V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
yuhaaitao
V2EX  ›  问与答

不知怎的最近黑群晖各类服务必须用 https 打开?

  •  
  •   yuhaaitao · 2020-12-06 09:54:11 +08:00 · 1547 次点击
    这是一个创建于 1475 天前的主题,其中的信息可能已经有所发展或是发生改变。
    之前不是这样的,比如 qb 下载之前就 http 打开就行了,关键是现在 qb 用 https 也打不开呀
    14 条回复    2020-12-09 22:17:02 +08:00
    AllenHua
        1
    AllenHua  
       2020-12-06 10:11:36 +08:00   ❤️ 1
    浏览器原因?

    或者看看 黑群晖里的 nginx 的配置
    yuhaaitao
        2
    yuhaaitao  
    OP
       2020-12-06 16:34:01 +08:00 via Android
    @AllenHua 换了台电脑也是这样,最近装了 aria2 做了反向代理有影响吗?
    AllenHua
        3
    AllenHua  
       2020-12-06 17:37:39 +08:00   ❤️ 1
    @yuhaaitao #2 aria2 下载工具 不至于影响这个的

    先看看 qb 进程是不是活着的

    然后看看 80 端口有没有被监听 个人怀疑应该是 nginx 或者 uhttpd 之类的造成的 端口冲突也有可能
    yuhaaitao
        4
    yuhaaitao  
    OP
       2020-12-06 17:40:58 +08:00
    [![3634b7f4846257d90ebb3a1479a690cc.md.png]( https://img.pterclub.com/images/2020/12/06/3634b7f4846257d90ebb3a1479a690cc.md.png)]( https://s3.pterclub.com:2096/image/8l5rB)
    就是设置了这个反向代理
    yuhaaitao
        5
    yuhaaitao  
    OP
       2020-12-06 17:47:36 +08:00
    @AllenHua ddns+端口号,80 端口没占用吧?
    PMR
        6
    PMR  
       2020-12-07 09:58:06 +08:00 via Android   ❤️ 1
    HSTS

    开启功能前先理解作用
    一股脑的勾上毫无意义
    yuhaaitao
        7
    yuhaaitao  
    OP
       2020-12-07 16:22:35 +08:00
    @PMR 去掉 了 HSTS,bitwarden 能正常使用,但是打开 qb 还是提示 https
    yuhaaitao
        8
    yuhaaitao  
    OP
       2020-12-07 16:39:35 +08:00
    AllenHua
        9
    AllenHua  
       2020-12-07 18:40:47 +08:00   ❤️ 1
    @yuhaaitao #8 贴一下 conf/nginx.conf 看看?
    yuhaaitao
        10
    yuhaaitao  
    OP
       2020-12-07 21:02:46 +08:00
    @AllenHua #9 [img]https://img.pterclub.com/images/2020/12/07/ngix.png[/img]
    安装的这个扩展,不知道配置文件在哪里
    AllenHua
        11
    AllenHua  
       2020-12-07 21:58:18 +08:00
    @yuhaaitao #10 `sudo find / -name nginx.conf` 找找
    yuhaaitao
        12
    yuhaaitao  
    OP
       2020-12-09 20:13:48 +08:00
    @AllenHua etc/nginx/nginx.conf 配置
    # Copyright (c) 2000-2016 Synology Inc. All rights reserved.

    worker_processes auto;
    #worker_cpu_affinity auto;
    worker_rlimit_nofile 65535;

    include conf.d/main.conf;

    events {
    use epoll;
    multi_accept on;
    accept_mutex on;
    worker_connections 1024;

    include conf.d/events.conf;
    }

    http {
    include mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log off;
    #access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;
    error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;

    sendfile on;
    server_tokens off;

    proxy_request_buffering off;
    fastcgi_request_buffering off;
    scgi_request_buffering off;

    proxy_buffering off;
    fastcgi_buffering off;
    scgi_buffering off;

    resolver_timeout 5s;
    client_header_timeout 10s;
    client_body_timeout 60s;
    send_timeout 60s;
    keepalive_timeout 65s 20s;
    client_max_body_size 0;
    server_names_hash_max_size 8192;

    ssl_certificate /usr/syno/etc/certificate/system/default/fullchain.pem;
    ssl_certificate_key /usr/syno/etc/certificate/system/default/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    ssl_dhparam /usr/syno/etc/ssl/dh2048.pem;
    ssl_prefer_server_ciphers on;

    ssl_session_tickets off;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 3600s;

    server_tag "nginx";

    gzip_disable "msie6";
    gzip_min_length 1000;
    gzip_types text/plain text/css application/javascript application/json;
    gzip_vary on;
    gzip_static on;

    upstream synoscgi {
    server unix:/run/synoscgi.sock;
    }

    index index.html index.htm index.php;

    set_real_ip_from 127.0.0.1;
    real_ip_header X-Real-IP;

    server {
    listen 2233 default_server;
    listen [::]:2233 default_server;

    server_name _;

    gzip on;

    include app.d/alias.*.conf;
    root /usr/syno/synoman;
    index index.cgi;

    ignore_invalid_headers off;

    include app.d/dsm.*.conf;
    include /usr/syno/share/nginx/conf.d/dsm.*.conf;
    include conf.d/dsm.*.conf;

