用pip命令安装第三方包出现retrying且ssl error问题汇总

今天pip包时一直retrying且报ssl error的错误,我弄了一上午才好,网上有很多解决方案,但是没有pip安装失败的汇总情况,如有同错,请对比以下情况,希望能解决你的问题,也烦请对不足之处指出。


错误:CouldnotfetchURLhttps://pypi.python.org/simple/pytest-xdist/: There wasaproblem confirmingthessl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocolversion(_ssl.c:590)




curl https://bootstrap.pypa.io/get-pip.py | python3。

2.windows操作系统:从https://bootstrap.pypa.io/get-pip.py下载get-pip.py文件,然后使用python运行这个文件python get-pip.py


错误:Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None))

after connection broken by ‘SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAI

LED] certificate verify failed (_ssl.c:661)’),)’




修改 ~/.pip/pip.conf (没有就创建一个), 更换 index-url


index-url = http://pypi.douban.com/simple




阿里云 http://mirrors.aliyun.com/pypi/simple/

中国科技大学 https://pypi.mirrors.ustc.edu.cn/simple/

豆瓣 http://pypi.douban.com/simple

Python官方 https://pypi.python.org/simple/

v2ex http://pypi.v2ex.com/simple/

中国科学院 http://pypi.mirrors.opencas.cn/simple/

清华大学 https://pypi.tuna.tsinghua.edu.cn/simple/


错误:Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host=’pypi.org’, port=443): Max retries exceeded with url: /simple/pip/ (Caused by S

SLError(SSLError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)’),)) – skipping

原因:在最新的 pip 版本(>=7)中,使用镜像源时,会提示源地址不受信任或不安全


pip install –trusted-host pypi.org –trusted-host files.pythonhosted.org 包名




Windows Process Activation Service error 5 – Access Denied

解决办法:C:\INETPUB\HISTORY. Under here you will see several folders with a prefix of CFGHISTORY. The folder with the highest revision number will be your latest backup. Copy this file and overwrite the existing file at C:\WINDOWS\SYSTEM32\INETSRV\CONFIG.

I ran into a strange error recently on an Exchange 2013 server. The WWW Publishing Service was stopped. When I tried to start the service it failed on a dependency. A quick check revealed the Windows Process Activation Service (WAS) was stopped. When I tried to start WAS, I received the following error.

Windows could not start the Windows Process Activation Service service on Local Computer Error 13 The data is invalid

Windows could not start the Windows Process Activation Service service on Local Computer. Error 13: The data is invalid.

The Event Viewer was littered with equally cryptic Event IDs, such as WAS 5005 and WAS 5036. 继续阅读


一般来说,主流的 Web 服务软件,通常都基于 OpenSSL 和 Java 两种基础密码库。

  • Tomcat、Weblogic、JBoss 等 Web 服务软件,一般使用 Java 提供的密码库。通过 Java Development Kit (JDK)工具包中的 Keytool 工具,生成 Java Keystore(JKS)格式的证书文件。
  • Apache、Nginx 等 Web 服务软件,一般使用 OpenSSL 工具提供的密码库,生成 PEM、KEY、CRT 等格式的证书文件。
  • IBM 的 Web 服务产品,如 Websphere、IBM Http Server(IHS)等,一般使用 IBM 产品自带的 iKeyman 工具,生成 KDB 格式的证书文件。
  • 微软 Windows Server 中的 Internet Information Services(IIS)服务,使用 Windows 自带的证书库生成 PFX 格式的证书文件。



External IP fact(s)

Sage Imel sage@sagenite.net

Provides an external_ip4 fact that shows your ipv4 IP address as returned by http://ipv4.icanhazip.com. Provides and an external_ip6 fact that shows your ipv6 IP address as returned by http://ipv6.icanhazip.com.

Useful if you have a host with a dynamic IP address.


Ruby doesn’t seem to let you specify which interface Web::HTTP uses, so on a box with multiple interfaces your milage may very.


require 'net/http'

Facter.add("external_ip4") do
  setcode do
      target = URI.parse('http://ipv4.icanhazip.com/')
      Net::HTTP.get_response(target.host, target.path).body.chomp
require 'net/http'

Facter.add("external_ip6") do
  setcode do
      target = URI.parse('http://ipv6.icanhazip.com/')
      Net::HTTP.get_response(target.host, target.path).body.chomp

Optimizing Nginx for serving files bigger than 1GB

Yesterday I faced a strange issue, I realize that nginx was not serving files larger than 1GB. After investigation I found that it was due to the proxy_max_temp_file_size variable, that is configured by default to serve up to 1024 MB max.

This variable indicates the max size of a temporary file when the data served is bigger than the proxy buffer. If it is indeed bigger than the buffer, it will be served synchronously from the upstream server, avoiding the disk buffering.
If you configure proxy_max_temp_file_size to 0, then your temporary files will be disabled.

In this fix it was enough to locate this variable inside the location block, although you can use it inside server and httpd blocks. With this configuration you will optimize nginx for serving more than 1GB of data.

location / {
proxy_max_temp_file_size 1924m;

Restart nginx to take the changes:

service nginx restart

Smart and Efficient Byte-Range Caching with NGINX & NGINX Plus

When correctly deployed, caching is one of the quickest ways to accelerate web content. Not only does caching place content closer to the end user (thus reducing latency), it also reduces the number of requests to the upstream origin server, resulting in greater capacity and lower bandwidth costs.

The availability of globally distributed cloud platforms like AWS and DNS‑based global load balancing systems such as Route 53 make it possible to create your own global content delivery network (CDN).

In this article, we’ll look at how NGINX and NGINX Plus can cache and deliver traffic that is accessed using byte‑range requests. A common use case is HTML5 MP4 video, where requests use byte ranges to implement trick‑play (skip and seek) video playback. Our goal is to implement a caching solution for video delivery that supports byte ranges, and minimizes user latency and upstream network traffic.

Editor – The cache‑slice method discussed in Filling the Cache Slice‑by‑Slice was introduced in NGINX Plus R8. For an overview of all the new features in that release, see Announcing NGINX Plus R8 on our blog. 继续阅读






yum install -y nginx
hostnamectl set-hostname linux-node2
echo "This is linux-node2" >/usr/share/nginx/html/index.html
nginx -t
systemctl status nginx

curl -H "Host:www.exmail.com"



Remove IIS Server version HTTP Response Header

How to remove HTTP response headers in IIS 7, 7.5, 8.0, 8.5, and ASP.NET. Windows Server IIS loves to tell the world that a website runs on IIS, it does so with the Server header in the HTTP response, as shown below. In this post I’ll show you how to remove response server headers in IIS. You don’t want to give hackers too much information about your servers, heh? ;-).

Normal HTTP Response headers

Even though I’m not a big fan of security by obscurity (are you?), removing common server response headers is often advised by security experts. Attackers might gain a lot of information about your server and network, just by looking at the response headers a web server returns.

Therefore it’s advised you remove at least some of them. 继续阅读

Packet Sender


Packet Sender is an open source utility to allow sending and receiving TCP, UDP, and SSL (encrypted TCP) packets. The mainline branch officially supports Windows, Mac, and Desktop Linux (with Qt). Other places may recompile and redistribute Packet Sender. Packet Sender is free and licensed GPL v2 or later. It can be used for both commercial and personal use.


  • Controlling network-based devices in ways beyond their original apps
  • Test automation (using its command line tool and/or hotkeys)
  • Testing network APIs (using the built-in TCP, UDP, SSL clients)
  • Malware analysis (using the built-in UDP, TCP, SSL servers)
  • Troubleshooting secure connections (using SSL ).
  • Testing network connectivity/firewalls (by having 2 Packet Senders talk to each other)
  • Tech support (by sending customers a portable Packet Sender with pre-defined settings and packets)
  • Sharing/Saving/Collaboration using the Packet Sender Cloud service.


PowerShell 下载文件

最早在一个自动化脚本中需要从微软官网上下载一个Office365 的 PowerShell Module 安装包,使用的是WebClient下载文件,但是在PowerShell 3.0 中,有一条非常有用的命令,Invoke-WebRequest,我们可以使用它从互联网上下载文件。其实内部实现极有可能也是调用WebClient。


$src = 'https://www.2mysite.net/index.php'
$des = "$env:temp\index.php"
Invoke-WebRequest -uri $src -OutFile $des
Unblock-File $des

因为下载的文件会被Windows锁定,PowerShell 3.0 同时还有一个新命令可以给文件解锁。如何你要访问的文件需要身份验证,或者代理服务器。请继续参考Invoke-WebRequest的其他参数。