teratail
回答率
85.48%
質問するログイン新規登録
トップに関する質問HTTPのバージョン違いによる ERR_SPDY_PROTOCOL_ERROR

編集履歴

質問編集履歴

1

nginxの設定を追記

2018/01/29 05:49

投稿

crescens
crescens

スコア9

test CHANGED
File without changes
test CHANGED
@@ -71,3 +71,217 @@
71
71
  SSL:OpenSSL 1.0.2k
72
72
 
73
73
  他:PHP 7.2、cURL 7.57.8
74
+
75
+
76
+
77
+
78
+
79
+ 1/29追記
80
+
81
+
82
+
83
+ ### (A)のnginxの設定
84
+
85
+
86
+
87
+ ■nginx.conf
88
+
89
+ ```conf
90
+
91
+ user nginx;
92
+
93
+ worker_processes 1;
94
+
95
+
96
+
97
+ error_log /var/log/nginx/error.log warn;
98
+
99
+ pid /var/run/nginx.pid;
100
+
101
+
102
+
103
+ events {
104
+
105
+ worker_connections 1024;
106
+
107
+ }
108
+
109
+
110
+
111
+ http {
112
+
113
+ include /etc/nginx/mime.types;
114
+
115
+ default_type application/octet-stream;
116
+
117
+
118
+
119
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
120
+
121
+ '$status $body_bytes_sent "$http_referer" '
122
+
123
+ '"$http_user_agent" "$http_x_forwarded_for"';
124
+
125
+
126
+
127
+ access_log /var/log/nginx/access.log main;
128
+
129
+
130
+
131
+ sendfile on;
132
+
133
+ #tcp_nopush on;
134
+
135
+
136
+
137
+ resolver 127.0.0.1;
138
+
139
+
140
+
141
+ keepalive_timeout 65;
142
+
143
+
144
+
145
+ #gzip on;
146
+
147
+ brotli on;
148
+
149
+
150
+
151
+ server_tokens off;
152
+
153
+ add_header X-Frame-Options SAMEORIGIN;
154
+
155
+ add_header X-XSS-Protection "1; mode=block";
156
+
157
+ add_header X-Content-Type-Options nosniff;
158
+
159
+
160
+
161
+ include /etc/nginx/conf.d/vhost.conf;
162
+
163
+ #include /etc/nginx/conf.d/*.conf;
164
+
165
+ }
166
+
167
+ ```
168
+
169
+
170
+
171
+
172
+
173
+
174
+
175
+ ■conf.d/vhost.conf
176
+
177
+ ```conf
178
+
179
+ server {
180
+
181
+ listen 80 default_server;
182
+
183
+ listen [::]:80 default_server;
184
+
185
+ server_name example.com;
186
+
187
+ root /var/www/html;
188
+
189
+ error_log /var/log/nginx/error.log;
190
+
191
+ access_log /var/log/nginx/access.log main;
192
+
193
+
194
+
195
+ location / {
196
+
197
+ index index.html index.htm index.php;
198
+
199
+ }
200
+
201
+
202
+
203
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
204
+
205
+ #
206
+
207
+ location ~ .php$ {
208
+
209
+ fastcgi_pass unix:/var/run/php-fpm/www.sock;
210
+
211
+ fastcgi_index index.php;
212
+
213
+ fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
214
+
215
+ include fastcgi_params;
216
+
217
+ }
218
+
219
+
220
+
221
+ include ssl.conf;
222
+
223
+ }
224
+
225
+ ```
226
+
227
+
228
+
229
+
230
+
231
+
232
+
233
+ ■conf.d/ssl.conf
234
+
235
+
236
+
237
+ ```conf
238
+
239
+ #
240
+
241
+ # conf.d/ssl.conf
242
+
243
+ #
244
+
245
+
246
+
247
+ #listen 443 ssl http2;
248
+
249
+ listen 443 ssl;
250
+
251
+ ssl_session_cache shared:le_nginx_SSL:1m;
252
+
253
+ ssl_session_timeout 1440m;
254
+
255
+ add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains' always;
256
+
257
+
258
+
259
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
260
+
261
+ ssl_prefer_server_ciphers on;
262
+
263
+
264
+
265
+ ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
266
+
267
+
268
+
269
+ ssl_stapling on;
270
+
271
+ ssl_stapling_verify on;
272
+
273
+
274
+
275
+ if ($scheme != "https") {
276
+
277
+ return 301 https://$host$request_uri;
278
+
279
+ }
280
+
281
+ ssl_certificate /etc/pki/tls/certs/2017.crt;
282
+
283
+ ssl_certificate_key /etc/pki/tls/private/2017.key;
284
+
285
+ ssl_trusted_certificate /etc/pki/tls/certs/2017.intermediate;
286
+
287
+ ```