向后端容器发出 api 请求时出现 nginx 错误 500

tag-icon tag-icon nginx ssl docker reverse-proxy uwsgi
向后端容器发出 api 请求时出现 nginx 错误 500

我在设置一个由 nginx 组成的系统时遇到了麻烦,该系统设置为反向代理,处理位于我本地计算机上的虚拟机上的 https 请求。此反向代理适用于所有从 docker-compose.yml 生成的 docker 容器组件。

a)包含 apache 的前端容器,它向后端发出请求www.mymachine.org/api/document/1读取文档。b)一个 Python api,它是一个容器化的 uwsgi 应用程序(端口 3031)

这是我的站点配置:

upstream frontend {
server 127.0.0.1:8080;
}

server {

listen 443 ssl;
listen [::]:443 ssl;

include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name mymachine-dev.mydomain.com;

location ^~ / {
  proxy_pass http://frontend/;
 }

location ^~ /api/ {
              uwsgi_pass 127.0.0.1:3031;
              include uwsgi_params;
              # proxy_redirect     off;

              # proxy_set_header   Host              $http_host;
              # proxy_set_header   X-Real-IP         $remote_addr;
              # proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
              # proxy_ssl_server_name on;
              # proxy_set_header Host mymachine-dev.mydomain.com;
              }
}

server {
    listen 80;
    listen [::]:80;
    server_name mymachine-dev.mydomain.com;
    return 302 https://$server_name$request_uri;
}

症状:前端向后端发出请求时,导致http 500-Internal Server错误,类似于:

XHR GET https://mymachine-dev.mydomain.com/api/documents/1

Status500
Internal Server Error
VersionHTTP/1.1
Transferred391 B (145 B size)

但是,从日志中我可以看到前端发出的请求到达了 uwsgi 容器,并且它处理了数据:

wedaq_frontend_1 | 172.17.0.1 - - [19/Jul/2020:12:43:49 +0000] "GET /documents/1 HTTP/1.0" 200 890
wedaq_frontend_1 | 172.17.0.1 - - [19/Jul/2020:12:43:49 +0000] "GET /css/app.582869e8.css HTTP/1.0" 200 7172
wedaq_frontend_1 | 172.17.0.1 - - [19/Jul/2020:12:43:49 +0000] "GET /css/chunk-vendors.3cb806b4.css HTTP/1.0" 200 251267
uwsgi_1     | Note: entering document generation
uwsgi_1     | [pid: 14|app: 0|req: 3/3] 192.168.178.112 () {52 vars in 1064 bytes} [Sun Jul 19 12:43:49 2020] GET /api/docuements/1 => generated 145 bytes in 6 msecs (HTTP/1.1 500) 5 headers in 154 bytes (1 switches on core 0)
wedaq_frontend_1 | 172.17.0.1 - - [19/Jul/2020:12:43:49 +0000] "GET /js/app.144c2789.js.map HTTP/1.0" 200 426026
wedaq_frontend_1 | 172.17.0.1 - - [19/Jul/2020:12:43:49 +0000] "GET /js/chunk-vendors.f3c2a7c6.js.map HTTP/1.0" 200 4511322

我无法调试错误实际发生的位置。我最好的猜测是证书出了问题 - 我使用的自签名证书在浏览器窗口中显示为无效。我尝试用自己生成的证书替换原始的 Ubuntu snakeoil 证书,但错误仍然相同。我现在的问题是 SSL 问题是否会导致 500 错误以及我应该采取什么措施,或者我是否必须深入研究一个完全不同的区域?这是抱怨 SSL 握手的 nginx 日志:

2020/07/19 12:56:39 [info] 3367#3367: *53 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.178.112, server: 0.0.0.0:443
2020/07/19 12:56:39 [info] 3367#3367: *54 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.178.112, server: 0.0.0.0:443
2020/07/19 12:56:39 [info] 3367#3367: *58 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.178.112, server: 0.0.0.0:443
2020/07/19 12:56:39 [warn] 3368#3368: *55 an upstream response is buffered to a temporary file /var/lib/nginx/proxy/1/01/0000000011 while reading upstream, client: 192.168.178.112, server: mymachine-dev.mydomain.com, request: "GET /css/chunk-vendors.3cb806b4.css HTTP/1.1", upstream: "http://127.0.0.1:8080/css/chunk-vendors.3cb806b4.css", host: "mymachine-dev.mydomain.com", referrer: "https://mymachine-dev.mydomain.com/documents/1"
2020/07/19 12:56:39 [warn] 3367#3367: *59 an upstream response is buffered to a temporary file /var/lib/nginx/proxy/2/01/0000000012 while reading upstream, client: 192.168.178.112, server: mymachine-dev.mydomain.com, request: "GET /js/app.144c2789.js.map HTTP/1.1", upstream: "http://127.0.0.1:8080/js/app.144c2789.js.map", host: "mymachine-dev.mydomain.com"
2020/07/19 12:56:39 [warn] 3368#3368: *55 an upstream response is buffered to a temporary file /var/lib/nginx/proxy/3/01/0000000013 while reading upstream, client: 192.168.178.112, server: mymachine-dev.mydomain.com, request: "GET /js/chunk-vendors.f3c2a7c6.js.map HTTP/1.1", upstream: "http://127.0.0.1:8080/js/chunk-vendors.f3c2a7c6.js.map", host: "mymachine-dev.mydomain.com"

注意:我已经关注了有关缓冲的警告,但是 上游响应被缓冲到临时文件中 表明这是无关的。

响应标头如下所示:

    HTTP/1.1 500 Internal Server Error
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 21 Jul 2020 19:40:35 GMT
    Content-Type: text/html
    Content-Length: 145
    Connection: keep-alive
    X-Frame-Options: DENY
    Vary: Origin
    X-Content-Type-Options: nosniff

这是响应有效负载的内容:

    <!doctype html>
    <html lang="en">
    <head>
      <title>Server Error (500)</title>
    </head>
    <body>
      <h1>Server Error (500)</h1><p></p>
    </body>
    </html>

相关内容