`proxy_pass https://127.0.0.1:3000` 导致 `502 bad gateway`

tag-icon tag-icon nginx ssl localhost
`proxy_pass https://127.0.0.1:3000` 导致 `502 bad gateway`

我在 中有以下 nginx 块/etc/nginx/sites-available/default。因此,我的网站http://www.funfun.ink/1/#/home可以重定向到 https://www.funfun.ink/1/#/home并且加载良好。

但我不确定这是否proxy_pass http://localhost:3000是正确的配置,请注意我希望整个网站始终使用 SSL。我尝试过proxy_pass https://localhost:3000proxy_pass https://127.0.0.1:3000在我的另一个网站和服务器上有效),但是http://www.funfun.ink/1/#/home总是导致502 bad gateway

有人能告诉我 1)proxy_pass https://127.0.0.1:3000导致的原因502 bad gateway;2)proxy_pass http://localhost:3000尽管结果看起来不错,但 SSL 方面的配置是否正确?

server {
    listen 80;
    server_name funfun.ink www.funfun.ink;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;

    server_name funfun.ink www.funfun.ink;

    ssl_certificate /etc/nginx/cert/1530230026231.pem;
    ssl_certificate_key /etc/nginx/cert/1530230026231.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_session_timeout 1d;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

    location ~* ^/\b(?!1|js|socket.io|monaco-editor|libs|dist|fonts|javascripts|formatter|ui|css|stylesheets|htmls|imgs|static|httpOnly|tmp|uploads)\w+\b/? {
        rewrite .* /1/#$request_uri redirect;
    }

    location ~* ^/1/\b(?!#|auth)\w+\b/? {
        rewrite ^/1/(.*[.]js)$ https://www.funfun.ink/dist/$1 redirect;
        rewrite ^/1/(.*[^.][^j][^s])$ https://www.funfun.ink/1/#/$1 redirect;
    }

    location = / {
        return 301 /home;
    }

    location ~ /.well-known {
        allow all;
    }

    location / {
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Accept-Encoding     "";
        proxy_set_header    Proxy               "";
        # proxy_pass          https://127.0.0.1:3000;
        # proxy_pass          https://localhost:3000;
        proxy_pass          http://localhost:3000;

        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }
}

答案1

但我不确定这是否proxy_pass http://localhost:3000是正确的配置,请注意,我希望整个网站始终使用 SSL。

如果localhost:3000有 HTTP 协议上的服务,它就无法神奇地使用 HTTPS 进行应答。这正是您得到 的原因502 bad gateway。这不是问题:

  1. listen 443 ssl;使得您的网站使用 TLS 进行服务。
  2. 与本地主机的连接使用本地环回而不是互联网。

只需确保端口:3000仅绑定到接口127.0.0.1,即不应答http://funfun.ink:3000。(从这里看来没问题。)

相关内容