不知怎的最近黑群晖各类服务必须用 https 打开?

2020-12-06 09:54:11 +08:00
 yuhaaitao
之前不是这样的,比如 qb 下载之前就 http 打开就行了,关键是现在 qb 用 https 也打不开呀
1553 次点击
所在节点    问与答
14 条回复
AllenHua
2020-12-06 10:11:36 +08:00
浏览器原因?

或者看看 黑群晖里的 nginx 的配置
yuhaaitao
2020-12-06 16:34:01 +08:00
@AllenHua 换了台电脑也是这样,最近装了 aria2 做了反向代理有影响吗?
AllenHua
2020-12-06 17:37:39 +08:00
@yuhaaitao #2 aria2 下载工具 不至于影响这个的

先看看 qb 进程是不是活着的

然后看看 80 端口有没有被监听 个人怀疑应该是 nginx 或者 uhttpd 之类的造成的 端口冲突也有可能
yuhaaitao
2020-12-06 17:40:58 +08:00
[![3634b7f4846257d90ebb3a1479a690cc.md.png]( https://img.pterclub.com/images/2020/12/06/3634b7f4846257d90ebb3a1479a690cc.md.png)]( https://s3.pterclub.com:2096/image/8l5rB)
就是设置了这个反向代理
yuhaaitao
2020-12-06 17:47:36 +08:00
@AllenHua ddns+端口号,80 端口没占用吧?
PMR
2020-12-07 09:58:06 +08:00
HSTS

开启功能前先理解作用
一股脑的勾上毫无意义
yuhaaitao
2020-12-07 16:22:35 +08:00
@PMR 去掉 了 HSTS,bitwarden 能正常使用,但是打开 qb 还是提示 https
yuhaaitao
2020-12-07 16:39:35 +08:00
AllenHua
2020-12-07 18:40:47 +08:00
@yuhaaitao #8 贴一下 conf/nginx.conf 看看?
yuhaaitao
2020-12-07 21:02:46 +08:00
@AllenHua #9 [img]https://img.pterclub.com/images/2020/12/07/ngix.png[/img]
安装的这个扩展,不知道配置文件在哪里
AllenHua
2020-12-07 21:58:18 +08:00
@yuhaaitao #10 `sudo find / -name nginx.conf` 找找
yuhaaitao
2020-12-09 20:13:48 +08:00
@AllenHua etc/nginx/nginx.conf 配置
# Copyright (c) 2000-2016 Synology Inc. All rights reserved.

worker_processes auto;
#worker_cpu_affinity auto;
worker_rlimit_nofile 65535;

include conf.d/main.conf;

events {
use epoll;
multi_accept on;
accept_mutex on;
worker_connections 1024;

include conf.d/events.conf;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log off;
#access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;
error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;

sendfile on;
server_tokens off;

proxy_request_buffering off;
fastcgi_request_buffering off;
scgi_request_buffering off;

proxy_buffering off;
fastcgi_buffering off;
scgi_buffering off;

resolver_timeout 5s;
client_header_timeout 10s;
client_body_timeout 60s;
send_timeout 60s;
keepalive_timeout 65s 20s;
client_max_body_size 0;
server_names_hash_max_size 8192;

ssl_certificate /usr/syno/etc/certificate/system/default/fullchain.pem;
ssl_certificate_key /usr/syno/etc/certificate/system/default/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_dhparam /usr/syno/etc/ssl/dh2048.pem;
ssl_prefer_server_ciphers on;

ssl_session_tickets off;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 3600s;

server_tag "nginx";

gzip_disable "msie6";
gzip_min_length 1000;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
gzip_static on;

upstream synoscgi {
server unix:/run/synoscgi.sock;
}

index index.html index.htm index.php;

set_real_ip_from 127.0.0.1;
real_ip_header X-Real-IP;

server {
listen 2233 default_server;
listen [::]:2233 default_server;

server_name _;

gzip on;

include app.d/alias.*.conf;
root /usr/syno/synoman;
index index.cgi;

ignore_invalid_headers off;

include app.d/dsm.*.conf;
include /usr/syno/share/nginx/conf.d/dsm.*.conf;
include conf.d/dsm.*.conf;

location = / {
try_files $uri /index.cgi$is_args$query_string;
}

location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;

root /;

include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}

location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {
alias /usr/syno/share/OAuth/index_ds.php;
default_type text/html;
}

location ~ \.cgi {
include scgi_params;
scgi_read_timeout 3600s;
scgi_pass synoscgi;
}

error_page 403 404 500 502 503 504 @error_page;

location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}

location ~ ^/webman/modules/Indexer/ {
deny all;
}

location ~ ^/webapi/lib/ {
deny all;
}

location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {
deny all;
}

location ~ /\. { access_log off; log_not_found off; deny all; }

location ~* \.(?:js|css|png|jpg|gif|ico)$ {
access_log off;
log_not_found off;
}

location = /favicon.ico {
access_log off;
log_not_found off;
}

location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}

}

server {
listen 2234 default_server ssl http2;
listen [::]:2234 default_server ssl http2;

server_name _;

include app.d/alias.*.conf;
root /usr/syno/synoman;
index index.cgi;

ignore_invalid_headers off;

include app.d/dsm.*.conf;
include /usr/syno/share/nginx/conf.d/dsm.*.conf;
include conf.d/dsm.*.conf;

location = / {
try_files $uri /index.cgi$is_args$query_string;
}

location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;

root /;

include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}

location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {
alias /usr/syno/share/OAuth/index_ds.php;
default_type text/html;
}

location ~ \.cgi {
include scgi_params;
scgi_read_timeout 3600s;
scgi_pass synoscgi;
}

error_page 403 404 500 502 503 504 @error_page;

location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}

location ~ ^/webman/modules/Indexer/ {
deny all;
}

location ~ ^/webapi/lib/ {
deny all;
}

location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {
deny all;
}

location ~ /\. { access_log off; log_not_found off; deny all; }

location ~* \.(?:js|css|png|jpg|gif|ico)$ {
access_log off;
log_not_found off;
}

location = /favicon.ico {
access_log off;
log_not_found off;
}

location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}

}

server {
listen 80 default_server;
listen [::]:80 default_server;

gzip on;

server_name _;

location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;

root /;

include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}

include app.d/www.*.conf;
include app.d/alias.*.conf;
include /usr/syno/share/nginx/conf.d/www.*.conf;
include conf.d/www.*.conf;

location = /webdefault/images/logo.jpg {
alias /usr/syno/share/nginx/logo.jpg;
}

error_page 403 404 500 502 503 504 @error_page;

location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}

location ^~ /.well-known/acme-challenge {
root /var/lib/letsencrypt;
default_type text/plain;
}

include app.d/.location.webstation.conf*;

location / {
rewrite ^ / redirect;
}

location ~ ^/$ {
rewrite / http://$host:2233/ redirect;
}
}

server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;

server_name _;

location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
internal;

root /;

include app.d/x-accel.*.conf;
include conf.d/x-accel.*.conf;
}

include app.d/www.*.conf;
include app.d/alias.*.conf;
include /usr/syno/share/nginx/conf.d/www.*.conf;
include conf.d/www.*.conf;

location = /webdefault/images/logo.jpg {
alias /usr/syno/share/nginx/logo.jpg;
}

error_page 403 404 500 502 503 504 @error_page;

location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
}

location ^~ /.well-known/acme-challenge {
root /var/lib/letsencrypt;
default_type text/plain;
}

include app.d/.location.webstation.conf*;

location / {
rewrite ^ / redirect;
}

location ~ ^/$ {
rewrite / https://$host:2234/ redirect;
}
}

include conf.d/http.*.conf;
include app.d/server.*.conf;
include sites-enabled/*;
}
yuhaaitao
2020-12-09 20:16:59 +08:00
AllenHua
2020-12-09 22:17:02 +08:00
@yuhaaitao #13 应该就是 /etc/nginx/nginx.conf 的

重点关注一下 listen 80 那个 server 块,我也看不出来到底是什么原因导致无法访问 http://YOUR_IP 的

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/732573

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX