V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
paranoiagu
V2EX  ›  Cloudflare

为什么.cf、.tk 的域名,在 cloudflare 不能套 cdn

  •  
  •   paranoiagu · 2023-11-22 09:05:15 +08:00 · 2432 次点击
    这是一个创建于 400 天前的主题,其中的信息可能已经有所发展或是发生改变。
    同样的 .com 域名,套 cloudflare 一切正常。但是 .cf 或 .tk 域名,就不行了。用 curl 后,发现总是收到 301 。
    response 信息如下:

    < HTTP/2 301
    < date: Wed, 22 Nov 2023 01:00:08 GMT
    < content-type: text/html
    < location: https:///
    < x-content-type-options: nosniff
    < cf-cache-status: DYNAMIC
    < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPKBekwLeQosoxtrt%2BLtvzc3kQRQgzKOGvtAbkJ56rIE0hvwcrt5mlqM%2BA0D4fqhiVj9wERfquGd7HgD56%2BvWbPkeMGzpt%2FKuvxhq7MPdM%2FClb0PwJ5ekgeUsMGLr1w%3D"}],"group":"cf-nel","max_age":604800}
    < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    < server: cloudflare
    < cf-ray: 829d3bd42f886385-LHR
    < alt-svc: h3=":443"; ma=86400
    <
    <html>
    <head><title>301 Moved Permanently</title></head>
    <body>
    <center><h1>301 Moved Permanently</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
    第 1 条附言  ·  2023-11-22 09:46:44 +08:00
    解决问题了,cloudflare 的配置问题:

    SSL/TLS --> Overview --> 由 “Flexible” 改为 “Full ( strict )”,解决问题。
    11 条回复    2023-11-22 12:54:47 +08:00
    Conantv2
        1
    Conantv2  
       2023-11-22 09:07:33 +08:00
    这是 nginx 配置问题吧,nginx 返回了 301 啊,location 是不是你旧网址
    knva
        2
    knva  
       2023-11-22 09:10:47 +08:00
    301 到哪了也不说。
    paranoiagu
        3
    paranoiagu  
    OP
       2023-11-22 09:24:26 +08:00
    @knva

    @Conantv2

    location: https:///

    域名丢失了。
    paranoiagu
        4
    paranoiagu  
    OP
       2023-11-22 09:25:17 +08:00
    直接 curl 我的 ip 没问题。套 cf 就完蛋。
    Conantv2
        5
    Conantv2  
       2023-11-22 09:26:10 +08:00
    @paranoiagu 不要只 curl ip ,要带上域名
    paranoiagu
        6
    paranoiagu  
    OP
       2023-11-22 09:30:09 +08:00
    @Conantv2 带上了,不知道这样带上对不对。

    curl -v -k https://xxx.xxx.xxx.xxx/ -H "Host: xxx.xxx.cf"
    * Trying xxx.xxx.xxx.xxx:443...
    * Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
    * ALPN: offers h2,http/1.1
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    * TLSv1.3 (IN), TLS handshake, CERT verify (15):
    * TLSv1.3 (IN), TLS handshake, Finished (20):
    * TLSv1.3 (OUT), TLS handshake, Finished (20):
    * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
    * ALPN: server accepted h2
    * Server certificate:
    * subject: CN=*.yp-hq.cf
    * start date: Nov 20 09:10:38 2023 GMT
    * expire date: Feb 18 09:10:37 2024 GMT
    * issuer: C=US; O=Let's Encrypt; CN=R3
    * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    * using HTTP/2
    * h2h3 [:method: GET]
    * h2h3 [:path: /]
    * h2h3 [:scheme: https]
    * h2h3 [:authority: xxx.xxx.cf]
    * h2h3 [user-agent: curl/7.88.1]
    * h2h3 [accept: */*]
    * Using Stream ID: 1 (easy handle 0x563df52ebc80)
    > GET / HTTP/2
    > Host: xxx.xxx.cf
    > user-agent: curl/7.88.1
    > accept: */*
    >
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    * old SSL session ID is stale, removing
    < HTTP/2 200
    < server: nginx
    < date: Wed, 22 Nov 2023 00:59:34 GMT
    < content-type: text/html
    < strict-transport-security: max-age=31536000; includeSubDomains; preload
    <
    <html>
    <head><title>Index of /</title></head>
    <body>
    <h1>Index of /</h1><hr><pre><a href="../">../</a>
    </pre><hr></body>
    </html>
    * Connection #0 to host xxx.xxx.xxx.xxx left intact
    Conantv2
        7
    Conantv2  
       2023-11-22 09:32:00 +08:00
    这么看,直接访问倒不会 301 ,你看下日志吧,可能是日志带了某个参数触发的 301
    paranoiagu
        8
    paranoiagu  
    OP
       2023-11-22 09:34:56 +08:00
    @Conantv2 我也感觉是 nginx 的问题了。我再研究一下,谢谢。
    mcV473b9u4GfJG81
        9
    mcV473b9u4GfJG81  
       2023-11-22 10:21:58 +08:00
    为什么我托管的网页 由 full strict 改为 flexible 才能正常打开
    kingwrcy
        10
    kingwrcy  
       2023-11-22 10:29:09 +08:00
    full strict 是 cf 到你的源站 也是 https,要求你的源站支持 https.
    flexible 是 cf 到你的源站是 http

    你源站域名没有 https 的话,需要改成 flexible. 不然就是无限 301
    rockxsj
        11
    rockxsj  
       2023-11-22 12:54:47 +08:00
    配置问题,我套了
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2750 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 228ms · UTC 15:19 · PVG 23:19 · LAX 07:19 · JFK 10:19
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.