配置 Nginx 反向代理:解决错误网关问题

配置 Nginx 反向代理:解决错误网关问题

我正在尝试设置一个可以从另一台服务器访问的 Nginx 反向代理。目的是将请求重定向到上游测试环境。连接需要证书和密钥,我已成功验证了它们。

执行命令

curl -E ./test.crt --key ./test.key https://example.com/agent_ws-SOF46 -v -L

导致连接成功。

然而,当我尝试运行

curl -L http://192.168.20.222/mun/s/agent_ws-SOF46/ -v

从不同的内部开发服务器,我遇到了错误的网关响应。请注意,IP地址192.168.20.220对应的是Nginx服务器的内部IP地址。

我使用的配置文件如下:

location /mun/s{
    rewrite ^/mun/s/(.*) /$1 break;
    proxy_ssl_server_name on;
    proxy_ssl_certificate /etc/nginx/certs/test.crt;
    proxy_ssl_certificate_key /etc/nginx/certs/test.key;
    proxy_pass https://example.com/;
    error_log /var/log/nginx/mun-s.log debug;
}

链接到 error.log 文件:点击

2023/08/28 09:41:33 [debug] 19161#0: *15114 http cl:-1 max:104857600
2023/08/28 09:41:33 [debug] 19161#0: *15114 rewrite phase: 3
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446922800:4096 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex: "^/mun/s/(.*)"
2023/08/28 09:41:33 [notice] 19161#0: *15114 "^/mun/s/(.*)" matches "/mun/s/agent_ws-SOF46", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "/"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script capture: "agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex end
2023/08/28 09:41:33 [notice] 19161#0: *15114 rewritten data: "/agent_ws-SOF46", args: "", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 post rewrite phase: 4
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 5
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 6
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 7
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 8
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 9
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 10
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 11
2023/08/28 09:41:33 [debug] 19161#0: *15114 post access phase: 12
2023/08/28 09:41:33 [debug] 19161#0: *15114 http init upstream, client timer: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add event: fd:20 op:3 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Host: "
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script var: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Connection: close
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "User-Agent: curl/7.29.0"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "Accept: */*"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header:
"GET /agent_ws-SOF46 HTTP/1.0
Host: example.com
Connection: close
User-Agent: curl/7.29.0
Accept: */*
 
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http cleanup add: 000055F446923098
2023/08/28 09:41:33 [debug] 19161#0: *15114 get rr peer, try: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 stream socket 23
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add connection: fd:23 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 connect to 217.145.175.7:443, fd:23 #15115
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream connect: -2
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446A570D0:128 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 http finalize request: -4, "/agent_ws-SOF46?" a:1, c:2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http request count:2 blk:0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http run request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream check client, write event:1, "/agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469DFCE0:72
2023/08/28 09:41:33 [debug] 19161#0: *15114 upstream SSL server name: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 set session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 tcp_nodelay
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2023/08/28 09:41:33 [debug] 19161#0: *15114 save session: 000055F4469AB3D0
2023/08/28 09:41:33 [debug] 19161#0: *15114 old session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request body
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer buf fl:1 s:110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer in: 000055F4469230E8
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469EC560:80
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F44692E570:16384
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL buf copy: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL to write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer out: 0000000000000000
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer del: 23: 1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953455
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469BE300:4096
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_get_error: 5
2023/08/28 09:41:43 [debug] 19161#0: *15114 peer shutdown SSL cleanly
2023/08/28 09:41:43 [error] 19161#0: *15114 upstream prematurely closed connection while reading response header from upstream, client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", upstream: "https://1.1.1.1:443/agent_ws-SOF46", host: "localhost"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http next upstream, 2
2023/08/28 09:41:43 [debug] 19161#0: *15114 free rr peer 1 4
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http upstream request: 502
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http proxy request
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_shutdown: 1
2023/08/28 09:41:43 [debug] 19161#0: *15114 close http upstream connection: 23
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F44692E570
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469EC560
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469DFCE0
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F446A570D0, unused: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 event timer del: 23: 1693204953455
2023/08/28 09:41:43 [debug] 19161#0: *15114 reusable connection: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 http finalize request: 502, "/agent_ws-SOF46?" a:1, c:1
2023/08/28 09:41:43 [debug] 19161#0: *15114 http special response: 502, "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 internal redirect: "/50x.html?"

请记住,我故意将上游服务器的 IP 地址和 DNS 名称更改为虚拟的,但它们已经过测试并正常工作。此服务器上还有其他反向代理配置,它们目前正在运行。这个配置与它们的操作方式类似。

编辑:上游服务器似乎也重定向到其他内容(另一个内部 URL),因为 curl 的响应是 302。我怀疑上游服务器的重定向出了问题。之前建立的 SSL 会话可能中断了,但我并不完全确定,这仍然只是猜测。

相关内容