安卓端无法通过域名访问alist的https页面 #6877
Comments
|
Thanks for opening your first issue here! Be sure to follow the issue template! |
|
你这个域名我这边不管是手机还是电脑都无法访问 |
那么你那边的提示是什么样的,或者说,能ping通吗 |
建立安全连接失败 连接到 mc.td-s.cn 时发生错误。PR_CONNECT_RESET_ERROR 错误代码:PR_CONNECT_RESET_ERROR |
|
未知问题 像是因为域名有问题 换用其他域名是可以的 |
|
感谢测试。 我作出了一个假设:证书和域名不一致时,会提示证书不可信,但也因此反而可以登录(因为ip可以访问) 但随后我刚刚去测试了一下,新增了一条 https://test.td-s.cn 以链接,依旧无法链接。(指安卓) 浏览器已经连接到服务器,并且alist记录下了这一次连接,但连接始终失败。 |
|
|
我这边用自己的已备案域名建了一个测试链接:mc-td-s.zxm86.cn 是提示证书不可信但能访问的,包括前面xhofe的截图他的已备案域名也是能访问的,所以我个人猜测是你域名没有备案被阿里云给拦截了,域名备案一下再试试看吧 |
|
|
|
居然真是,因为我的电脑可以访问,我没有考虑过备案的问题。 |
|
Please make sure of the following things
I have read the documentation.
我已经阅读了文档。
I'm sure there are no duplicate issues or discussions.
我确定没有重复的issue或讨论。
I'm sure it's due to
AListand not something else(such as Network ,DependenciesorOperational).我确定是
AList的问题,而不是其他原因(例如网络,依赖或操作)。I'm sure this issue is not fixed in the latest version.
我确定这个问题在最新版本中没有被修复。
AList Version / AList 版本
v3.36.0
Driver used / 使用的存储驱动
无
Describe the bug / 问题描述
我理解文档中反复提到TLS handshake问题大多都由网络引起,但请不要立刻关闭我的issue。
并感谢百忙之中阅读此issue。
我分别尝试了以下的组合:
1.电脑通过域名访问alist的https页面(电脑浏览器使用edge)
2.电脑通过ip访问alist的https页面
3.安卓通过域名访问alist的https页面(安卓浏览器使用via和edge)
4.安卓通过ip访问alist的https页面
5.电脑访问alist的http页面
6.安卓访问alist的http页面
其中,2与4会提示证书错误,属于正常现象。但以上6种组合,仅有第3种无法访问到alist网站。
服务器的ip地址可以直接ping复现链接得到。
配置项中的jwt_secret已替换为???
日志中的a.a.a.a是连接端,而b.b.b.b是服务器
日志中记录了四次连接:
1.电脑通过域名访问alist的https页面(成功)
2.安卓通过域名访问alist的https页面(失败)
3.安卓通过ip访问alist的https页面(成功,证书错误)
为避免2夹杂在日志中产生混乱,我在记录完以上日志后重试了第二次测试,并以空行隔开
4.安卓通过域名访问alist的https页面(失败)
以上测试可以说明:
1.安卓到达alist的网络是连通的。
2.安卓可以不通过域名成功访问https
3.安卓可以通过域名访问http
(结合2、3两点,域名和https其中任一均在正常运作。)
补充说明:
服务器证书使用的是ZeroSSL颁发的免费证书。
服务器使用的是linux操作系统,使用的alist服务器文件为alist-linux-amd64.tar.gz
由于安卓的via和edge给出的错误提示均非常模糊,log里也仅提示了tls握手失败,我无法获得更多有用的信息以自行排查,故而提出issue。
Reproduction / 复现链接
https://mc.td-s.cn
Config / 配置
{
"force": false,
"site_url": "",
"cdn": "",
"jwt_secret": "???",
"token_expires_in": 48,
"database": {
"type": "sqlite3",
"host": "",
"port": 0,
"user": "",
"password": "",
"name": "",
"db_file": "data/data.db",
"table_prefix": "x_",
"ssl_mode": "",
"dsn": ""
},
"meilisearch": {
"host": "http://localhost:7700",
"api_key": "",
"index_prefix": ""
},
"scheme": {
"address": "0.0.0.0",
"http_port": 5244,
"https_port": 443,
"force_https": false,
"cert_file": "data/server.crt",
"key_file": "data/server.key",
"unix_file": "",
"unix_file_perm": ""
},
"temp_dir": "data/temp",
"bleve_dir": "data/bleve",
"dist_dir": "",
"log": {
"enable": true,
"name": "data/log/log.log",
"max_size": 10,
"max_backups": 30,
"max_age": 28,
"compress": false
},
"delayed_start": 0,
"max_connections": 0,
"tls_insecure_skip_verify": true,
"tasks": {
"download": {
"workers": 5,
"max_retry": 1
},
"transfer": {
"workers": 5,
"max_retry": 2
},
"upload": {
"workers": 5,
"max_retry": 0
},
"copy": {
"workers": 5,
"max_retry": 2
}
},
"cors": {
"allow_origins": [
""
],
"allow_methods": [
""
],
"allow_headers": [
"*"
]
},
"s3": {
"enable": false,
"port": 5246,
"ssl": false
}
