![nginx: [경고] 'ssl_stapling'이 무시되었습니다. 인증서의 OCSP 응답자 'r3.o.lencr.org'에서 호스트를 찾을 수 없습니다.](https://linux55.com/image/208244/nginx%3A%20%5B%EA%B2%BD%EA%B3%A0%5D%20'ssl_stapling'%EC%9D%B4%20%EB%AC%B4%EC%8B%9C%EB%90%98%EC%97%88%EC%8A%B5%EB%8B%88%EB%8B%A4.%20%EC%9D%B8%EC%A6%9D%EC%84%9C%EC%9D%98%20OCSP%20%EC%9D%91%EB%8B%B5%EC%9E%90%20'r3.o.lencr.org'%EC%97%90%EC%84%9C%20%ED%98%B8%EC%8A%A4%ED%8A%B8%EB%A5%BC%20%EC%B0%BE%EC%9D%84%20%EC%88%98%20%EC%97%86%EC%8A%B5%EB%8B%88%EB%8B%A4..png)
라우터 펌웨어를 업데이트했는데 결국 웹 서버가 중단되었기 때문에 자체적으로 복구되기를 바라면서 이전 펌웨어로 되돌렸습니다. 그러나 실제로는 그렇지 않습니다.
이제 저는 어찌할 바를 모르고 제대로 작동할 수 없는 문제를 해결하고 있습니다. 백그라운드에서 실행 중인 모든 앱이 제대로 작동하고 인터넷/LAN도 제대로 작동합니다.
nginx 웹 서버를 시작하려고 할 때마다 이 OCSP 응답자 메시지가 반환됩니다. 몇 가지 사항을 변경해 보았지만 소용이 없었습니다. 내가 엉망으로 만들 아무것도 바꾸지 않았는데 왜 작동하게 만들기 위해 아무것도 바꿔야 합니까?
nginx 디버그 모드를 켜려고 했더니 다음이 표시되었습니다.
2022/07/15 11:53:50 [debug] 2294#2294: *308 write new buf t:1 f:0 000055F521DAC0C0, pos 000055F521DAC0C0, size: 268 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter: l:0 f:0 s:268
2022/07/15 11:53:50 [debug] 2294#2294: *308 http output filter "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae"
2022/07/15 11:53:50 [debug] 2294#2294: *308 http copy filter: "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae"
2022/07/15 11:53:50 [debug] 2294#2294: *308 image filter
2022/07/15 11:53:50 [debug] 2294#2294: *308 xslt filter body
2022/07/15 11:53:50 [debug] 2294#2294: *308 http postpone filter "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae" 000055F521D4F2B0
2022/07/15 11:53:50 [debug] 2294#2294: *308 write old buf t:1 f:0 000055F521DAC0C0, pos 000055F521DAC0C0, size: 268 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 write new buf t:0 f:0 0000000000000000, pos 000055F520815B20, size: 116 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 write new buf t:0 f:0 0000000000000000, pos 000055F520815E20, size: 62 file: 0, size: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter: l:1 f:0 s:446
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter limit 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 writev: 446 of 446
2022/07/15 11:53:50 [debug] 2294#2294: *308 http write filter 0000000000000000
2022/07/15 11:53:50 [debug] 2294#2294: *308 http copy filter: 0 "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae"
2022/07/15 11:53:50 [debug] 2294#2294: *308 http finalize request: 0, "/scrape?info_hash=%9b%3di%c5%da%0dIUt7%99%ef%c6%ff%28s%fc%81I%ae" a:1, c:1
2022/07/15 11:53:50 [debug] 2294#2294: *308 set http keepalive handler
2022/07/15 11:53:50 [debug] 2294#2294: *308 http close request
2022/07/15 11:53:50 [debug] 2294#2294: *308 http log handler
2022/07/15 11:53:50 [debug] 2294#2294: *308 free: 000055F521D4E2C0, unused: 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 free: 000055F521DABCE0, unused: 2283
2022/07/15 11:53:50 [debug] 2294#2294: *308 free: 000055F521D036F0
2022/07/15 11:53:50 [debug] 2294#2294: *308 hc free: 0000000000000000
2022/07/15 11:53:50 [debug] 2294#2294: *308 hc busy: 0000000000000000 0
2022/07/15 11:53:50 [debug] 2294#2294: *308 tcp_nodelay
