Nginx SSL（SSL：错误：14201044：SSL例程：TLS_CHOOSE_SIGALG：内部错误）

发布于 2025-01-19 19:19:28 字数 2376 浏览 0 评论 0原文

我搜索了一堆问题来设置 nginx SSL 的正确配置，但我的 EC2 网站不在线。实际上，当它只是 HTTP 协议（80）时，它工作得很好。

我所做的步骤

1 - 为 ec2 设置安全组，为所有 ipv4 打开流量以访问 443 和 80 (ok)

2 - 设置/etc/nginx/sites-avaiable 和 /etc/nginx/sites-eneabled 仅用于 HTTP 访问，工作正常（ok）

3 - 现在开始 SSL 进程，创建加密密钥 sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginx-selfsigned.key -out /etc/nginx/nginx-selfsigned.crt (ok)

4 - 现在我修改了 /etc/nginx/sites-avaiable 和 default 文件code>/etc/nginx/sites-eneabled 在我的网站上应用 SSL (???)

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name ec2-23-22-52-143.compute-1.amazonaws.com www.ec2-23-22-52-143.compute-1.amazonaws.com;

  #Importing ssl
  ssl_certificate /etc/nginx/nginx-selfsigned.crt;
  ssl_certicate_key /etc/nginx/nginx-selfsigned.key;

  # front-end
  location / {
    root /var/www/html;
    try_files $uri /index.html;
  }

  # node api
  location /api/ {
    proxy_pass http://localhost:3000/;
  }
}

server {
 listen 80;
 listen [::]:80;

 server_name ec2-23-22-52-143.compute-1.amazonaws.com www.ec2-23-22-52-143.compute-1.amazonaws.com;

 return 301 https://$server_name$request_uri;
}

5 - 测试配置 sudo nginx -t ，这是一个好的配置 (ok)

6 -重启nginx sudo systemctl restart nginx (ok)

7 - 测试是否正在监听必要的端口sudo netstat -plant | grep 80 sudo netstat -plant | grep 80 sudo netstat -plant | grep 80 grep 443 并且两者都在监听（ok）

8 - 它应该可以工作，因为一切看起来都很棒，所以我尝试进入网站，但令我惊讶的是它已离线，并出现错误“ERR_CONNECTION_CLOSED”

< a href="https://ec2-23-22-52-143.compute-1.amazonaws.com/" rel="nofollow noreferrer">https://ec2-23-22-52-143.compute-1.amazonaws.com/

9 - 需要检查的唯一内容是 /var/ 中的 nginx 错误日志log/nginx/ ，并且存在与 SSL 相关的错误

2022/04/07 19:24:25 [crit] 2453#2453: *77 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.56.107.29, server: 0.0.0.0:443

结论

我不知道为什么 SSL_do_handshake() 失败。我能做些什么来解决这个问题，有人猜测可以解决这个问题吗？非常感谢 stackoverflow 社区。你太棒了！

原文

I've searched a bunch of questions to set the correct configuration for nginx SSL, but my EC2 website isn't online. Actually when It was only HTTP protocol (80), it was working fine.

Steps I made

1 - Set security group for ec2 opening traffic for all ipv4 to access 443 and 80 (ok)

2 - Set /etc/nginx/sites-avaiable and /etc/nginx/sites-eneabled for only HTTP access, that was working fine (ok)

3 - Now started SSL process, creating crypto keys sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginx-selfsigned.key -out /etc/nginx/nginx-selfsigned.crt (ok)

4 - Now I modified default file for both /etc/nginx/sites-avaiable and /etc/nginx/sites-eneabled to apply SSL on my website (???)

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name ec2-23-22-52-143.compute-1.amazonaws.com www.ec2-23-22-52-143.compute-1.amazonaws.com;

  #Importing ssl
  ssl_certificate /etc/nginx/nginx-selfsigned.crt;
  ssl_certicate_key /etc/nginx/nginx-selfsigned.key;

  # front-end
  location / {
    root /var/www/html;
    try_files $uri /index.html;
  }

  # node api
  location /api/ {
    proxy_pass http://localhost:3000/;
  }
}

server {
 listen 80;
 listen [::]:80;

 server_name ec2-23-22-52-143.compute-1.amazonaws.com www.ec2-23-22-52-143.compute-1.amazonaws.com;

 return 301 https://$server_name$request_uri;
}

5 - Tested configuration sudo nginx -t and it's a ok configuration (ok)

6 - Restarted nginx sudo systemctl restart nginx (ok)

7 - Tested if the necessary ports are being listening sudo netstat -plant | grep 80 sudo netstat -plant | grep 443 and both are being listening (ok)

8 - It should work as everything looks great, so I tried to enter to website and for my surprise it's offline with error "ERR_CONNECTION_CLOSED"

https://ec2-23-22-52-143.compute-1.amazonaws.com/

9 - The unique thing that rest to check is the nginx error logs at /var/log/nginx/ , and there are this ERROR related to SSL

2022/04/07 19:24:25 [crit] 2453#2453: *77 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.56.107.29, server: 0.0.0.0:443

Conclusion

I don't know why SSL_do_handshake() failed. What I can do to fix this issue, anyone has a guess to solve this problem? Thanks a lot to stackoverflow community. You are great !!!

分享到QQ

分享到微博