NGINX http proxy_pass over ssl

sbtkgmzw  于 2023-06-21  发布在  Nginx
关注(0)|答案(1)|浏览(153)

我试图在我的nginx服务器上设置SSL,它在普通网站上工作,这只是nginx欢迎默认页面,但当我尝试任何配置的proxy_pass位置时,我得到一个cloudflare 526无效的SSL证书错误,它很快就会转到502坏网关。我使用的证书是自签名的,cloudflare SSL设置为full(不严格)。
这是我在日志中得到的错误:

2017/11/28 22:59:10 [error] 11457#11457: *2 upstream prematurely closed connection while reading response header from upstream, client:  141.101.104.32, server: web1.olympiccode.net, request: "GET /r/ HTTP/1.1", upstream: "http://127.0.0.1:2000/r/", host: "web1.olympiccode.net", referrer: "https://web1.olympiccode.net/r"

这是我的配置:

user www-data;
worker_processes 1;
pid /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    send_timeout 1800;
    sendfile        on;
    keepalive_timeout  6500;
    
    ssl_certificate      server.crt;
    ssl_certificate_key  server.key;
    ssl_session_timeout  5m;
    ssl_protocols        SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

server {
    listen       80;
    server_name  web1.olympiccode.net;
    return 200 "hi";
}
# HTTPS server

server {
    listen       443 ssl;
    server_name  web1.olympiccode.net;
    root /usr/share/nginx/html;
    ssl on;
    location / {
     try_files $uri $uri/ =404;
    }
    location /r/ {
      auth_basic "RethinkDB - Web Panel";
      auth_basic_user_file /etc/nginx/.rethinkdb.pass;
      proxy_pass          http://localhost:2000;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
    location /status/ {
      proxy_pass          http://localhost:19999;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
}
}

#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
qvsjd97n

qvsjd97n1#

您可以检查Nginx和上游服务器之间的网络连接来解决此问题。要将Nginx配置为RethinkDB的上游服务器,您可以使用以下Nginx配置:

upstream rethinkdb {
    server localhost:2000;  # Replace with the appropriate RethinkDB server address
}
server {
    listen       443 ssl;
    server_name  web1.olympiccode.net;
    location /r/ {
      auth_basic "RethinkDB - Web Panel";
      auth_basic_user_file /etc/nginx/.rethinkdb.pass;
      proxy_pass          http://rethinkdb;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }

希望这能有所帮助

相关问题