Nginx
某些頁面返回“502 Bad Gateway”錯誤
我剛剛意識到我網站的某些連結會導致“502 Bad Gateway”錯誤。例如https://v2a.10studio.tech/10studio/auth/google>、<https://v2a.10studio.tech/auth/google>、<https://v2a.10studio.tech/10studio/auth/microsoft、https ://v2a.10studio.tech/auth/microsoft。我很確定這些連結幾週前有效,我不知道發生了什麼。
網站https://v2a.10studio.tech/>仍在執行。<https://v2a.10studio.tech/#/sign?next=/包含點擊導致連結斷開的按鈕。
這裡是
docker-compose.yml:version: "3" services: frontend: restart: unless-stopped image: staticfloat/nginx-certbot ports: - 80:80/tcp - 443:443/tcp environment: CERTBOT_EMAIL: chengtie@gmail.com volumes: - ./conf.d:/etc/nginx/user.conf.d:ro - letsencrypt:/etc/letsencrypt 10studio: image: bitnami/nginx:1.16 restart: always volumes: - ./build:/app - ./default.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro - ./configs/config.prod.js:/app/lib/config.js depends_on: - frontend volumes: letsencrypt: networks: default: external: name: 10studio並且
conf.d/v2.conf:gzip on; gzip_proxied any; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_min_length 256; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/jpeg image/png image/svg+xml image/x-icon; upstream funfun { server www.funfun.io:443; } server { listen 443 ssl; ssl_certificate /etc/letsencrypt/live/v2a.10studio.tech/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/v2a.10studio.tech/privkey.pem; server_name v2a.10studio.tech; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security max-age=15768000; add_header X-Frame-Options ""; location ~ /socialLoginSuccess { rewrite ^ '/#/socialLoginSuccess' redirect; } location ~ /auth/(.*) { proxy_pass https://funfun/10studio/auth/$1?$query_string; proxy_set_header Host v2a.10studio.tech; } location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Accept-Encoding ""; proxy_set_header Proxy ""; proxy_pass http://10studio:8080/; # These three lines added as per https://github.com/socketio/socket.io/issues/1942 to remove socketio error proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }有人可以幫忙嗎?
PS:幾週前我在 CloudFlare 中更改了 funfun.io 的一些設置(尤其是 SSL 證書),如果它相關,我不知道。我不知道這
Proxy status(DNS only或Proxied)是否有影響。
**編輯 1:**這裡有一些 docker 日誌:
2020-08-18T20:19:15.667934708Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.153.135:443/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:15.667995550Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.153.135:443/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:15.738088121Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.152.135:443/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:15.738135701Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.152.135:443/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:15.803843403Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://172.67.193.92:443/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:15.803890220Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://172.67.193.92:443/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:15.803908241Z 176.144.215.193 - - [18/Aug/2020:20:19:15 +0000] "GET /auth/github HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" "-" 2020-08-18T20:19:21.284333260Z 2020/08/18 20:19:21 [error] 42#42: *310 no live upstreams while connecting to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /10studio/auth/github HTTP/1.1", upstream: "https://funfun/10studio/auth/github?", host: "v2a.10studio.tech" 2020-08-18T20:19:21.285121395Z 176.144.215.193 - - [18/Aug/2020:20:19:21 +0000] "GET /10studio/auth/github HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" "-"
該錯誤
SSL alert number 40表示您嘗試連接到需要 SNI 但未發送 SNI 主機名的 HTTPS 站點。您正在嘗試
proxy_pass向/auth/名為. 但是這個站點託管在 CloudFlare 上,因此需要 SNI 使用 HTTPS 連接到它。不幸的是,預設情況下,nginx 對傳出上游 HTTPS 連接的 SNI 支持被禁用(我無法想像為什麼)。您需要為與上游的傳出連接顯式啟用 SNI 。這可以在上下文中設置,以便它適用於整個配置中的每一次嘗試,或者可以僅放置在需要它的特定 s 中。upstream``www.funfun.io``proxy_ssl_server_name on;``http``proxy_pass``location