내 웹사이트의 특정 링크가 "502 Bad Gateway" 오류로 이어진다는 것을 방금 깨달았습니다. 예를 들어,https://v2a.10studio.tech/10studio/auth/google,https://v2a.10studio.tech/auth/google,https://v2a.10studio.tech/10studio/auth/microsoft,https://v2a.10studio.tech/auth/microsoft. 나는 그 링크가 몇 주 전에 작동했다고 확신합니다. 무슨 일이 일어났는지 모르겠습니다.
웹 사이트https://v2a.10studio.tech/아직 일하고 있어요.https://v2a.10studio.tech/#/sign?next=/클릭하면 깨진 링크로 연결되는 버튼이 포함되어 있습니다.
여기 있습니다 docker-compose.yml
:
version: "3"
services:
frontend:
restart: unless-stopped
image: staticfloat/nginx-certbot
ports:
- 80:80/tcp
- 443:443/tcp
environment:
CERTBOT_EMAIL: [email protected]
volumes:
- ./conf.d:/etc/nginx/user.conf.d:ro
- letsencrypt:/etc/letsencrypt
10studio:
image: bitnami/nginx:1.16
restart: always
volumes:
- ./build:/app
- ./default.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro
- ./configs/config.prod.js:/app/lib/config.js
depends_on:
- frontend
volumes:
letsencrypt:
networks:
default:
external:
name: 10studio
그리고 conf.d/v2.conf
:
gzip on;
gzip_proxied any;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/jpeg image/png image/svg+xml image/x-icon;
upstream funfun {
server www.funfun.io:443;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/v2a.10studio.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/v2a.10studio.tech/privkey.pem;
server_name v2a.10studio.tech;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options "";
location ~ /socialLoginSuccess {
rewrite ^ '/#/socialLoginSuccess' redirect;
}
location ~ /auth/(.*) {
proxy_pass https://funfun/10studio/auth/$1?$query_string;
proxy_set_header Host v2a.10studio.tech;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass http://10studio:8080/;
# These three lines added as per https://github.com/socketio/socket.io/issues/1942 to remove socketio error
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
누구든지 도와줄 수 있나요?
추신: 몇 주 전에 CloudFlare에서 funfun.io에 대한 일부 설정(특히 SSL 인증서)을 변경했는데 관련이 있는지는 모르겠습니다. 이 Proxy status
( DNS only
또는 Proxied
)이 영향을 미치는지 모르겠습니다 .
편집 1:다음은 몇 가지 도커 로그입니다.
2020-08-18T20:19:15.667934708Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.153.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.667995550Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.153.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.738088121Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.152.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.738135701Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.152.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.803843403Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://172.67.193.92:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.803890220Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://172.67.193.92:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.803908241Z 176.144.215.193 - - [18/Aug/2020:20:19:15 +0000] "GET /auth/github HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" "-"
2020-08-18T20:19:21.284333260Z 2020/08/18 20:19:21 [error] 42#42: *310 no live upstreams while connecting to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /10studio/auth/github HTTP/1.1", upstream: "https://funfun/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:21.285121395Z 176.144.215.193 - - [18/Aug/2020:20:19:21 +0000] "GET /10studio/auth/github HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" "-"
답변1
이 오류는 SSL alert number 40
SNI가 필요한 HTTPS 사이트에 연결을 시도했지만 SNI 호스트 이름을 보내지 않았음을 의미합니다.
이름이 인 서버 로 proxy_pass
시작하는 요청을 시도하고 있습니다 . 하지만 이 사이트는 CloudFlare에서 호스팅되므로 SNI가 HTTPS로 연결해야 합니다. 불행하게도 나가는 업스트림 HTTPS 연결에 대한 nginx의 SNI 지원은 기본적으로 비활성화되어 있습니다(이유는 상상할 수 없습니다). 을 사용하여 업스트림으로 나가는 연결을 위해 SNI를 명시적으로 활성화해야 합니다 . 이는 전체 구성에서 시도된 모든 것에 적용되도록 컨텍스트 에서 설정하거나 필요한 특정 s에만 배치할 수 있습니다 ./auth/
upstream
www.funfun.io
proxy_ssl_server_name on;
http
proxy_pass
location