Chrome以https访问gitlab的问题:Your connection is not private
2015-12-14 20:43
671 查看
在Chrome中以https访问自己搭建的gitlab站点时经常出现下面的错误:
Attackers might be trying to steal your information from xxx.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
xxx.com normally uses encryption to protect your information. When Chrome tried to connect to xxx.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be xxx.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit xxx.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
出现这个问题时,无法正常访问gitlab站点,只能换Firefox访问。
这个问题是两方面的原因引起的:
1)Chrome检查证书权威失败(用的是GoDaddy证书,可能是GoDaddy证书本身的问题);
2)gitlab在http response headers中强制添加了下面的内容:
这个响应头会造成Chrome在检查证书失败后不允许继续访问。
临时解决方法
修改gitlatb的代码,用vim打开下面的文件
注释掉下面的代码:
然后重启gitlab服务
参考资料
Rails, Secure Cookies, HSTS and friends
Adding HSTS header breaks HSTS if apache/nginx globally adds a header
Attackers might be trying to steal your information from xxx.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
xxx.com normally uses encryption to protect your information. When Chrome tried to connect to xxx.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be xxx.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit xxx.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
出现这个问题时,无法正常访问gitlab站点,只能换Firefox访问。
这个问题是两方面的原因引起的:
1)Chrome检查证书权威失败(用的是GoDaddy证书,可能是GoDaddy证书本身的问题);
2)gitlab在http response headers中强制添加了下面的内容:
Strict-Transport-Security: max-age=31536000
这个响应头会造成Chrome在检查证书失败后不允许继续访问。
临时解决方法
修改gitlatb的代码,用vim打开下面的文件
vi /opt/gitlab/embedded/service/gitlab-rails/app/controllers/application_controller.rb
注释掉下面的代码:
# if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443 # headers['Strict-Transport-Security'] = 'max-age=31536000' # end
然后重启gitlab服务
gitlab-ctl restart
参考资料
Rails, Secure Cookies, HSTS and friends
Adding HSTS header breaks HSTS if apache/nginx globally adds a header
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SGU 242. Student's Morning( 网络流 )
- bzoj1497[NOI2006]最大获利
- 为什么深层神经网络难以训练
- 网络爬虫:爬取动态网页(例如javascript)
- 一些简单的网络流模型
- Http中Set-Cookie
- 简述tcp与udp的相同和不同
- 技术向:一文读懂卷积神经网络
- [Servlet&JSP] HttpSession会话管理
- core.min.js:36 XMLHttpRequest cannot load http://【地址】. No 'Access-Control-Allow-Origin' header is pr
- "http://schemas.xmlsoap.org/wsdl/", the namespace on the "definitions" element, is not a valid SOAP
- 异步的方式查看网络图片
- 计算机网络笔记(二)谢希仁版
- 几种TCP连接中出现RST的情况
- UNIX网络编程卷1 server编程范式0 迭代server
- Apache HTTP Client Removal
- LTE物理层几个基本概念的定义和相互关系 http://blog.sina.com.cn/s/blog_696122b50100n6df.html
- 【负载均衡】四层和七层负载均衡的区别
- 神经网络编程入门
- java发送http的get、post请求