nginx 反向代理和 gunicorn 的 ERR_CONNECTION_RESET

nginx 反向代理和 gunicorn 的 ERR_CONNECTION_RESET

我有一个用 flask 编写的 Web 应用程序,大多数用户都可以完美运行。但是,某些特定移动电话运营商(SFR 和 Bouygues Télécom,法国移动电话运营商)的用户无法访问该 Web 应用程序。

我发现他们在 Firefox Mobile 上遇到了 ERR_CONNECTION_RESET。我在 nginx 日志中注意到了这个错误,2021/08/17 19:16:58 [crit] 324713#324713: *110940 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: *.*.*.*, server: 0.0.0.0:443但它似乎并不相关:https://stackoverflow.com/questions/65854933/nginx-ssl-error141cf06cssl-routinestls-parse-ctos-key-sharebad-key-share

Web 应用程序使用 nginx 和 gunicorn。

这是 nginx 配置文件:

server {
    if ($host = www.domain.fr) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = domain.fr) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    # listen on port 80 (http)
    listen 80;
    server_name domain.fr www.domain.fr;
    location / {
        # redirect any requests to the same URL but on https
        return 301 https://$host$request_uri;
    }
}
server {
    # listen on port 443 (https)
    listen 443 ssl;
    server_name domain.fr domain.fr;

    # write access and error logs to /var/log
    access_log /var/log/web_app_access.log;
    error_log /var/log/web_app_error.log;

    location / {
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
    }
    if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
    }
    if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
    }
    # forward application requests to the gunicorn server
        proxy_pass http://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /static {
        # handle static files directly, without forwarding to the application
        alias /home/barman/web-app/app/static;
        expires 30d;
    }
    ssl_certificate /etc/letsencrypt/live/domain.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.fr/privkey.pem; # managed by Certbot

}

Gunicorn 由 Supervisorctl 运行:

[program:web_app]
command=/home/barman/web-app/venv/bin/gunicorn -b localhost:8000 -w 4 web_app:app
directory=/home/barman/web-app
user=barman
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true

这个问题很奇怪,你有什么解决办法吗?谢谢

相关内容