NGINX http proxy_pass 通过 SSL 引发错误 502

tag-icon tag-icon nginx proxypass
NGINX http proxy_pass 通过 SSL 引发错误 502

我正在尝试在我的 nginx 服务器上设置 SSL,它在普通站点上运行,该站点只是 nginx 欢迎默认页面,但当我尝试任何配置的 proxy_pass 位置时,我收到 cloudflare 526 无效 SSL 证书错误,该错误迅速跳转到 502 错误网关。我使用的证书是自签名的,cloudflare SSL 设置为完整(不严格)。

这是我在日志中收到的错误:

2017/11/28 22:59:10 [error] 11457#11457: *2 upstream prematurely closed connection while reading response header from upstream, client:  141.101.104.32, server: web1.olympiccode.net, request: "GET /r/ HTTP/1.1", upstream: "http://127.0.0.1:2000/r/", host: "web1.olympiccode.net", referrer: "https://web1.olympiccode.net/r"

这是我的配置:

user www-data;
worker_processes 1;
pid /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    send_timeout 1800;
    sendfile        on;
    keepalive_timeout  6500;

    ssl_certificate      server.crt;
    ssl_certificate_key  server.key;
    ssl_session_timeout  5m;
    ssl_protocols        SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;


server {
    listen       80;
    server_name  web1.olympiccode.net;
    return 200 "hi";
}
# HTTPS server

server {
    listen       443 ssl;
    server_name  web1.olympiccode.net;
    root /usr/share/nginx/html;
    ssl on;
    location / {
     try_files $uri $uri/ =404;
    }
    location /r/ {
      auth_basic "RethinkDB - Web Panel";
      auth_basic_user_file /etc/nginx/.rethinkdb.pass;
      proxy_pass          http://localhost:2000;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
    location /status/ {
      proxy_pass          http://localhost:19999;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

答案1

事实证明,该错误是由于 SSL 设置中的 cloudflare 配置错误引起的。

我有两种不同的设置,一种是用于我的网站的普通网络托管,另一种是用于数据库和其他东西的 VPS,由于这个设置以及网络主机具有 SSL 证书,我将 cloudflare SSL 设置为“完全(严格)”,并将页面规则设置“web1.olympiccode.net”仅设置为“完全”,但是,cloudflare 页面规则适用于 URL 而不适用于主机,因此我不得不将其更改为“web1.olympiccode.net/*”,之后它就可以正常工作了。

相关内容