Curl occurs when requesting HTTPS resources 400

A new domain name is configured on Nginx, and it is customary to use curl request to see if there are any configuration errors.

Because it's HTTPS, so

$curl ' https://test.test.com/'-x 127.0.0.1:443-i-L http/1.1-Bad  Request  server:nginx/1.9.12  Date: Mon, Geneva 07:56:21 GMT  content-type:text/html  content-length:173  connection:close    Curl: (56) Received HTTP code-from-proxy after CONNECT  

It's 400. Tot

With a browser tied to the hosts, normal return ... @[email protected]

I'm sure curl is bad for some parameters.

Look at the server above the access log, see the shape of the following access logs

[08/aug/2016:16:07:27 +0800] "CONNECT test.test.com:443 http/1.1" 400 173 "-" "-" "-"  

Decisive first take Baidu to open brush

# curl ' https://www.baidu.com/'-i-l-V * about-to-connect () to www.baidu.com port 443 (#0) * Trying 14.215.177.38 ... Connected * connected to www.baidu.com (14.215.177.38) port 443 (#0) * Initializing NSS with Certpath:sql:/etc/pki/nss DB * Cafile:/ETC/PKI/TLS/CERTS/CA-BUNDLE.CRT capath:none * SSL connection using Tls_rsa_with_aes_128_cbc_sha * S Erver Certificate: * <span style= "White-space:pre" > </span>subject:cn=baidu.com,ou=service operation department,o= "Beijing Baidu netcom Science Technology Co., Ltd.", L=BEIJING,ST=BEIJING,C=CN * <span style= " White-space:pre "> </span>start date:sep 00:00:00 GMT * <span style=" White-space:pre "> </span >expire Date:aug 23:59:59 GMT * <span style= "White-space:pre" > </span>common name:baidu.com * <span style= "White-space:pre" > </span>issuer:cn=verisign Class 3 International Server ca-g3,ou=terms of US E at Https://www.verisign.com/rpa (c) 10,ou=verisign Trust network,o= "VeriSign, Inc.", C=us > get/http/1.1 > user-agent:curl/7.19.7 (x86_64-redhat-linux-gn u) libcurl/7.19.7 nss/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host:www.baidu.com > Accept: */*  ; < http/1.1 http/1.1 OK < server:bfe/1.0.8.14 server:bfe/1.0.8.14 < Date:mon, 2016 08:11: GMT Date:mon, 08:11:00 GMT < content-type:text/html content-type:text/html < Content-length:2 content-length:227 < connection:keep-alive connection:keep-alive < Last-modified:thu, Oct 2014 10:47:5 7 GMT Last-modified:thu, Oct 10:47:57 GMT < Set-cookie:bd_not_https=1; path=/; Max-age=300 Set-cookie:bd_not_https=1; path=/; max-age=300 < set-cookie:bidupsid=4264f64d03a9a0d1fe68735bbb55ff4e; Expires=thu, 31-dec-37 23:55:55 GMT; max-age=2147483647; path=/; Domain=.baidu.com set-cookie:bidupsid=4264f64d03a9a0d1fe68735bbb55ff4e; Expires=thu, 31-dec-37 23:55:55GMT; max-age=2147483647; path=/; Domain=.baidu.com < set-cookie:pstm=1470643860; Expires=thu, 31-dec-37 23:55:55 GMT; max-age=2147483647; path=/; Domain=.baidu.com set-cookie:pstm=1470643860; Expires=thu, 31-dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com < p3p:cp= "OTI DSP cor IVA our ind com ' p3p:cp=" OTI DSP Cor IVA our IND com "< X-ua-compat Ible:ie=edge,chrome=1 x-ua-compatible:ie=edge,chrome=1 < Pragma:no-cache Pragma:no-cache < Cache-control:no -cache Cache-control:no-cache < strict-transport-security:max-age=0 strict-transport-security:max-age=0 < ACC Ept-ranges:bytes Accept-ranges:bytes < set-cookie: __bsi=13639875133713009970_00_301_n_n_1_0301_002f_n_n_n_0; Expires=mon, 08-aug-16 08:11:05 GMT; domain=www.baidu.com; path=/Set-cookie: __bsi=13639875133713009970_00_301_n_n_1_0301_002f_n_n_n_0; Expires=mon, 08-aug-16 08:11:05 GMT; domain=www.baidu.com; path=/< 
</pre><pre name="code" class="plain">  
# Curl'https://www.baidu.com/'-i-l-v-x'103.235.46.39:443'###103.235. $.39 is running to8.8.8.8dns out of IP* About-connect () to Proxy103.235.46.39Port443(#0)  * Trying103.235.46.39. .. connected* Connected to103.235.46.39(103.235.46.39) port443(#0)  <pre name="Code"class="Plain">* Establish HTTP proxy tunnel to www.baidu.com:443> CONNECT www.baidu.com:443http/1.1
> Host:www.baidu.com:443> user-agent:curl/7.19.7(X86_64-REDHAT-LINUX-GNU) libcurl/7.19.7nss/3.21Basic ECC zlib/1.2.3libidn/1.18libssh2/1.4.2> proxy-connection:keep-alive>< http/1.1 302Moved temporarilyhttp/1.1 302Moved temporarily< server:bfe/1.0.8.14server:bfe/1.0.8.14< Date:mon, ,The .  -: the: -Gmtdate:mon, ,The .  -: the: -gmt< content-type:text/htmlcontent-type:text/html< content-length:161content-length:161< connection:closeconnection:close< Location:https://www.baidu.com/search/error.htmlLocation:https://www.baidu.com/search/error.html<* Received HTTP code 302 from proxy after connect* Closing connection #0curl: ($) Received HTTP Code 302 from Pro XY after CONNECT
Two requests Baidu homepage, the difference is-x this parameter, thus determines is this parameter to cause the curse
Actually, we'll notice that there are two lines.
* Establish HTTP Proxy tunnel to www.baidu.com:443  > CONNECT www.baidu.com:443 http/1.1   
Curl-x parameter, the man document inside the description of this parameter, the first sentence is ' Use the specified proxy '
The reason for this is that Curl uses 127.0.0.1:443 as an HTTP proxy because of the-x parameter.
For HTTPS requests, curl initiates a connect request to proxy first
However, Nginx does not implement the Connect method
Causes Direct Client Error
Workaround, now only to see the way around the past, change the way the request
# This request will report an  error, and the certificate will be reported ' HTTPS://127.0.0.1/ ' ' Host:test.test.com ' -i-l-v  -K, does not validate the certificate,  the request succeeds 'https://127.0.0.1/'  'Host:test.test.com' -i-l-v-k  
Reference: http://blog.csdn.net/tacuhuh/article/details/52152695
Curl occurs when requesting HTTPS resources 400