次请求百度首页, 区别在于 -x 这个参数, 从而确定是这个参数惹的祸
其实会留意到有这么两行
* Establish HTTP proxy tunnel to www.baidu.com:443 ?> CONNECT www.baidu.com:443 HTTP/1.1 ?
curl -x参数, man文档里面对这个参数的描述, 第一句就是 ‘Use the specified proxy‘
大致原因是因为 -x 参数的原因, curl 把 127.0.0.1:443 当成 http proxy 来用
对于 https 的请求, curl 对proxy 先发起一个 connect 请求
但, nginx没有实现 connect 方法
导致 客户端直接报错
解决方法, 目前只看到绕过过去的方法, 改下请求的方式咯
# 这个请求会报错, 会报证书出错 ?curl ‘https://127.0.0.1/‘ -H ‘Host:test.test.com‘ -i -L -v ?# 加个 -k, 不验证证书, 请求成功 ?curl ‘https://127.0.0.1/‘ -H ‘Host:test.test.com‘ -i -L -v -k ?
参考:http://blog.csdn.net/tacuhuh/article/details/52152695
curl请求https资源的时候出现400
原文地址:http://www.cnblogs.com/lazyfang/p/7748563.html