Nginx

帶有 SSL 的 Nginx PM2 NodeJS 反向代理提供 HTTP 504

  • February 1, 2020

曾幾何時,我對三個NodeJs進行了很好的配置,socket.io API 在同一個Ubuntu 16.4 LTS VPS伺服器上執行, PM2用於程序管理,Nginx用於三個不同子域的反向代理。

我成功安裝了來自Let’s encrypt的****SSL證書,所有子域都來自同一個域(比如說 exemple.com),應該重定向到 https

一旦我嘗試為非 NodeJs 應用程序(PHP/laravel)添加第四個子域,反向代理就不再傳遞,不幸的是我沒有舊 Nginx 配置的備份。

現在,我正試圖恢復我的 VPS 與三個舊 NodeJs 應用程序的和諧,但它給了我來自Nginx****的 504 Gateway Time-out

這是我的配置,我認為是相同的舊配置:

此配置在 chrome 上執行良好,但我正在嘗試從移動和桌面應用程序訪問我的 API。

 # HTTP — redirect all traffic to HTTPS
 server {
   listen 80;
   listen [::]:80 default_server ipv6only=on;
   return 301 https://$host$request_uri;
 }

 # App1 from port 3000 to sub1.exemple.com
 server {
   # Enable HTTP/2
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name sub1.exemple.com;

   # Use the Let’s Encrypt certificates
   ssl_certificate
   /etc/letsencrypt/live/sub1.exemple.com/fullchain.pem;
   ssl_certificate_key
   /etc/letsencrypt/live/sub1.exemple.com/privkey.pem;

   # Include the SSL configuration from cipherli.st
   include snippets/ssl-params.conf;

   location / {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-NginX-Proxy true;
     proxy_ssl_session_reuse off;
     proxy_set_header Host $http_host;
     proxy_cache_bypass $http_upgrade;

     proxy_pass http://localhost:3000/;
     proxy_redirect off;

     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
 }
 }

 # App2 from port 4000 to sub2.exemple.com
 server {
   # Enable HTTP/2
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name sub2.exemple.com;

   # Use the Let’s Encrypt certificates
   ssl_certificate
   /etc/letsencrypt/live/sub2.exemple.com/fullchain.pem;
   ssl_certificate_key
   /etc/letsencrypt/live/sub2.exemple.com/privkey.pem;

   # Include the SSL configuration from cipherli.st
   include snippets/ssl-params.conf;

   location / {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-NginX-Proxy true;
     proxy_ssl_session_reuse off;
     proxy_set_header Host $http_host;
     proxy_cache_bypass $http_upgrade;

     proxy_pass http://localhost:4000/;
     proxy_redirect off;

     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
   }
 }

 # App2 from port 5000 to sub3.exemple.com
 server {
   # Enable HTTP/2
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name sub3.exemple.com;

   # Use the Let’s Encrypt certificates
   ssl_certificate
   /etc/letsencrypt/live/sub3.exemple.com/fullchain.pem;
   ssl_certificate_key
   /etc/letsencrypt/live/sub3.exemple.com/privkey.pem;

   # Include the SSL configuration from cipherli.st
   include snippets/ssl-params.conf;

   location / {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-NginX-Proxy true;
     proxy_ssl_session_reuse off;
     proxy_set_header Host $http_host;
     proxy_cache_bypass $http_upgrade;

     proxy_pass http://localhost:5000/;
     proxy_redirect off;

     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
   }
 }

更新以獲取更多資訊。

Nginx、NodeJs 和 PM2 沒有給出任何錯誤。日誌很乾淨。這是我在檢查請求時得到的。

它在套接字請求時成功:(兩者wss://& https://

WSS 成功

當其他人請求時失敗:

HTTP/S 失敗

我還想提一下,每個子都安裝了 SSL,並且應用程序穩定並且在本地伺服器上執行沒有任何問題。

我發現了問題所在,不是 Nginx不是 PM2不是 Nodejs ,也不是SSL,都在我部署的應用程序中。Mongodb程序中的一個問題使他沒有自動啟動。因此,應用程序接受第一個請求,因為它不需要數據庫干預,並在超時後拒絕登錄請求,因為應用程序已經崩潰但 PM2 重新啟動它並且 Nginx 保持子域對請求開放。

**FF:**所以如果你經過這裡,你可能需要檢查你的應用環境。例如:SGBD、R/W 權限、API…

希望這可以幫助任何有類似問題的人。

嘗試添加 proxy_set_header X-Forwarded-Proto $scheme; 內部位置塊

引用自:https://serverfault.com/questions/943810