在ssl上的NGINX http proxy_pass

时间:2017-11-28 22:22:28

标签: ssl nginx proxypass

我正在尝试在我的nginx服务器上设置SSL,它适用于普通网站,这只是nginx欢迎默认页面,但是当我尝试任何配置的proxy_pass位置时,我得到一个cloudflare 526无效的SSL证书错误快速拨到502坏网关。我正在使用的证书是自签名的,cloudflare SSL设置为完整(不严格)。

这是我在日志中遇到的错误:

2017/11/28 22:59:10 [error] 11457#11457: *2 upstream prematurely closed connection while reading response header from upstream, client:  141.101.104.32, server: web1.olympiccode.net, request: "GET /r/ HTTP/1.1", upstream: "http://127.0.0.1:2000/r/", host: "web1.olympiccode.net", referrer: "https://web1.olympiccode.net/r"

这是我的配置:

user www-data;
worker_processes 1;
pid /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    send_timeout 1800;
    sendfile        on;
    keepalive_timeout  6500;

    ssl_certificate      server.crt;
    ssl_certificate_key  server.key;
    ssl_session_timeout  5m;
    ssl_protocols        SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;


server {
    listen       80;
    server_name  web1.olympiccode.net;
    return 200 "hi";
}
# HTTPS server

server {
    listen       443 ssl;
    server_name  web1.olympiccode.net;
    root /usr/share/nginx/html;
    ssl on;
    location / {
     try_files $uri $uri/ =404;
    }
    location /r/ {
      auth_basic "RethinkDB - Web Panel";
      auth_basic_user_file /etc/nginx/.rethinkdb.pass;
      proxy_pass          http://localhost:2000;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
    location /status/ {
      proxy_pass          http://localhost:19999;
      proxy_set_header    Host             $host;
      proxy_set_header    X-Real-IP        $remote_addr;
      proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
      proxy_set_header    X-Client-Verify  SUCCESS;
      proxy_set_header    X-Client-DN      $ssl_client_s_dn;
      proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
      proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
      proxy_read_timeout 1800;
      proxy_connect_timeout 1800;
    }
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

0 个答案:

没有答案