Configuración del proxy inverso de Nginx: resolución del problema de puerta de enlace incorrecta

tag-icon tag-icon nginx reverse-proxy gateway 502-error 502
Configuración del proxy inverso de Nginx: resolución del problema de puerta de enlace incorrecta

Estoy intentando configurar un proxy inverso de Nginx al que se debería poder acceder desde otro servidor. El propósito es redirigir las solicitudes a un entorno de prueba ascendente. La conexión requiere un certificado y una clave, los cuales he validado exitosamente.

Ejecutando el comando

curl -E ./test.crt --key ./test.key https://example.com/agent_ws-SOF46 -v -L

resulta en una conexión exitosa.

Sin embargo, cuando intento ejecutar

curl -L http://192.168.20.222/mun/s/agent_ws-SOF46/ -v

desde un servidor de desarrollo interno diferente, me encuentro con unmala puerta de entradarespuesta. Tenga en cuenta que la dirección IP 192.168.20.220 corresponde a la dirección IP interna del servidor Nginx.

El archivo de configuración que estoy usando es el siguiente:

location /mun/s{
    rewrite ^/mun/s/(.*) /$1 break;
    proxy_ssl_server_name on;
    proxy_ssl_certificate /etc/nginx/certs/test.crt;
    proxy_ssl_certificate_key /etc/nginx/certs/test.key;
    proxy_pass https://example.com/;
    error_log /var/log/nginx/mun-s.log debug;
}

Enlace al archivo error.log:hacer clic

2023/08/28 09:41:33 [debug] 19161#0: *15114 http cl:-1 max:104857600
2023/08/28 09:41:33 [debug] 19161#0: *15114 rewrite phase: 3
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446922800:4096 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex: "^/mun/s/(.*)"
2023/08/28 09:41:33 [notice] 19161#0: *15114 "^/mun/s/(.*)" matches "/mun/s/agent_ws-SOF46", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "/"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script capture: "agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex end
2023/08/28 09:41:33 [notice] 19161#0: *15114 rewritten data: "/agent_ws-SOF46", args: "", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 post rewrite phase: 4
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 5
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 6
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 7
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 8
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 9
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 10
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 11
2023/08/28 09:41:33 [debug] 19161#0: *15114 post access phase: 12
2023/08/28 09:41:33 [debug] 19161#0: *15114 http init upstream, client timer: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add event: fd:20 op:3 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Host: "
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script var: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Connection: close
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "User-Agent: curl/7.29.0"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "Accept: */*"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header:
"GET /agent_ws-SOF46 HTTP/1.0
Host: example.com
Connection: close
User-Agent: curl/7.29.0
Accept: */*
 
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http cleanup add: 000055F446923098
2023/08/28 09:41:33 [debug] 19161#0: *15114 get rr peer, try: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 stream socket 23
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add connection: fd:23 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 connect to 217.145.175.7:443, fd:23 #15115
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream connect: -2
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446A570D0:128 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 http finalize request: -4, "/agent_ws-SOF46?" a:1, c:2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http request count:2 blk:0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http run request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream check client, write event:1, "/agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469DFCE0:72
2023/08/28 09:41:33 [debug] 19161#0: *15114 upstream SSL server name: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 set session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 tcp_nodelay
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2023/08/28 09:41:33 [debug] 19161#0: *15114 save session: 000055F4469AB3D0
2023/08/28 09:41:33 [debug] 19161#0: *15114 old session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request body
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer buf fl:1 s:110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer in: 000055F4469230E8
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469EC560:80
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F44692E570:16384
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL buf copy: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL to write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer out: 0000000000000000
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer del: 23: 1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953455
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469BE300:4096
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_get_error: 5
2023/08/28 09:41:43 [debug] 19161#0: *15114 peer shutdown SSL cleanly
2023/08/28 09:41:43 [error] 19161#0: *15114 upstream prematurely closed connection while reading response header from upstream, client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", upstream: "https://1.1.1.1:443/agent_ws-SOF46", host: "localhost"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http next upstream, 2
2023/08/28 09:41:43 [debug] 19161#0: *15114 free rr peer 1 4
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http upstream request: 502
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http proxy request
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_shutdown: 1
2023/08/28 09:41:43 [debug] 19161#0: *15114 close http upstream connection: 23
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F44692E570
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469EC560
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469DFCE0
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F446A570D0, unused: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 event timer del: 23: 1693204953455
2023/08/28 09:41:43 [debug] 19161#0: *15114 reusable connection: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 http finalize request: 502, "/agent_ws-SOF46?" a:1, c:1
2023/08/28 09:41:43 [debug] 19161#0: *15114 http special response: 502, "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 internal redirect: "/50x.html?"

Tenga en cuenta que cambié la dirección IP y el nombre DNS del servidor ascendente a propósito con otros ficticios, pero se han probado y funcionan. Hay otras configuraciones de proxy inverso en este servidor y actualmente están funcionando. Éste se hizo de manera similar a ellos.

Editar: El servidor ascendente también parece estar redireccionando a otra cosa (otra URL interna) ya que la respuesta de curl es 302. Sospecho que está sucediendo algo con la redirección que está haciendo el servidor ascendente. Es posible que la sesión SSL previamente establecida se esté rompiendo, pero no estoy del todo seguro y sigue siendo una especulación.

información relacionada