这是一个创建于 353 天前的主题,其中的信息可能已经有所发展或是发生改变。
同样的 .com 域名,套 cloudflare 一切正常。但是 .cf 或 .tk 域名,就不行了。用 curl 后,发现总是收到 301 。
response 信息如下:
< HTTP/2 301
< date: Wed, 22 Nov 2023 01:00:08 GMT
< content-type: text/html
< location: https:///
< x-content-type-options: nosniff
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPKBekwLeQosoxtrt%2BLtvzc3kQRQgzKOGvtAbkJ56rIE0hvwcrt5mlqM%2BA0D4fqhiVj9wERfquGd7HgD56%2BvWbPkeMGzpt%2FKuvxhq7MPdM%2FClb0PwJ5ekgeUsMGLr1w%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 829d3bd42f886385-LHR
< alt-svc: h3=":443"; ma=86400
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
response 信息如下:
< HTTP/2 301
< date: Wed, 22 Nov 2023 01:00:08 GMT
< content-type: text/html
< location: https:///
< x-content-type-options: nosniff
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPKBekwLeQosoxtrt%2BLtvzc3kQRQgzKOGvtAbkJ56rIE0hvwcrt5mlqM%2BA0D4fqhiVj9wERfquGd7HgD56%2BvWbPkeMGzpt%2FKuvxhq7MPdM%2FClb0PwJ5ekgeUsMGLr1w%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 829d3bd42f886385-LHR
< alt-svc: h3=":443"; ma=86400
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
第 1 条附言 · 353 天前
解决问题了,cloudflare 的配置问题:
SSL/TLS --> Overview --> 由 “Flexible” 改为 “Full ( strict )”,解决问题。
SSL/TLS --> Overview --> 由 “Flexible” 改为 “Full ( strict )”,解决问题。
11 条回复 • 2023-11-22 12:54:47 +08:00
 |
1
Conantv2 353 天前
这是 nginx 配置问题吧,nginx 返回了 301 啊,location 是不是你旧网址
|
 |
2
knva 353 天前
301 到哪了也不说。
|
 |
3
paranoiagu OP |
|
4
paranoiagu OP 直接 curl 我的 ip 没问题。套 cf 就完蛋。
|
|
5
Conantv2 353 天前
@paranoiagu 不要只 curl ip ,要带上域名
|
|
6
paranoiagu OP @Conantv2 带上了,不知道这样带上对不对。
curl -v -k https://xxx.xxx.xxx.xxx/ -H "Host: xxx.xxx.cf" * Trying xxx.xxx.xxx.xxx:443... * Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: CN=*.yp-hq.cf * start date: Nov 20 09:10:38 2023 GMT * expire date: Feb 18 09:10:37 2024 GMT * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. * using HTTP/2 * h2h3 [:method: GET] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: xxx.xxx.cf] * h2h3 [user-agent: curl/7.88.1] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x563df52ebc80) > GET / HTTP/2 > Host: xxx.xxx.cf > user-agent: curl/7.88.1 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 200 < server: nginx < date: Wed, 22 Nov 2023 00:59:34 GMT < content-type: text/html < strict-transport-security: max-age=31536000; includeSubDomains; preload < <html> <head><title>Index of /</title></head> <body> <h1>Index of /</h1><hr><pre><a href="../">../</a> </pre><hr></body> </html> * Connection #0 to host xxx.xxx.xxx.xxx left intact |
|
7
Conantv2 353 天前
这么看,直接访问倒不会 301 ,你看下日志吧,可能是日志带了某个参数触发的 301
|
|
8
paranoiagu OP @Conantv2 我也感觉是 nginx 的问题了。我再研究一下,谢谢。
|
 |
9
mcV473b9u4GfJG81 353 天前
为什么我托管的网页 由 full strict 改为 flexible 才能正常打开
|
 |
10
kingwrcy 353 天前
full strict 是 cf 到你的源站 也是 https,要求你的源站支持 https.
flexible 是 cf 到你的源站是 http 你源站域名没有 https 的话,需要改成 flexible. 不然就是无限 301 |
 |
11
rockxsj 353 天前
配置问题,我套了
|
Select Language