502 bad gateway nginx for dotnet WebApplication

idfiyjo8  于 11个月前  发布在  Nginx
关注(0)|答案(1)|浏览(215)

bounty将在7天后过期。回答此问题可获得+50的声望奖励。Kirsten希望引起更多关注此问题。

我正尝试在运行Centos 9 Stream和Nginx的数字海洋快捷方式上运行测试WebApplication。该WebApplication是从Visual Studio模板创建的默认项目。它使用net8.0. Microsoft.AspNetCore.OpenApi 7.0.14和Swashbuckle.AspNetCore 6.5.0
我还通过LetsEncrypt安装了一个证书
在droplet上启动nginx之后,我还使用

DotNet WebApplication.dll

字符串
并看到它正在侦听端口5000
x1c 0d1x的数据
但是如果我尝试

curl -I https://example.com


我得到

HTTP/1.1 502 Bad Gateway
   Server: nginx/1.22.1


我看到WebApplication控制台输出了一条警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
Failed to determine the https port for redirect


我在/etc/nginx/nginx.conf中有以下内容

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        server_name example.com;
        location / {
            proxy_pass         http://localhost:5000; # Your .NET app's URL
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/examplecom/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#        location = /404.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#        location = /50x.html {
#        }
#    }


    server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen       80;
        listen       [::]:80;
        server_name example.com;
    return 404; # managed by Certbot

}}


[更新]

cat /var/log/nginx/error.log


报告

Permission denied while connecting to upstream


[更新]
在看了this ticket之后,我尝试了
设置布尔值-P httpd_can_network_connect 1(可连接到网络1的HTTP请求)
然后重新开始。
现在当我跑的时候
. NET Web应用程序. dll
我得到警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
failed to deterimine the https port for redirect.
Microsoft.Hosting.Lifetime[0]
Application is shutting down.


但我仍然收到“502 Bad Gateway(网关错误)”错误

curl -I https://example.com


我在日志中不再看到“权限被拒绝”错误。它是(IPAddress已模糊处理)

2024/01/06 04:39:52 [notice] 1323#1323: signal 3 (SIGQUIT) received from 1, shutting down
2024/01/06 04:39:52 [notice] 1323#1323: signal 17 (SIGCHLD) received from 1324
2024/01/06 04:39:52 [notice] 1323#1323: worker process 1324 exited with code 0
2024/01/06 04:39:52 [notice] 1323#1323: exit
2024/01/06 04:43:25 [notice] 1339#1339: using the "epoll" event method
2024/01/06 04:43:25 [notice] 1339#1339: nginx/1.22.1
2024/01/06 04:43:25 [notice] 1339#1339: built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC) 
2024/01/06 04:43:25 [notice] 1339#1339: OS: Linux 5.14.0-391.el9.x86_64
2024/01/06 04:43:25 [notice] 1339#1339: getrlimit(RLIMIT_NOFILE): 1024:524288
2024/01/06 04:43:25 [notice] 1340#1340: start worker processes
2024/01/06 04:43:25 [notice] 1340#1340: start worker process 1341
2024/01/06 05:00:14 [error] 1341#1341: *5 connect() failed (111: Connection refused) while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "example.com"
2024/01/06 05:00:14 [warn] 1341#1341: *5 upstream server temporarily disabled while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "example.com"
2024/01/06 05:00:14 [error] 1341#1341: *5 connect() failed (111: Connection refused) while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://[::1]:5000/", host: "example.com"
2024/01/06 05:00:14 [warn] 1341#1341: *5 upstream server temporarily disabled while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://[::1]:5000/", host: "example.com"


[更新]
我看到https在已发布的appsettings.json中没有提到(而在开发的launchsettings.json中却提到了)

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}


[更新]从here我了解到
如果未指定端口,Kestrel将绑定到http://localhost:5000。
下一步添加

"Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost:5000"
      }
    }
  },


现在我明白
ASP.NET开发人员证书不受信任。请参阅this
此外,坏网关仍然没有解决。
[更新]
我已经通过使nginx.conf和appsettings.json都使用http://localhost:5000解决了证书问题
我还能拿到502坏门
https://example.com/swagger/index.html提供
404 Error:抱歉,您所查找的页面不存在!
[更新]
我在droplet上启用了IPV6(注意到nginx.conf中的IPV6已打开)
现在

curl -I https://example.com


404找不到页面
此外,WebApplication控制台还会警告
Microsoft.AspNetCore.HttpsPolicy. HttpsRedirection中间件3无法确定用于重定向的https端口。
我可以看到使用

cat /var/log/nginx/error.log



SSL握手时,SSL_do_handshake()失败(SSL:错误0A 00006 C:SSL例程::密钥共享错误)
[更新]
在阅读了ozkanpakdil的评论之后,我修改了program.cs来删除app.UseHttpsRedirection();
现在

curl -I example.com


301 Moved Permanently


[更新]
我想知道status nginx输出中的禁用字。



如果我结束Web应用程序并在浏览器中转到example.com,则会看到一个错误页面



如果我启动Web应用程序并转到example.com,我会看到

Failed to load resource: the server responded with a status of 404.


在我的Visual Studio开发计算机上,该应用程序打开https://localhost:7223/swagger/index.html
[更新]
为了在example.com上获得正确的解决方案,我需要将演示代码更改为使用swaggerui


7uzetpgm

7uzetpgm1#

  • 我认为AspNetCore侧代码的某个地方试图将用户重定向到https,因为nginx通过http发送请求,我建议使用disable AspNetCore https redirection,因为你已经在前面有了nginx,它正在做SSL的事情,你不需要在后端做任何与之相关的事情。
  • 关于systemctl请check这大多数的东西是禁用在Linux在第一次安装,你需要启用他们为未来的重新启动.如果他们是启用他们将启动在 Boot 时间/启动.

相关问题