    location = / {
    try_files $uri /index.cgi$is_args$query_string;
    }

    location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
    internal;

    root /;

    include app.d/x-accel.*.conf;
    include conf.d/x-accel.*.conf;
    }

    location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {
    alias /usr/syno/share/OAuth/index_ds.php;
    default_type text/html;
    }

    location ~ \.cgi {
    include scgi_params;
    scgi_read_timeout 3600s;
    scgi_pass synoscgi;
    }

    error_page 403 404 500 502 503 504 @error_page;

    location @error_page {
    root /usr/syno/share/nginx;
    rewrite (.*) /error.html break;
    }

    location ~ ^/webman/modules/Indexer/ {
    deny all;
    }

    location ~ ^/webapi/lib/ {
    deny all;
    }

    location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {
    deny all;
    }

    location ~ /\. { access_log off; log_not_found off; deny all; }

    location ~* \.(?:js|css|png|jpg|gif|ico)$ {
    access_log off;
    log_not_found off;
    }

    location = /favicon.ico {
    access_log off;
    log_not_found off;
    }

    location = /robots.txt {
    allow all;
    access_log off;
    log_not_found off;
    }

    }

    server {
    listen 2234 default_server ssl http2;
    listen [::]:2234 default_server ssl http2;

    server_name _;

    include app.d/alias.*.conf;
    root /usr/syno/synoman;
    index index.cgi;

    ignore_invalid_headers off;

    include app.d/dsm.*.conf;
    include /usr/syno/share/nginx/conf.d/dsm.*.conf;
    include conf.d/dsm.*.conf;

    location = / {
    try_files $uri /index.cgi$is_args$query_string;
    }

    location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
    internal;

    root /;

    include app.d/x-accel.*.conf;
    include conf.d/x-accel.*.conf;
    }

    location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {
    alias /usr/syno/share/OAuth/index_ds.php;
    default_type text/html;
    }

    location ~ \.cgi {
    include scgi_params;
    scgi_read_timeout 3600s;
    scgi_pass synoscgi;
    }

    error_page 403 404 500 502 503 504 @error_page;

    location @error_page {
    root /usr/syno/share/nginx;
    rewrite (.*) /error.html break;
    }

    location ~ ^/webman/modules/Indexer/ {
    deny all;
    }

    location ~ ^/webapi/lib/ {
    deny all;
    }

    location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {
    deny all;
    }

    location ~ /\. { access_log off; log_not_found off; deny all; }

    location ~* \.(?:js|css|png|jpg|gif|ico)$ {
    access_log off;
    log_not_found off;
    }

    location = /favicon.ico {
    access_log off;
    log_not_found off;
    }

    location = /robots.txt {
    allow all;
    access_log off;
    log_not_found off;
    }

    }

    server {
    listen 80 default_server;
    listen [::]:80 default_server;

    gzip on;

    server_name _;

    location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
    internal;

    root /;

    include app.d/x-accel.*.conf;
    include conf.d/x-accel.*.conf;
    }

    include app.d/www.*.conf;
    include app.d/alias.*.conf;
    include /usr/syno/share/nginx/conf.d/www.*.conf;
    include conf.d/www.*.conf;

    location = /webdefault/images/logo.jpg {
    alias /usr/syno/share/nginx/logo.jpg;
    }

    error_page 403 404 500 502 503 504 @error_page;

    location @error_page {
    root /usr/syno/share/nginx;
    rewrite (.*) /error.html break;
    }

    location ^~ /.well-known/acme-challenge {
    root /var/lib/letsencrypt;
    default_type text/plain;
    }

    include app.d/.location.webstation.conf*;

    location / {
    rewrite ^ / redirect;
    }

    location ~ ^/$ {
    rewrite / http://$host:2233/ redirect;
    }
    }

    server {
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    server_name _;

    location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {
    internal;

    root /;

    include app.d/x-accel.*.conf;
    include conf.d/x-accel.*.conf;
    }

    include app.d/www.*.conf;
    include app.d/alias.*.conf;
    include /usr/syno/share/nginx/conf.d/www.*.conf;
    include conf.d/www.*.conf;

    location = /webdefault/images/logo.jpg {
    alias /usr/syno/share/nginx/logo.jpg;
    }

    error_page 403 404 500 502 503 504 @error_page;

    location @error_page {
    root /usr/syno/share/nginx;
    rewrite (.*) /error.html break;
    }

    location ^~ /.well-known/acme-challenge {
    root /var/lib/letsencrypt;
    default_type text/plain;
    }

    include app.d/.location.webstation.conf*;

    location / {
    rewrite ^ / redirect;
    }

    location ~ ^/$ {
    rewrite / https://$host:2234/ redirect;
    }
    }

    include conf.d/http.*.conf;
    include app.d/server.*.conf;
    include sites-enabled/*;
    }
    yuhaaitao
        13
    yuhaaitao  
    OP
       2020-12-09 20:16:59 +08:00
    AllenHua
        14
    AllenHua  
       2020-12-09 22:17:02 +08:00
    @yuhaaitao #13 应该就是 /etc/nginx/nginx.conf 的

    重点关注一下 listen 80 那个 server 块,我也看不出来到底是什么原因导致无法访问 http://YOUR_IP 的
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5372 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 06:52 · PVG 14:52 · LAX 22:52 · JFK 01:52
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.