El equilibrador de carga de Nginx muestra páginas HTTPS incompletas

El equilibrador de carga de Nginx muestra páginas HTTPS incompletas

Tengo que configurar un servidor NGINX para poder equilibrar la carga de 2 o más sitios web https.

Escribí este código:

user  nginx;
#worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

#    sendfile        on;
#tcp_nopush     on;

#    keepalive_timeout  65;

        upstream servers_mito {
                least_conn;
                #server 10.200.0.43:801 max_fails=3 fail_timeout=30s;
                server 10.200.0.43:443 max_fails=3 fail_timeout=30s;
                #server 10.200.0.70:801 max_fails=3 fail_timeout=30s;
                server 10.200.0.141:443 max_fails=3 fail_timeout=30s;
                              }


server {
                        #listen       80;
                        listen 443 ssl;
                        #ssl on;
                        ssl_certificate         /etc/nginx/ssl/proxy1/server.crt;
                        ssl_certificate_key     /etc/nginx/ssl/proxy1/server.key;
                        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
                        server_name  proxy1;
                        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                        ssl_prefer_server_ciphers on;
                        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#                   access_log   logs/domain2.access.log  main;

location / {
                proxy_pass      https://servers_mito;
                proxy_max_temp_file_size 0;
                #proxy_set_header Host $host;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_ssl_server_name on;
                }

location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
#        allow 10.200.0.111;
        allow 10.5.1.101;
         deny all;
}
}
#location / {
#        root   /usr/share/nginx/html;
#        index  index.html index.htm;
#    }
    }

Los 2 servidores que estoy usando en este ejemplo son: 10.200.0.43 --> Spacewalk 10.200.0.141 --> Ansible

Si navego por esos sitios directamente, no hay problemas, los sitios están bien y son navegables. Si paso por NGINX los sitios están incompletos y no funcionan: inútiles, inutilizables, como se puede ver en las imágenes:

paseo espacial ansible1 ansible2

Este es el archivo de acceso:

10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /rhn/Login.do HTTP/1.1" 404 3360 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 5086 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/api/api.css?v=3.0.2 HTTP/1.1" 200 7442 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 200 1132 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/csrf.js HTTP/1.1" 200 1832 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/css/prettify.css HTTP/1.1" 404 5086 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/bootstrap.min.js HTTP/1.1" 200 36816 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/prettify-min.js HTTP/1.1" 200 13632 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/default.js HTTP/1.1" 200 1760 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/api/api.js?v=3.0.2 HTTP/1.1" 200 3145 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/assets/main_menu_logo.png HTTP/1.1" 200 6359 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/ajax-form.js HTTP/1.1" 404 5092 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/jquery-1.11.3.min.js HTTP/1.1" 200 95957 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/rest_framework/js/ajax-form.js HTTP/1.1" 404 5092 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"
10.5.1.101 - - [04/Sep/2018:17:38:36 +0200] "GET /static/assets/favicon.ico?v=3.0.2 HTTP/1.1" 200 15086 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" "-"

Mientras que el error.log:

2018/09/04 17:38:36 [warn] 17259#17259: *243 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 10.5.1.101, server: proxy1, request: "GET /static/rest_framework/js/jquery-1.11.3.min.js HTTP/1.1", upstream: "https://10.200.0.141:443/static/rest_framework/js/jquery-1.11.3.min.js", host: "10.200.0.69", referrer: "https://10.200.0.69/rhn/Login.do"`

¿Puedes decirme qué estoy haciendo mal?

ps: si redirecciono en http funciona bien


Agregué esas líneas en el bloque http, pero lamentablemente nada cambió:

10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /rhn/Login.do HTTP/1.1" 400 3374 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/js/prettify-min.js HTTP/1.1" 200 13632 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:01 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 404 8394 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET / HTTP/1.1" 400 3350 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET /static/rest_framework/css/default.css HTTP/1.1" 200 1132 "https://10.200.0.69/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:27:05 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET / HTTP/1.1" 302 217 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET /rhn/Login.do HTTP/1.1" 400 3374 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
10.5.1.101 - - [05/Sep/2018:12:28:23 +0200] "GET /static/rest_framework/css/bootstrap.min.css HTTP/1.1" 404 8402 "https://10.200.0.69/rhn/Login.do" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"

página incompleta

¿Crees que es correcto poner el número de puerto en el parámetro del servidor?

upstream servers_mito {
least_conn;
#server 10.200.0.43:801 max_fails=3 fail_timeout=30s;
server 10.200.0.43**:443** max_fails=3 fail_timeout=30s;
#server 10.200.0.70:801 max_fails=3 fail_timeout=30s;
server 10.200.0.141**:443** max_fails=3 fail_timeout=30s;
    }

Y luego escribe httpsen el bloque de ubicación?

location / {
                proxy_pass      https://servers_mito;
proxy_max_temp_file_size 0;

Respuesta1

Debe establecer explícitamente el client_max_body_sizeparámetro en 0(ilimitado) en lugar del valor implícito de 1M:

http {
  . . . . .
  client_max_body_size            0;
  client_body_timeout             180;
  send_timeout                    180;
  proxy_send_timeout              180;
  proxy_read_timeout              180;
  . . . . .

información relacionada