nginx背后的kibana反向代理 - “上游过早关闭连接”

时间:2017-02-24 19:22:24

标签: nginx kibana

我有kibana正在监听localhost:5601,如果我通过SSH隧道到这个端口,我可以在我的浏览器中访问kibana就好了。

我已经安装了nginx作为反向代理,但是我完成了所有设置502 Bad Gateway。 nginx错误日志中更详细的错误是

*1 upstream prematurely closed connection while reading response header from upstream,
client: 1.2.3.4,
server: elk.mydomain.com,
request: "GET /app/kibana HTTP/1.1",
upstream: "http://localhost:5601/app/kibana"

我的nginx配置是:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.fedora.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    index   index.html index.htm;
}

kibana.conf中的/etc/nginx/conf.d/个文件是:

server {

    listen 80 default_server;
    server_name elk.mydomain.com;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host \$host;
        proxy_cache_bypass \$http_upgrade;
    }
}

这是一个全新的Amazon Linux EC2实例,安装了最新版本的kibana和nginx。

以前有人遇到过这个问题吗?我觉得这是一个简单的nginx配置问题,但我只是看不到它。

1 个答案:

答案 0 :(得分:0)

事实证明,美元proxy_set_header Upgrade \$http_upgrade;之前的斜杠是来自其他配置管理工具的复制粘贴的结果。

我删除了不必要的斜杠以使proxy_set_header Upgrade $http_upgrade;恢复原状。