Log a process that handles HTTPS monitoring incorrectly

Last Update:2017-07-26 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Today the development feedback encountered such a phenomenon when testing the Kingsoft device:

wget https://funchlscdn.lechange.cn/LCLR/2K02135PAK01979/0/0/20170726085033/dev_20170726085033_ lpxh73ezzb92xxa8.m3u8--2017-07-26 11:49:26--https://funchlscdn.lechange.cn/LCLR/2K02135PAK01979/0/0/ 20170726085033/dev_20170726085033_lpxh73ezzb92xxa8.m3u8 Resolving funchlscdn.lechange.cn ... 120.92.158.134 Connecting to funchlscdn.lechange.cn|120.92.158.134|:443 ... Connected. Openssl:error:140770fc:ssl Routines:SSL23_GET_SERVER_HELLO:unknown Protocol Unable to establish SSL connection.

The "error:140770fc:ssl Routines:SSL23_GET_SERVER_HELLO:unknown Protocol" error is caused by sending an HTTPS request to a service that only provides HTTP.

#ping funchlscdn.lechange.cn, after obtaining the IP corresponding to this domain name, return to the Kingsoft console and find that the IP is a load balancer, but this load balancer configuration is the HTTP protocol for Port 80. The 443 port or the HTTP protocol, then changed to HTTPS, after re-testing, found that the error has become:

[Email protected] ~]# wget https://funchlscdn.lechange.cn/LCLR/2K02135PAK01979/0/0/20170726085033/dev_ 20170726085033_lpxh73ezzb92xxa8.m3u8--2017-07-26 16:08:15--https://funchlscdn.lechange.cn/LCLR/2K02135PAK01979/ 0/0/20170726085033/dev_20170726085033_lpxh73ezzb92xxa8.m3u8resolving funchlscdn.lechange.cn ... 120.92.158.134Connecting to funchlscdn.lechange.cn|120.92.158.134|:443 ... Connected. HTTP request sent, awaiting response ... 502 Bad gateway2017-07-26 16:08:15 ERROR 502:bad Gateway.

Open effect in Browser

502 Bad Gateway

The proxy server received an invalid response from an upstream server.

_____

Ksyun ELB 1.0.0

[[email protected] ~]# wget http://funchlscdn.lechange.cn/lclr/2k02135pak01979/0/0/ 20170726085033/dev_20170726085033_lpxh73ezzb92xxa8.m3u8 --2017-07-26 15:31:55--  http:// Funchlscdn.lechange.cn/lclr/2k02135pak01979/0/0/20170726085033/dev_20170726085033_ lpxh73ezzb92xxa8.m3u8resolving funchlscdn.lechange.cn... 120.92.158.134connecting to  Funchlscdn.lechange.cn|120.92.158.134|:80... connected. http request sent, awaiting response... 302 foundlocation: http:// 120.92.133.76:8090/lclr/2k02135pak01979/0/0/20170726085033/dev_20170726085033_lpxh73ezzb92xxa8.m3u8 [ following]--2017-07-26 15:31:55--  http://120.92.133.76:8090/lclr/2k02135pak01979/0/0/ 20170726085033/dev_20170726085033_lpxh73ezzb92xxa8.m3u8connecting to 120.92.133.76:8090...  Connected. http request sent, awaiting response... 200 oklength: 66 [application/ X-mpegurl]saving to:  "dev_20170726085033_lpxh73ezzb92xxa8.m3u8" 100%[======================================== =============================================================================================================== =>] 66          --.-k/s   in 0s       2017-07-26 15:31:55  (3.02 mb/s)  -  "dev_ 20170726085033_lpxh73ezzb92xxa8.m3u8 "&NBSP;SAVED&NBSP;[66/66]

So called to develop the HTTP and HTTPS detailed process, development said in HTTP, the design route is as follows:

Development modules, HTTP (9001)

In HTTPS, the design route is as follows:

HTTPS (443)->nginx (8000) Development module (9001)

This time found the problem, the original Kingsoft is not configured HTTPS certificate, so developers use Nginx 8000 port to listen to SSL to achieve the effect of HTTPS certificate, but later Kingsoft console added HTTPS certificate, No longer need Nginx to configure the SSL certificate, and then to HTTPS monitoring 8000 This step is wrong, so in the load balancer there changed to:

HTTPS (443) Development Module (9001)

At the same time to close the Nginx, and then to test the HTTPS request, it succeeded!

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9C/FA/wKioL1l4XyLBNt4RAAEsCPefYqk951.png "title=" 2.png "alt=" Wkiol1l4xylbnt4raaescpefyqk951.png "/>

In fact, if you want to use the Nginx SSL certificate, then the routine is: open Nginx, but in the load balancer there using the TCP protocol to listen to Nginx 8000 port, so the same can achieve the effect.

Finally, if you feel this article is helpful for your promotion, please do not hesitate to sponsor the hand, brush the following QR code, sponsorship I continue to write more blog posts!

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9C/C8/wKioL1l16m3BMYDKAACPHEqd55Q687.jpg "title=" Webwxgetmsgimg.jpg "alt=" wkiol1l16m3bmydkaacpheqd55q687.jpg "style=" padding:0px;margin:0px;vertical-align:top; Border:none; "/>

This article is from "Life is waiting for Gordo" blog, please make sure to keep this source http://chenx1242.blog.51cto.com/10430133/1951191

Log a process that handles HTTPS monitoring incorrectly

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More