El equilibrador de carga de Nginx muestra páginas HTTPS incompletas

tag-icon tag-icon nginx reverse-proxy https
El equilibrador de carga de Nginx muestra páginas HTTPS incompletas

Tengo que configurar un servidor NGINX para poder equilibrar la carga de 2 o más sitios web https.

Escribí este código:

user  nginx;
#worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

#    sendfile        on;
#tcp_nopush     on;

#    keepalive_timeout  65;

        upstream servers_mito {
                least_conn;
                #server 10.200.0.43:801 max_fails=3 fail_timeout=30s;
                server 10.200.0.43:443 max_fails=3 fail_timeout=30s;
                #server 10.200.0.70:801 max_fails=3 fail_timeout=30s;
                server 10.200.0.141:443 max_fails=3 fail_timeout=30s;
                              }


server {
                        #listen       80;
                        listen 443 ssl;
                        #ssl on;
                        ssl_certificate         /etc/nginx/ssl/proxy1/server.crt;
                        ssl_certificate_key     /etc/nginx/ssl/proxy1/server.key;
                        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
                        server_name  proxy1;
                        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                        ssl_prefer_server_ciphers on;
                        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#                   access_log   logs/domain2.access.log  main;

location / {
                proxy_pass      https://servers_mito;
                proxy_max_temp_file_size 0;
                #proxy_set_header Host $host;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_ssl_server_name on;
                }

location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
#        allow 10.200.0.111;
        allow 10.5.1.101;
         deny all;
}
}
#location / {
#        root   /usr/share/nginx/html;
#        index  index.html index.htm;
#    }
    }

Los 2 servidores que estoy usando en este ejemplo son: 10.200.0.43 --> Spacewalk 10.200.0.141 --> Ansible

Si navego por esos sitios directamente, no hay problemas, los sitios están bien y son navegables. Si paso por NGINX los sitios están incompletos y no funcionan: inútiles, inutilizables, como se puede ver en las imágenes:

paseo espacial ansible1 ansible2

Este es el archivo de acceso:

10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /rhn/Login.do HTTP/1.1" 404 3360 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 5086 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/api/api.css?v=3.0.2 HTTP/1.1" 200 7442 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 200 1132 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/csrf.js HTTP/1.1" 200 1832 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/prettify.css HTTP/1.1" 404 5086 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/bootstrap.min.js HTTP/1.1" 200 36816 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/prettify-min.js HTTP/1.1" 200 13632 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/default.js HTTP/1.1" 200 1760 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/api/api.js?v=3.0.2 HTTP/1.1" 200 3145 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/assets/main_menu_logo.png HTTP/1.1" 200 6359 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/ajax-form.js HTTP/1.1" 404 5092 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/jquery-1.11.3.min.js HTTP/1.1" 200 95957 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/ajax-form.js HTTP/1.1" 404 5092 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/assets/favicon.ico?v=3.0.2 HTTP/1.1" 200 15086 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"

Mientras que el error.log:

2018/09/04 17:38:36 [warn] 17259#17259: *243 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 10.5.1.101, server: proxy1, request: "GET /static/rest_framework/js/jquery-1.11.3.min.js HTTP/1.1", upstream: "https://10.200.0.141:443/static/rest_framework/js/jquery-1.11.3.min.js", host: "10.200.0.69", referrer: "https://10.200.0.69/rhn/Login.do"`

¿Puedes decirme qué estoy haciendo mal?

ps: si redirecciono en http funciona bien

Agregué esas líneas en el bloque http, pero lamentablemente nada cambió:

10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /rhn/Login.do HTTP/1.1" 400 3374 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/js/prettify-min.js HTTP/1.1" 200 13632 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 404 8394 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET / HTTP/1.1" 400 3350 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 200 1132 "https://10.200.0.69/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET / HTTP/1.1" 302 217 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET /rhn/Login.do HTTP/1.1" 400 3374 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"

página incompleta

¿Crees que es correcto poner el número de puerto en el parámetro del servidor?

upstream servers_mito {
least_conn;
#server 10.200.0.43:801 max_fails=3 fail_timeout=30s;
server 10.200.0.43**:443** max_fails=3 fail_timeout=30s;
#server 10.200.0.70:801 max_fails=3 fail_timeout=30s;
server 10.200.0.141**:443** max_fails=3 fail_timeout=30s;
    }

Y luego escribe httpsen el bloque de ubicación?

location / {
                proxy_pass      https://servers_mito;
proxy_max_temp_file_size 0;

Respuesta1

Debe establecer explícitamente el client_max_body_sizeparámetro en 0(ilimitado) en lugar del valor implícito de 1M:

http {
  . . . . .
  client_max_body_size            0;
  client_body_timeout             180;
  send_timeout                    180;
  proxy_send_timeout              180;
  proxy_read_timeout              180;
  . . . . .

información relacionada