【问题标题】:SSL connection to Thin through vagrant通过 vagrant 到 Thin 的 SSL 连接
【发布时间】:2013-10-16 18:34:18
【问题描述】:

我正在运行一个 Rails 应用程序,它强制 SSL 并在 vagrant VM 内使用 HTTP 基本身份验证。如果我尝试从我的主机向应用程序发出 curl 请求,我会得到

curl -k --verbose https://[user]:[password]@localhost:3001/
* About to connect() to localhost port 3001 (#0)
*   Trying ::1...
* Connection refused
*   Trying fe80::1...
* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 3001 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:3001 
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to localhost:3001 

如果我从虚拟机内部发出相同的 curl 请求,它就可以工作

curl -k --verbose https://[user]:[password]@localhost:3001/
* About to connect() to localhost port 3001 (#0)
*  Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3001 (#0)
* successfully set certificate verify locations:
*  CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
* start date: 2013-10-15 19:38:54 GMT
* expire date: 2023-10-13 19:38:54 GMT
* issuer: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
> GET / HTTP/1.1
> Authorization: Basic [stuff]
> User-Agent: curl/7.29.0
> Host: localhost:3001
> Accept: */*
> 
< HTTP/1.1 200 OK
< Strict-Transport-Security: max-age=31536000
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-UA-Compatible: chrome=1
< Content-Type: application/json; charset=utf-8
< ETag: "80961ae530b068989bbd4463b2fb6308"
< Cache-Control: max-age=0, private, must-revalidate
< Set-Cookie: request_method=GET; path=/; secure
< X-Request-Id: 9d0426ec-eca2-469a-9e36-14c79d69596a
< X-Runtime: 0.894703
< Connection: close
< Server: thin 1.5.1 codename Straight Razor
< 
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
[page]

我开始使用我创建并添加到我的 mac 钥匙串的自签名证书在 VM 中瘦身

bundle exec thin start --ssl --ssl-key-file /etc/ssl/server.key --ssl-cert-file /etc/ssl/server.crt -p 3001

我发现问题是“未知 SSL 协议错误”,但我在网上找到的任何内容都没有帮助。从输出中您可以看到它们都在使用 SSLv3。密钥未过期。我什么都没有,求救。

【问题讨论】:

  • 您是否在 Vagrant 配置中(或直接在 VirtualBox 中)配置了主机和来宾之间的端口转发?
  • 您确定考虑了此端口转发(您可以在 VirtualBox 设置中检查)?
  • 我应该寻找什么具体的东西吗?如果您查看 curl 输出,您会看到当它尝试 127.0.0.1 时它能够连接(它肯定连接到瘦服务器,没有其他任何东西在本地 3001 上运行)
  • @TheQCSorGS 请发布您的 Vagrantfile
  • 你们都完全正确。我复制/粘贴了一个端口转发行并将访客端口保留为 5432。所以我连接到 postgres 而不是 Thin。现在一切正常。拥有如此伟大直觉的道具,谢谢!

标签: curl ssl vagrant thin


【解决方案1】:

Vagrantfile 中的端口转发设置不正确。我正在连接到 postgresql 而不是 Thin 因此连接但 SSL 错误。复制粘贴错误。

【讨论】:

    猜你喜欢
    • 2012-08-30
    • 2014-06-17
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-03-16
    相关资源
    最近更新 更多