Ubnt 16.04 - NGINX - LetsEncrypt - 网站首次用户遇到 502 Bad Gateway

tag-icon tag-icon php nginx letsencrypt
Ubnt 16.04 - NGINX - LetsEncrypt - 网站首次用户遇到 502 Bad Gateway

我为两个 Wordpress 网站设置了一个 Web 服务器。安装了 NGINX、PHP、Mariadb、certbot for SSL 等。

我面临的问题是,如果我在 Certbot 配置之前访问该网站,我可以正常访问它,加载不同的页面,管理面板,php 运行正常,一切都显示正常。然而,如果您是尝试访问该网站的新用户(https://liventplanning.com)您会收到 502 - Bad Gateway 错误。

这是NGINX的error.log:

2018/07/10 14:47:25 [error] 3425#3425: *1628 upstream sent invalid status "Service Unavailable" while reading response header from upstream, client: 37.9.113.120, server: liventplanning.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "liventplanning.com"

这是 NGINX 的 ../sites-available/default 文件(为简单起见,我删除了所有注释和大部分空格):

server {
    server_name liventplanning.com;        
    root /var/www/liventplanning;
        index index.php index.html index.htm index.nginx-debian.html;
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # proxy_pass http://localhost:8080;
                # proxy_http_version 1.1;
                # proxy_set_header Upgrade $http_upgrade;
                # proxy_set_header Connection 'upgrade';
                # proxy_set_header Host $host;
                # proxy_cache_bypass $http_upgrade;
        }

        location ~ \.php$ {
               include snippets/fastcgi-php.conf;

               # With php7.0-cgi alone:
               #fastcgi_pass 127.0.0.1:9000;
               # With php7.0-fpm:
               fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/liventplanning.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/liventplanning.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
       server_name megalaboratorio.com;
       root /var/www/megalaboratorio;
       index index.php index.html;
       location / {
               try_files $uri $uri/ =404;
       }
    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/liventplanning.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/liventplanning.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
        root /var/www/liventplanning;
        index index.php index.html index.htm index.nginx-debian.html;
    server_name www.megalaboratorio.com www.liventplanning.com; # managed by Certbot

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # proxy_pass http://localhost:8080;
                # proxy_http_version 1.1;
                # proxy_set_header Upgrade $http_upgrade;
                # proxy_set_header Connection 'upgrade';
                # proxy_set_header Host $host;
                # proxy_cache_bypass $http_upgrade;
        }

        location ~ \.php$ {
               include snippets/fastcgi-php.conf;

               # With php7.0-cgi alone:
               #fastcgi_pass 127.0.0.1:9000;
               # With php7.0-fpm:
               fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

    listen [::]:443 ssl ; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/liventplanning.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/liventplanning.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = liventplanning.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name liventplanning.com;
    return 404; # managed by Certbot
}

server {
    if ($host = megalaboratorio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

       listen 80;
       listen [::]:80;

       server_name megalaboratorio.com;
    return 404; # managed by Certbot
}

server {
    if ($host = www.megalaboratorio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.liventplanning.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    server_name www.megalaboratorio.com www.liventplanning.com;
    return 404; # managed by Certbot
}

任何以前访问过该网站的浏览器都可以完美使用它,但如果您是新用户,您就会收到 502 错误网关错误。

有人能给我指点一下吗?我已经检查了文档、配置文件、论坛和日志一周了,但还是对此感到困惑。提前感谢你们的帮助。

答案1

为了结束这个话题,这是我发现的。

罪魁祸首似乎是一半是 wordpress,一半是 nginx 中的错误。阅读 NGINX 的日志后,我发现 Wordpress (wp-cron.php) 的一项操作会创建一个 cron 作业,每次用户加载网站时都会检查 Wordpress 或插件更新,因此在执行 cron 作业时,Wordpress 似乎会在数据返回之前丢弃 SSL 套接字,并且从不通知它是否已启动、已完成或其他情况。

也就是说,根据这个 Wordpress 错误报告。https://core.trac.wordpress.org/ticket/323​​06

尽管如此,我禁用了 SSL,撤销了证书,但仍然出现相同的 502 Bad Gateway 错误。几天后,我将重建服务器并安装 LAMP 堆栈而不是 LEMP 堆栈,加载上次制作的 Wordpress 备份,最后颁发新的 Let's Encrypt 证书。

相关内容