Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
chelkaz2017-04-15 16:27:58
Nginx
chelkaz, 2017-04-15 16:27:58

Anyone running Let's Encrypt SSL in Safari with Nginx/1.10.3 + Apache/2.4.25?

I haven't been able to figure out the reason for a month already... I don't see
any errors in the server logs...
I find many similar problems on the Let's Encrypt SSL apache 2.4 http2 safari request, but I can't find an answer...
The site works on all browsers except IOS and MacOS Safari
If I just open the html file, then everything is ok in safari, as I understand it, the matter is in Apache.
Here is what I have in Apache:

<VirtualHost *:88>
  ServerAdmin [email protected]
  DocumentRoot "/data/wwwroot/site.com/www/public"
  ServerName site.com
  ServerAlias www.site.com
  SSLEngine on
  SSLCertificateFile "/usr/local/nginx/conf/ssl/site.com.crt"
  SSLCertificateKeyFile "/usr/local/nginx/conf/ssl/site.com.key"
  ErrorLog "/data/wwwlogs/site.com_error_apache.log"
  CustomLog "/dev/null" common
  # CustomLog /data/wwwroot/site.com/www/public/httpd.log common
<Directory "/data/wwwroot/site.com/www/public">
  SetOutputFilter DEFLATE
  Options FollowSymLinks ExecCGI
  Require all granted
  AllowOverride All
  Order allow,deny
  Allow from all
  DirectoryIndex index.html index.php
</Directory>
</VirtualHost>

Here is Nginx:
server {
  listen 80;
  listen 443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/site.com.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/site.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name site.com www.site.com;
  access_log off;
  index index.html index.htm index.php;
  root /data/wwwroot/site.com/www/public;
  if ($ssl_protocol = "") { return 301 https://$server_name$request_uri; }
  if ($host != site.com) {  return 301 $scheme://site.com$request_uri;  }
  
  location / {
    try_files $uri @apache;
  }
  location @apache {
    proxy_pass http://127.0.0.1:88;
    include proxy.conf;
  }
  location ~ .*\.(php|php5|cgi|pl)?$ {
    proxy_pass http://127.0.0.1:88;
    include proxy.conf;
  }
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
chelkaz, 2017-05-18
@chelkaz

I found the reason. It's all about setting up Apache Protocols h2 http/1.1, as I understand it, this parameter is not needed for the https protocol. After commenting it out, everything worked. This problem is often discussed over the hill, as there are many ios and Safari on macbook. But I didn't find anything about this issue...

Report
P
Puma Thailand, 2017-05-14
@opium

And what does Apache have to do with it, you terminate the ssl in nginx
What error does safari show?

Similar questions
M
Marat2015-09-18 10:07:18
Is there a plugin to help when entering procedure functions? 1Reply
N
noys2015-04-15 19:21:12
Does it make sense to switch from Apache + mod_php + nginx to nginx + php-fpm? 2Reply
S
serious9112015-04-16 10:28:23
Setting up OCSP Stapling in Nginx? 2Reply
W
webviktor2017-04-14 13:46:44
HTTP2 + QUIC in nginx? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question