[NGINX] 求教关于反代的问题

发表于 2024年8月24日1年前

之前部署了一个 Discourse 站点部署在一台配置比较高但是线路没有优化的机器上容器内部使用 nginx 然后通过 Unix Socket 使用宿主机的 Caddy 进行域名访问之后我在线路比较好的香港服务器上部署 Nginx 对原站进行反代但是反代后为502，无法正常访问我看了下error.log说的是代理服务器和源站 ssl 握手失败但是我在代理服务器里面写的是https，而且代理服务器curl能正常获取到内容这个是源站的caddyfile

direct.example.com {
    reverse_proxy unix//var/discourse/shared/standalone/nginx.http.sock {
        header_up Host {host}
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}
    }
 header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    }
}

synapse.know-cnu.wiki {
    reverse_proxy localhost:8008 {
        # WebSocket 连接的默认配置
        header_up Host {host}
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}

        # 处理 WebSocket 连接
        transport http {
            read_buffer 0
        }
    }

    # 设置 HSTS 头部
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    }

这个是代理服务器的nginx.conf，未使用ssl

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass https://direct.example.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

error.log如下

root@VM80459:~# tail -f /var/log/nginx/error.log
2024/08/24 06:08:57 [emerg] 3325#3325: "server" directive is not allowed here in /etc/nginx/nginx.conf:11
2024/08/24 06:09:05 [emerg] 3326#3326: "server" directive is not allowed here in /etc/nginx/nginx.conf:11
2024/08/24 06:10:18 [notice] 3373#3373: signal process started
2024/08/24 06:19:53 [notice] 3445#3445: signal process started
2024/08/24 06:20:02 [error] 3446#3446: *12 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: 1xx.1x.5x.xx, server: know-cnu.wiki, request: "GET / HTTP/1.1", upstream: "https://[2400:61xx:0:dx::xa:a0x]:443/", host: "example.com"
2024/08/24 06:20:02 [error] 3446#3446: *12 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: 10x.13x.5x.18x, server: example.com, request: "GET / HTTP/1.1", upstream: "https://15x.8x.2xx.xx:443/", host: "example.com"

登录

[NGINX] 求教关于反代的问题

Featured Replies

创建帐户或登录来提出意见

游客注册

游客注册

会员

最近查看 0

Account

导航

搜索

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)