Skip to content

Linux curl -v 快速判別無法訪問服務問題點在哪裡?

  • Linux

使用 Curl 來判別錯誤點的精華文章,小編將執行指令後與網頁溝通的每一個階段,將問題跟排除指引整理成一篇文章,遇到問題時可快速找到無法訪問網頁的異常點,此方式針對雲端服務無法訪問時做出錯誤排除會更加快速。

讓各位在各種IT找錯人生中多一盞明燈,不用抓破頭的還找不到問題在哪裡。

$ curl -v https://google.com/
*   Trying 172.217.160.78:443... 
#有看Trying 172.217.160.78 代表DNS解析是正常的,如果沒有這行先解決DNS解析問題。
* Connected to google.com (172.217.160.78) port 443 (#0) 
#斷在這裡代表網路不通,可能原因是routing或是防火牆設定錯誤(未放行)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

#顯示到這裡代表三項交握都是正常的,停在這裡有可能是加密法的問題
#可以檢查Server 開了那些 TLS 版本
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.google.com
*  start date: Jun 27 08:17:39 2022 GMT
*  expire date: Sep 19 08:17:38 2022 GMT
*  subjectAltName: host "google.com" matched cert's "google.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
# SSL certificate verify ok 驗證憑證過關,代表憑證本身簽發或是內容沒有問題。
# 如果有異常代表憑證練不完整、憑證中的網域名稱不正確或是憑證過期等等,可以先從這方向開始檢查。
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
# Server 支援 HTTP/2 而切換也已經確認,這裡可以確認server 本身的HTTP2是否有正常開啟。
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55baeda86e80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.81.0
> accept: */*
> 
# 此符號代表 > 發出的請求及user-agent會帶出的瀏覽器資訊
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):

#此符號<代表server 回應標頭(Header)區
< HTTP/2 301 
# 連線版本 網頁回應代碼
< location: https://www.google.com/

#跳轉的網址
< content-type: text/html; charset=UTF-8
#content-type 跟 語系設定(charset)
< date: Sun, 17 Jul 2022 07:26:16 GMT

#網頁產生(訪問)時間
< expires: Tue, 16 Aug 2022 07:26:16 GMT
#過期時間
< cache-control: public, max-age=2592000

#告知瀏覽器快取相關設定
< server: gws
< content-length: 220
< x-xss-protection: 0
#早期防範xss的相關標頭,後續由Content-Security-Policy 此標頭取代。(更多資訊可以看參考來源)
< x-frame-options: SAMEORIGIN

#用來確保網站沒有被嵌入到別人的網站裡面。(更多資訊可以看參考來源)
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):

#以下就是回應的網頁內容,網頁顯示有異常的,可以藉由驗證下方內容來檢查顯示問題。

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

#剩下的就是SSL連線切斷的資訊了
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host google.com left intact

希望有幫助到大家解決問題,如果有遇到甚麼樣類型的異常也歡迎在下方留言,一起在IT人生中互相成長。

參考來源:

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。