我正在尝试使用nginx作为反向代理来向应用程序发送流量,其工作方式如下
NGINX-> AWS-NLB-> AWS-ELB->应用程序。
AWS NLB和ELB负载平衡器仅侦听TCP端口443,并且没有任何证书,应用程序具有自签名证书。
我配置了基于路径的路由,有些将到达S3,有些将到达应用程序。对于S3来说,它工作正常,但是当我尝试发送到我的应用程序时,却遇到502错误的网关,这就是我在错误日志中找到的内容
[error] 12256#12256: *16 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 54.254.192.230, server: rpinternet-7efda53723206039.elb.us-east-1.amazonaws.com, request: "GET / HTTP/1.1", upstream: "https://10.23.6.67:443/", host: "rpinternet-7efda53723206039.elb.us-east-1.amazonaws.com"
下面是我的配置文件。
server {
listen 443;
server_name rpinternet-7efda53723206039.elb.us-east-1.amazonaws.com;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/jenkins.access.log;
location / {
proxy_pass https://cfinternal-d221bb72d9da80c9.elb.us-east-1.amazonaws.com;
}
location /spservice {
proxy_pass http://ui-service.s3-website-us-east-1.amazonaws.com/service;
}
}
我尝试添加proxy_ssl_server_name;在此之后,就开始出现以下错误。
HTTP/1.1 426 Upgrade Required
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 18 Nov 2019 09:48:33 GMT
Content-Length: 0
Connection: keep-alive