nginx 1.10.0 + OpenSSL 1.0.2(ALPNネゴシエーションを利用する)にアップデートした後、Safari(v9、モバイルおよびデスクトップ)で浮上している最初サーバーへのHTTP POST要求が失敗します。要求がサーバーにヒットすることはありません。nginx + HTTP/2 + HTTP POST + Safari =エラー
Safariはこのメッセージをコンソールに返します。Failed to load resource: Could not connect to the server.
その後のPOSTリクエスト(同じボタンをもう一度クリックします)が成功します。
nginxのこれが確認さnginxの1.9.15のバグと1.10.0
で詳細
nginx version: nginx/1.10.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) built with OpenSSL 1.0.2d 9 Jul 2015 TLS SNI support enabled configure arguments: --user=nginx --group=nginx --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --with-http_v2_module --with-http_gunzip_module --with-openssl=/usr/src/openssl-1.0.2d
nginxの設定ファイル
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
proxy_buffer_size 256k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
server_tokens off;
client_max_body_size 1G;
keepalive_disable safari msie6;
keepalive_timeout 0;
include /etc/nginx/conf.d/*.conf;
}
server {
listen 443 ssl http2;
server_name *.gingrapp.com;
root /var/www/html;
ssl on;
ssl_certificate ***.crt;
ssl_certificate_key ***.crt;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 2m;
add_header Strict-Transport-Security "max-age=420420420420;";
include /etc/nginx/default.d/*.conf;
gzip on;
gzip_static on;
gzip_proxied any;
gzip_types application/javascript application/json application/x-javascript application/xml text/css text/javascript text/plain text/x-component text/xml;
gzip_min_length 10240;
gzip_buffers 16 128k;
open_file_cache max=2000 inactive=60s;
open_file_cache_valid 90s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
keepalive_disable safari msie6;
keepalive_timeout 0;
location /assets {
etag on;
access_log off;
keepalive_disable safari msie6;
keepalive_timeout 0;
}
location/{
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
proxy_max_temp_file_size 512m;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 512k;
fastcgi_busy_buffers_size 512k;
gzip on;
gzip_static on;
gzip_proxied any;
gzip_types application/javascript application/json application/x-javascript application/xml text/css text/javascript text/plain text/x-component text/xml;
gzip_min_length 10240;
gzip_buffers 16 128k;
keepalive_disable safari msie6;
keepalive_timeout 0;
}
}
OpenSSL 1.0.2hにもアップデートしようとしました。変化なし –