我在使用 nginx 时遇到问题,并且 302 重定向到位于多个重定向后面的文件。
因此我尝试代理此请求并得到 502 错误网关。
location /85319
{
proxy_pass https://traffic.omny.fm/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirects;
}
location @handle_redirects {
resolver 8.8.8.8;
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
}
}
我可以通过 get 访问原始网址,没有问题:
wget https://traffic.omny.fm/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63
nginx 的错误日志显示以下内容:
2020/09/28 20:32:15 [error] 32688#32688: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://104.22.5.5:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://104.22.4.5:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://172.67.7.242:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 connect() to [2606:4700:10::6816:505]:443 failed (101: Network is unreachable) while connecting to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://[2606:4700:10::6816:505]:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 connect() to [2606:4700:10::6816:405]:443 failed (101: Network is unreachable) while connecting to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://[2606:4700:10::6816:405]:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 connect() to [2606:4700:10::ac43:7f2]:443 failed (101: Network is unreachable) while connecting to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://[2606:4700:10::ac43:7f2]:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
在我看来,nginx 似乎正在尝试连接到它要重定向的主机的已解析 IP 地址。由于此主机位于不允许直接 IP 访问的 cloudflare 后面,因此无法发送服务器请求。
如何让 nginx 遵循重定向的主机名(如 wget)而不是 cloudflare/cloudfront 主机的 IP?
答案1
nginx 和 curl 都以完全相同的方式连接到上游。它们使用 DNS 查询解析 IP 地址,然后连接到 IP 地址。
就您而言,似乎是服务器上的 IPv6 路由存在问题,无法通过 IPv6 访问 Cloudflare 的服务器。您需要与服务提供商讨论此问题,以便他们能够修复此问题。