我在为 Jenkins CI 服务器设置 SSL 时遇到问题。我在 nginx 后面使用 Jenkins 作为反向代理。我的文件upstream prematurely closed connection while reading response header from upstream中出现了这些错误。jenkins.error.log
2014/09/30 13:01:49 [error] 4875#0: *1 upstream prematurely closed connection while reading response header from upstream, client: <MY IP ADDR>, server: jenkins.<SERVER URL>.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "jenkins.<SERVER URL>.com"
2014/09/30 13:01:50 [error] 4875#0: *1 upstream prematurely closed connection while reading response header from upstream, client: <MY IP ADDR>, server: jenkins.<SERVER URL>.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "jenkins.<SERVER URL>.com"
Jenkins 已启动并运行。我能够通过https://<SERVER IP ADDR>:8080(即使 Chrome 抱怨证书) 进行连接。502 Bad Gateway但是 nginx 向我提供了官方 URL 的消息。
站点可用配置:
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
#listen [::]:443 default ipv6only=on;
server_name jenkins.<SERVER URL>.com <SERVER IP ADDR>;
ssl on;
ssl_certificate /etc/nginx/ssl/jenkins.<SERVER URL>.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/<SERVER URL>.com.key;
access_log /etc/nginx/logs/jenkins.access.log;
error_log /etc/nginx/logs/jenkins.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
}
}
答案1
问题出在 Jenkins 本身。我们最初禁用了 Jenkins 的 http 端口,只允许 https。一旦我们再次允许 http,我们只允许来自 127.0.0.1 的请求,这解决了我们的问题。
tl;dr:启用 http 端口,仅允许通过 127.0.0.1 的请求