当我在NGINX上启用SSL并上传大于7MB的文件时,文件上传无法完成。如果我删除NGINX并将SSL直接放在风帆上,这样可以正常工作。我从调试文件中得到以下内容,就像我在文件完成之前收到状态200一样:
2017/01/24 12:25:16 [debug] 2645#2645: *5 sendfile: 1899007 of 54230479 @4670513
2017/01/24 12:25:16 [debug] 2645#2645: *5 chain writer out: 0000564D9740D5D0
2017/01/24 12:25:16 [debug] 2645#2645: *5 event timer: 14, old: 1485260776372, new: 1485260776465
2017/01/24 12:25:16 [debug] 2645#2645: *5 http upstream request: "/api/v1/project/56cd9e2aeabf5be95d6e9b35/report/?"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http upstream process header
2017/01/24 12:25:16 [debug] 2645#2645: *5 malloc: 0000564D9740F870:4096
2017/01/24 12:25:16 [debug] 2645#2645: *5 recv: eof:0, avail:1
2017/01/24 12:25:16 [debug] 2645#2645: *5 recv: fd:14 413 of 4096
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy status 200 "200 OK"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Vary: X-HTTP-Method-Override"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "X-Powered-By: Sails <sailsjs.org>"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Access-Control-Allow-Origin: "
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Access-Control-Allow-Credentials: "
2017/01/24 12:25:16 [debug] 2645#2645: *5 posix_memalign: 0000564D97410880:4096 @16
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Access-Control-Allow-Methods: "
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Access-Control-Allow-Headers: "
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Access-Control-Expose-Headers: "
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Content-Type: application/json; charset=utf-8"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Content-Length: 94"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "ETag: W/"5e-dbzI0uHc1qmLjPTL2hIz3A""
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Date: Tue, 24 Jan 2017 12:25:16 GMT"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header: "Connection: keep-alive"
2017/01/24 12:25:16 [debug] 2645#2645: *5 http proxy header done
2017/01/24 12:25:16 [debug] 2645#2645: *5 xslt filter header
2017/01/24 12:25:16 [debug] 2645#2645: *5 HTTP/1.1 200 OK^M
Server: nginx/1.11.8^M
Date: Tue, 24 Jan 2017 12:25:16 GMT^M
Content-Type: application/json; charset=utf-8^M
Content-Length: 94^M
Connection: keep-alive^M
Vary: X-HTTP-Method-Override^M
X-Powered-By: Sails <sailsjs.org>^M
Access-Control-Allow-Origin: ^M
Access-Control-Allow-Credentials: ^M
Access-Control-Allow-Methods: ^M
Access-Control-Allow-Headers: ^M
Access-Control-Expose-Headers: ^M
ETag: W/"5e-dbzI0uHc1qmLjPTL2hIz3A"^M
下面是我的nginx.conf文件:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
send_timeout 60s;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60s;
client_max_body_size 0;
client_body_buffer_size 32K;
ssl_dhparam /ssl/dhparam.pem;
client_body_in_file_only clean;
client_body_in_single_buffer on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/sites-enabled/*;
}
以下是我的网站可用\默认文件:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.co.uk;
client_max_body_size 0;
client_body_buffer_size 32K;
location / {
client_body_temp_path /tmp/;
client_max_body_size 0;
client_body_buffer_size 32K;
keepalive_timeout 60s;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /ssl/mykey.pem;
ssl_certificate_key /ssl/mykey.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:128m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA$
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
}
有什么想法吗?