2022/07/15 11:53:50 [debug] 2294#2294: *308 reusable connection: 1
2022/07/15 11:53:50 [debug] 2294#2294: *308 event timer add: 25: 75000:2596208
2022/07/15 11:55:05 [debug] 2294#2294: *308 event timer del: 25: 2596208
2022/07/15 11:55:05 [debug] 2294#2294: *308 http keepalive handler
2022/07/15 11:55:05 [debug] 2294#2294: *308 close http connection: 25
2022/07/15 11:55:05 [debug] 2294#2294: *308 reusable connection: 0
2022/07/15 11:55:05 [debug] 2294#2294: *308 free: 0000000000000000
2022/07/15 11:55:05 [debug] 2294#2294: *308 free: 000055F521DE3340, unused: 136
이것은 일반적인 error.log가 systemctl을 통해 나에게 던지는 것입니다.
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate
DNS 문제인 것 같은데 스스로는 무슨 문제인지 알 수 없고, 포럼 게시물에 따르면 r3.o.lencr.org 이름 확인에 문제가 있다고 오류 메시지가 나오네요, nginx는 시작 시 시스템 확인자를 사용하기 때문입니다.
내 반대 구성:
server {
listen 80 default_server;
#listen [::]:80 default_server;
server_name dns.name.here 192.168.0.100;
return 301 https://$server_name$request_uri;
}
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
#-------------------- SSL CONFIG -----------------------------------
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include /etc/nginx/snippets/strong-ssl.conf;
ssl_certificate /etc/letsencrypt/live/dnsname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dnsname/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/dnsname/chain.pem;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd;
error_page 401 403 404 /404.html; error_log /var/log/nginx/nnferror.log;
# First attempt to serve request as file, then as directory, then fall back to displaying a 404.
location / {
try_files $uri $uri/ =404;
}
# Deny access to .htaccess files, if Apache's document root concurs with nginx's one
location ~ /\.ht {
deny all;
}
# Let's Encrypt Webroot plugin location -- allow access
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
autoindex on;
}
내 SSL.conf:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Set Google's public DNS servers as upstream resolver
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
# Modify X-Frame-Option from DENY to SAMEORIGIN, required for Deluge Web UI, ownCloud, etc.
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# Use the 2048 bit DH key
ssl_dhparam /etc/ssl/certs/dhparam.pem;
또한 실제로 8.8.8.8과 통신할 수 있는지 확인해 보았습니다.
dig @8.8.8.8 r3.o.lencr.org
; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> @8.8.8.8 r3.o.lencr.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58758
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;r3.o.lencr.org. IN A
;; ANSWER SECTION:
r3.o.lencr.org. 120 IN CNAME o.lencr.edgesuite.net.
o.lencr.edgesuite.net. 19792 IN CNAME a1887.dscq.akamai.net.
a1887.dscq.akamai.net. 20 IN A 83.255.218.9
a1887.dscq.akamai.net. 20 IN A 83.255.218.98
;; Query time: 63 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jul 15 12:53:27 CEST 2022
;; MSG SIZE rcvd: 142
나는 또한 성공하지 못한 채 nginx를 다시 설치하려고 시도했습니다.
nginx 버전: nginx/1.18.0(Ubuntu)
우분투18.04
라우터: Merlin v386,5가 포함된 Asus AC88U(v387은 문제를 일으킴)
여기서 무슨 일이 일어나고 있는지 말해 줄 수 있는 사람 있나요?