我有一个关于 nginx 的问题。我通过nginx创建了一个反向代理。使用 Letscrypt 激活 SSL 加密。一切正常,来自客户端的所有请求都发送到上游指定的原始服务器。有时我会犯错误
Chrome 浏览器中的 502 错误网关 nginx/1.16.1。
检查了 nginx error.log,这是错误:
SSL 握手中的对等端关闭连接 104:与上游进行 SSL 握手时对等端重置连接。
我搜索并测试了所有建议。有时仍然会出现此错误。
example.com.conf:
upstream example_com {
server 50.90.20.70:443 max_fails=10 fail_timeout=60s;
}
server {
server_name *.example_com;
location / {
#proxy_ssl_server_name on;
proxy_pass https://example_com ;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Accept-Encoding "";
proxy_set_header Host "example.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
add_header 'host' "$host";
add_header Strict-Transport-Security "max-age=31536000";
proxy_redirect off;
proxy_buffering on;
proxy_cache off;
proxy_cache_valid 200 4h;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#proxy_ssl_verify on;
#proxy_ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#ssl_ecdh_curve secp384r1:prime256v1;
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
}
server_name example.com;
listen 80;
return 404;
}
nginx.conf:
user nginx;
worker_processes 6;
worker_rlimit_nofile 5000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1000;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=STATIC:10m
inactive=1h max_size=950g;
log_format main '$host'
access_log /var/log/nginx/access.log main;
sendfile off;
tcp_nopush on;
#server_names_hash_max_size: 512;
server_names_hash_bucket_size 128;
keepalive_timeout 65;
large_client_header_buffers 4 32k;
client_max_body_size 100M;
proxy_no_cache $cookie_nocache $arg_nocache$arg_comment $http_x_no_cache;
proxy_no_cache $http_pragma $http_authorization;
proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
proxy_cache_bypass $http_pragma $http_authorization $http_x_no_cache ;
proxy_ssl_server_name on;
#gzip on;
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml applicati$
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# include /etc/nginx/conf.d/*.conf;
server {
error_page 500 502 503 504 /error503.html;
location = /error503.html {
root /usr/share/nginx/html;
internal;
}
}
include /etc/nginx/conf.d/*.conf;
}