Nginx 负载均衡器显示不完整的 HTTPS 页面

2024-5-31 • tag-icon

我必须配置一个 NGINX 服务器来平衡 2 个或更多 https 网站的负载。

我写了这段代码：

user  nginx;
#worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

#    sendfile        on;
#tcp_nopush     on;

#    keepalive_timeout  65;

        upstream servers_mito {
                least_conn;
                #server 10.200.0.43:801 max_fails=3 fail_timeout=30s;
                server 10.200.0.43:443 max_fails=3 fail_timeout=30s;
                #server 10.200.0.70:801 max_fails=3 fail_timeout=30s;
                server 10.200.0.141:443 max_fails=3 fail_timeout=30s;
                              }


server {
                        #listen       80;
                        listen 443 ssl;
                        #ssl on;
                        ssl_certificate         /etc/nginx/ssl/proxy1/server.crt;
                        ssl_certificate_key     /etc/nginx/ssl/proxy1/server.key;
                        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
                        server_name  proxy1;
                        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                        ssl_prefer_server_ciphers on;
                        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#                   access_log   logs/domain2.access.log  main;

location / {
                proxy_pass      https://servers_mito;
                proxy_max_temp_file_size 0;
                #proxy_set_header Host $host;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_ssl_server_name on;
                }

location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
#        allow 10.200.0.111;
        allow 10.5.1.101;
         deny all;
}
}
#location / {
#        root   /usr/share/nginx/html;
#        index  index.html index.htm;
#    }
    }

我在本例中使用的 2 个服务器是：10.200.0.43 --> Spacewalk 10.200.0.141 --> Ansible

如果我直接浏览这些网站，没有任何问题，网站可以正常浏览。如果我通过 NGINX，网站是不完整的，无法工作：无用，不可用，正如您在图片中看到的那样：

太空行走 ansible1 ansible2

这是访问日志：

10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /rhn/Login.do HTTP/1.1" 404 3360 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 5086 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/api/api.css?v=3.0.2 HTTP/1.1" 200 7442 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 200 1132 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/csrf.js HTTP/1.1" 200 1832 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/prettify.css HTTP/1.1" 404 5086 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/bootstrap.min.js HTTP/1.1" 200 36816 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/prettify-min.js HTTP/1.1" 200 13632 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/default.js HTTP/1.1" 200 1760 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/api/api.js?v=3.0.2 HTTP/1.1" 200 3145 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/assets/main_menu_logo.png HTTP/1.1" 200 6359 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/ajax-form.js HTTP/1.1" 404 5092 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/jquery-1.11.3.min.js HTTP/1.1" 200 95957 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/ajax-form.js HTTP/1.1" 404 5092 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/assets/favicon.ico?v=3.0.2 HTTP/1.1" 200 15086 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"

而error.log：

2018/09/04 17:38:36 [warn] 17259#17259: *243 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 10.5.1.101, server: proxy1, request: "GET /static/rest_framework/js/jquery-1.11.3.min.js HTTP/1.1", upstream: "https://10.200.0.141:443/static/rest_framework/js/jquery-1.11.3.min.js", host: "10.200.0.69", referrer: "https://10.200.0.69/rhn/Login.do"`

你能告诉我我做错了什么吗？

ps:如果我在 http 上重定向，它就可以正常工作

我在 http 块中添加了这些行，但不幸的是没有任何变化：

10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /rhn/Login.do HTTP/1.1" 400 3374 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/js/prettify-min.js HTTP/1.1" 200 13632 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 404 8394 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET / HTTP/1.1" 400 3350 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 200 1132 "https://10.200.0.69/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET / HTTP/1.1" 302 217 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET /rhn/Login.do HTTP/1.1" 400 3374 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"

页面不完整

您认为将端口号放在服务器参数中是否正确：

upstream servers_mito {
least_conn;
#server 10.200.0.43:801 max_fails=3 fail_timeout=30s;
server 10.200.0.43**:443** max_fails=3 fail_timeout=30s;
#server 10.200.0.70:801 max_fails=3 fail_timeout=30s;
server 10.200.0.141**:443** max_fails=3 fail_timeout=30s;
    }

然后写入https在位置块中？

location / {
                proxy_pass      https://servers_mito;
proxy_max_temp_file_size 0;

答案1

您应该明确将client_max_body_size参数设置为0（无限制）而不是隐式值1M：

http {
  . . . . .
  client_max_body_size            0;
  client_body_timeout             180;
  send_timeout                    180;
  proxy_send_timeout              180;
  proxy_read_timeout              180;
  . . . . .

答案1

相关内容