我有一个主 NGINX 服务器来为我的所有内部服务器运行证书。我正在为运行 php 的新 NGINX 服务器添加一个端点。如果我直接连接到新服务器,新服务器就可以正常工作。它能够通过我的 docker 网络连接到数据库。证书服务器能够正确连接到所有其他端点。
当我使用代理传递给新服务器的证书服务器上的端点时,我的浏览器上出现了 502 Bad Gateway,并且
2022/08/16 17:45:56 [error] 9#9: *5 connect() failed (111: Connection refused) while connecting to upstream, client: [public ip], server: , request: "GET /timeclock HTTP/1.1", upstream: "http://172.18.0.4:5003/timeclock", host: "aps.devserver.com:5005"
[public ip] - - [16/Aug/2022:17:45:56 +0000] "GET /timeclock HTTP/1.1" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" "-"
[public ip] - - [16/Aug/2022:17:45:56 +0000] "GET /favicon.ico HTTP/1.1" 200 5430 "https://aps.devserver.com:5005/timeclock" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" "-"
在证书服务器的日志中。没有日志表明 php 服务器中有连接。
这是我的证书服务器的配置,/timeclock 位置是重要的部分
upstream client {
server aps-frontend:80;
}
upstream server {
server aps-backend:4625;
}
server {
listen 80;
return 301 https://$host:5001$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/apscert.pem;
ssl_certificate_key /etc/ssl/certs/apskey.pem;
location / {
proxy_pass http://client;
}
location /api {
return 302 /api/;
}
location /api/ {
proxy_pass http://server/;
}
location /timeclock {
proxy_pass http://timeclock:5003;
}
}
这是 php 服务器的配置
worker_processes auto;
error_log stderr warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
keepalive_timeout 65;
# Write temporary files to /tmp so they can be created as a non-privileged user
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Default server definition
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
sendfile off;
tcp_nodelay on;
absolute_redirect off;
root /var/www/html;
index index.php index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
# Pass the PHP scripts to PHP-FPM listening on php-fpm.sock
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
expires 5d;
}
# Deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
# Allow fpm ping and status from localhost
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm.sock;
}
}
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
gzip_vary on;
gzip_disable "msie6";
# Include other server configs
include /etc/nginx/conf.d/*.conf;
}
答案1
2022/08/16 17:45:56 [error] 9#9: *5 connect() failed (111: Connection refused) while connecting to upstream, client: [public ip], server: , request: "GET /timeclock HTTP/1.1", upstream: "http://172.18.0.4:5003/timeclock", host: "aps.devserver.com:5005"
172.18.0.4此错误意味着端口上没有运行服务5003,或者防火墙阻止了该端口的连接尝试。
请仔细检查您的应用服务器是否正在运行该软件。