}
Logs / 日志
�[33mWARN�[0m[2024-07-26 08:12:00] not enable search
[GIN] 2024/07/26 - 08:12:17 | 200 | 109.081µs | a.a.a.a | GET "/"
[GIN] 2024/07/26 - 08:12:17 | 200 | 485.682µs | a.a.a.a | GET "/api/public/settings"
[GIN] 2024/07/26 - 08:12:17 | 200 | 473.701µs | a.a.a.a | GET "/api/me"
[GIN] 2024/07/26 - 08:12:17 | 200 | 63.095µs | a.a.a.a | GET "/api/public/offline_download_tools"
[GIN] 2024/07/26 - 08:12:17 | 200 | 752.923µs | a.a.a.a | POST "/api/fs/get"
[GIN] 2024/07/26 - 08:12:17 | 200 | 401.121µs | a.a.a.a | POST "/api/fs/list"
2024/07/26 08:12:31 http: TLS handshake error from a.a.a.a:50250: read tcp b.b.b.b:443->a.a.a.a:50250: read: connection reset by peer
2024/07/26 08:12:31 http: TLS handshake error from a.a.a.a:50374: read tcp b.b.b.b:443->a.a.a.a:50374: read: connection reset by peer
2024/07/26 08:12:31 http: TLS handshake error from a.a.a.a:50252: write tcp b.b.b.b:443->a.a.a.a:50252: write: connection reset by peer
2024/07/26 08:12:31 http: TLS handshake error from a.a.a.a:50251: read tcp b.b.b.b:443->a.a.a.a:50251: read: connection reset by peer
[GIN] 2024/07/26 - 08:12:37 | 200 | 62.213µs | a.a.a.a | GET "/@login?redirect=%2F"
2024/07/26 08:13:04 http: TLS handshake error from a.a.a.a:50273: remote error: tls: unknown certificate
2024/07/26 08:13:05 http: TLS handshake error from a.a.a.a:50274: remote error: tls: unknown certificate
[GIN] 2024/07/26 - 08:13:05 | 200 | 130.198µs | a.a.a.a | GET "/"
[GIN] 2024/07/26 - 08:13:05 | 200 | 31.869583ms | a.a.a.a | GET "/assets/index.15d8d646.css"
[GIN] 2024/07/26 - 08:13:05 | 200 | 143.329993ms | a.a.a.a | GET "/assets/index.f101cd32.js"
[GIN] 2024/07/26 - 08:13:06 | 200 | 178.139µs | a.a.a.a | GET "/assets/entry.10910bbe.js"
[GIN] 2024/07/26 - 08:13:06 | 200 | 102.202µs | a.a.a.a | GET "/api/public/settings"
[GIN] 2024/07/26 - 08:13:06 | 200 | 101.911µs | a.a.a.a | GET "/api/me"
[GIN] 2024/07/26 - 08:13:06 | 200 | 153.923µs | a.a.a.a | GET "/assets/index.f2450aed.js"
[GIN] 2024/07/26 - 08:13:06 | 200 | 50µs | a.a.a.a | GET "/assets/useTitle.ef67ee02.js"
[GIN] 2024/07/26 - 08:13:06 | 200 | 51.529µs | a.a.a.a | GET "/assets/webauthn-json.browser-ponyfill.1c672167.js"
2024/07/26 08:15:44 http: TLS handshake error from a.a.a.a:50472: read tcp b.b.b.b:443->a.a.a.a:50472: read: connection reset by peer
2024/07/26 08:15:44 http: TLS handshake error from a.a.a.a:50471: write tcp b.b.b.b:443->a.a.a.a:50471: write: connection reset by peer
2024/07/26 08:15:45 http: TLS handshake error from a.a.a.a:50474: read tcp b.b.b.b:443->a.a.a.a:50474: read: connection reset by peer
2024/07/26 08:15:45 http: TLS handshake error from a.a.a.a:50473: write tcp b.b.b.b:443->a.a.a.a:50473: write: connection reset by peer
2024/07/26 08:15:45 http: TLS handshake error from a.a.a.a:50306: read tcp b.b.b.b:443->a.a.a.a:50306: read: connection reset by peer
2024/07/26 08:15:45 http: TLS handshake error from a.a.a.a:50307: write tcp b.b.b.b:443->a.a.a.a:50307: write: connection reset by peer
The text was updated successfully, but these errors were encountered: