请求帮助解决 Nginx 反代 google 在添加 upstream 的 SSL 握手失败问题,谢谢帮助!

2017-02-22 14:38:14 +08:00
 hgjian
配置文件如下:
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
multi_accept on;
use epoll;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
autoindex on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 120;
types_hash_max_size 2048;
gzip on;
gzip_disable "msie6";
server_tokens off;
proxy_cache_path /var/www/cache/ levels=1:2 keys_zone=one:100m inactive=1d max_size=1g;
proxy_cache_key $host$request_uri;


# include /etc/nginx/conf.d/*.conf;
# include /etc/nginx/sites-enabled/*;
# 导入 sever 配置

# **************************************************
upstream google{
server 172.217.6.99 max_fails=3 fail_timeout=10s;
server 172.217.0.3 max_fails=3 fail_timeout=10s;
server 172.217.1.35 max_fails=3 fail_timeout=10s;
}
# **************************************************

server {
listen 80;
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/example.com/privkey1.pem;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
{
return 403;
}
if ( $host != "example.com" ) {
return 403;
}
if ($scheme = http) {
rewrite ^/(.*) https://$server_name/$1 permanent;
}

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

location / {

access_log /etc/nginx/log.log;
error_log /etc/nginx/error.log error;
proxy_cache one;
proxy_cache_valid 200 302 2h;
proxy_cache_valid 404 1h;
proxy_buffering off;

proxy_pass https://google;

proxy_redirect https://www.google.com/ /;
proxy_redirect off;

proxy_set_header Host $proxy_host;

proxy_cookie_domain google.com example.com;

proxy_set_header Accept-Encoding "";
proxy_set_header referer "https://$proxy_host$request_uri";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "zh-CN";
proxy_set_header Cookie "PREF=ID=047818f19f6de346:U=0f622f33dd8549d11:FF=25:LD=zh-CN:NW=1:TM=1325238577:LM=1332342444:GM=5:SG=1:S=rE01SyJh2w1IQ-Maw";
sub_filter_types text/css text/xml text/javascript application/json application/javascript;
sub_filter www.google.com.hk example.com;
sub_filter_once off;

} # 结束 location
location /textinputassistant {
proxy_pass https://www.google.com/textinputassistant/;
proxy_set_header Accept-Encoding "";
} # 结束 location
location /_ {
proxy_pass https://apis.google.com/_/;
proxy_set_header Accept-Encoding "";
} # 结束 location
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
} # 结束 location
} # 结束 server
} # 结束 http

测试以后发现不能访问 google ,出现 如下的错误日志:
13143#13143: *10 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream

本人英语不好, google 发现好多英文说明,可是看不懂啊,有大神帮忙解答一下不?
3048 次点击
所在节点    NGINX
8 条回复
hgjian
2017-02-22 14:42:52 +08:00
我是按照网上搜索来的教程设置的,结果就是不行,有人可以帮忙解决一下吗?
defunct9
2017-02-22 14:58:46 +08:00
这个方法不灵了,经常会让你输入识别码,用 sni 吧,也会被封。
所以老老实实的 ss 吧
hgjian
2017-02-22 15:03:59 +08:00
@defunct9 请问你说的 SS 是指 Shadowsocks 代理吗?
uzumaki
2017-02-22 15:30:11 +08:00
@hgjian 99%确定是 Shadowsocks
defunct9
2017-02-22 15:37:59 +08:00
Yes ,it is.
hgjian
2017-02-22 15:40:58 +08:00
@defunct9 @uzumaki 感谢回复。
fudanglp
2017-02-22 15:46:25 +08:00
hgjian
2017-02-22 15:49:50 +08:00
@fudanglp 谢谢,我去看一下

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/342311

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX