我有一个 Laravel 8 应用程序。
我不知道我错过了什么。我正在尝试在我的服务器中部署一个站点。
我不断得到:
SSL 证书无效
https://mybabies.app/
server {
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
server_name mybabies.app www.mybabies.app;
root /home/bheng/mybabies/public;
index index.html index.htm index.php;
charset utf-8;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
client_max_body_size 500M;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
error_page 404 /index.php;
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location / {
#limit_req zone=one burst=2 nodelay;
try_files $uri $uri/ /index.php?$query_string;
add_header 'Access-Control-Allow-Origin' '*';
}
}
我已经创建 crt
+ pem
键入 CloudFlare 并在以下两行中进行配置:ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
编辑
当我暂停它
当我点击
View Certificate
, 我懂了更新
我创建了证书
最佳答案
要在 Cloudflare 和您的服务器之间设置安全连接,您需要生成 原产地CA证书在页面源证书中,但您在客户端证书中执行了此操作,因此这就是您收到错误的原因。
它们是完全不同的东西,具有不同的目的。阅读说明。
客户证书
Secure and authenticate your APIs and web applications with client certificates. Block traffic from devices that do not have a valid client SSL/TLS certificate with mTLS rules.
原产地证书
Generate a free TLS certificate signed by Cloudflare to install on your origin server. Origin Certificates are only valid for encryption between Cloudflare and your origin server.
生成 PEM 后,您需要将它们放入 .crt 和 .key 并加载到 nginx 配置中,就像您之前所做的那样。
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
现在连接全(严格)应该管用。如果您想改用自签名证书,但仍要利用 CF 和服务器之间的安全连接,请使用选项 全相反(没有严格)。通过使用 灵活 您的访问者仍将使用 HTTPS,但 CF 和服务器之间将没有 SSL 连接,服务器会将其视为 HTTP 连接,因此不建议使用此选项。
更多:https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-
关于laravel - CloudFlare SSL 证书无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67152581/