SSL 握手中的对等关闭连接

SSL 握手中的对等关闭连接

我有一个关于 nginx 的问题。我通过nginx创建了一个反向代理。使用 Letscrypt 激活 SSL 加密。一切正常,来自客户端的所有请求都发送到上游指定的原始服务器。有时我会犯错误

Chrome 浏览器中的 502 错误网关 nginx/1.16.1。

检查了 nginx error.log,这是错误:

SSL 握手中的对等端关闭连接 104:与上游进行 SSL 握手时对等端重置连接。

我搜索并测试了所有建议。有时仍然会出现此错误。

example.com.conf:

upstream example_com {
      server 50.90.20.70:443 max_fails=10 fail_timeout=60s;
}



server {
 server_name *.example_com;
      location / {
                  #proxy_ssl_server_name on;
                  proxy_pass https://example_com ;
                  proxy_next_upstream         error timeout invalid_header http_500 http_502 http_503 http_504;

                  proxy_set_header         Accept-Encoding   "";
                  proxy_set_header         Host       "example.com";
                  proxy_set_header         X-Real-IP       $remote_addr;
                  proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header         X-Forwarded-Proto $scheme;
                  add_header         Front-End-Https   on;
                  add_header          'host' "$host";
                  add_header Strict-Transport-Security "max-age=31536000";
                  proxy_redirect        off;
                  proxy_buffering         on;
                  proxy_cache             off;
                  proxy_cache_valid         200  4h;
                  proxy_cache_use_stale         error timeout invalid_header updating http_500 http_502 http_503 http_504;
                  #proxy_ssl_verify        on;
                  #proxy_ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
                  proxy_ssl_server_name on;
                  proxy_ssl_session_reuse off;
      }
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    #ssl_ecdh_curve secp384r1:prime256v1;
}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    }

    server_name example.com;
    listen 80;
    return 404;
}

nginx.conf:

user  nginx;
worker_processes  6;
worker_rlimit_nofile 5000;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
        worker_connections 1000;
        multi_accept on;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
      proxy_cache_path  /etc/nginx/cache  levels=1:2    keys_zone=STATIC:10m
      inactive=1h  max_size=950g;
    log_format  main  '$host'

    access_log  /var/log/nginx/access.log  main;

    sendfile        off;
    tcp_nopush     on;

 #server_names_hash_max_size: 512;
 server_names_hash_bucket_size 128;
 keepalive_timeout  65;
 large_client_header_buffers 4 32k;
 client_max_body_size 100M;
 proxy_no_cache $cookie_nocache  $arg_nocache$arg_comment $http_x_no_cache;
 proxy_no_cache $http_pragma     $http_authorization;
 proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
 proxy_cache_bypass $http_pragma $http_authorization  $http_x_no_cache ;
 proxy_ssl_server_name on;

  #gzip  on;
  gzip on;
  gzip_buffers 16 8k;
  gzip_comp_level 6;
  gzip_http_version 1.1;
  gzip_min_length 256;
  gzip_proxied any;
  gzip_vary on;
  gzip_types
    text/xml application/xml application/atom+xml application/rss+xml applicati$
    text/javascript application/javascript application/x-javascript
    text/x-json application/json application/x-web-app-manifest+json
    text/css text/plain text/x-component
    font/opentype application/x-font-ttf application/vnd.ms-fontobject
    image/x-icon;
  gzip_disable "MSIE [1-6]\.(?!.*SV1)";

#   include /etc/nginx/conf.d/*.conf;

server {
   error_page 500 502 503 504 /error503.html;
   location = /error503.html {
                root /usr/share/nginx/html;
                internal;

        }

    }
include /etc/nginx/conf.d/*.conf;

}

相关内容