Configurando o proxy reverso Nginx: resolvendo problema de gateway inválido

tag-icon tag-icon nginx reverse-proxy gateway 502-error 502
Configurando o proxy reverso Nginx: resolvendo problema de gateway inválido

Estou tentando configurar um proxy reverso Nginx que deve ser acessível de outro servidor. O objetivo é redirecionar solicitações para um ambiente de teste upstream. A conexão requer um certificado e uma chave, ambos validados com sucesso.

Executando o comando

curl -E ./test.crt --key ./test.key https://example.com/agent_ws-SOF46 -v -L

resulta em uma conexão bem-sucedida.

No entanto, quando tento executar

curl -L http://192.168.20.222/mun/s/agent_ws-SOF46/ -v

de um servidor de desenvolvimento interno diferente, encontro umgateway ruimresposta. Observe que o endereço IP 192.168.20.220 corresponde ao endereço IP interno do servidor Nginx.

O arquivo de configuração que estou usando é o seguinte:

location /mun/s{
    rewrite ^/mun/s/(.*) /$1 break;
    proxy_ssl_server_name on;
    proxy_ssl_certificate /etc/nginx/certs/test.crt;
    proxy_ssl_certificate_key /etc/nginx/certs/test.key;
    proxy_pass https://example.com/;
    error_log /var/log/nginx/mun-s.log debug;
}

Link para o arquivo error.log:clique

2023/08/28 09:41:33 [debug] 19161#0: *15114 http cl:-1 max:104857600
2023/08/28 09:41:33 [debug] 19161#0: *15114 rewrite phase: 3
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446922800:4096 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex: "^/mun/s/(.*)"
2023/08/28 09:41:33 [notice] 19161#0: *15114 "^/mun/s/(.*)" matches "/mun/s/agent_ws-SOF46", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "/"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script capture: "agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex end
2023/08/28 09:41:33 [notice] 19161#0: *15114 rewritten data: "/agent_ws-SOF46", args: "", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 post rewrite phase: 4
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 5
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 6
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 7
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 8
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 9
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 10
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 11
2023/08/28 09:41:33 [debug] 19161#0: *15114 post access phase: 12
2023/08/28 09:41:33 [debug] 19161#0: *15114 http init upstream, client timer: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add event: fd:20 op:3 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Host: "
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script var: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Connection: close
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "User-Agent: curl/7.29.0"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "Accept: */*"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header:
"GET /agent_ws-SOF46 HTTP/1.0
Host: example.com
Connection: close
User-Agent: curl/7.29.0
Accept: */*
 
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http cleanup add: 000055F446923098
2023/08/28 09:41:33 [debug] 19161#0: *15114 get rr peer, try: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 stream socket 23
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add connection: fd:23 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 connect to 217.145.175.7:443, fd:23 #15115
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream connect: -2
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446A570D0:128 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 http finalize request: -4, "/agent_ws-SOF46?" a:1, c:2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http request count:2 blk:0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http run request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream check client, write event:1, "/agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469DFCE0:72
2023/08/28 09:41:33 [debug] 19161#0: *15114 upstream SSL server name: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 set session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 tcp_nodelay
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2023/08/28 09:41:33 [debug] 19161#0: *15114 save session: 000055F4469AB3D0
2023/08/28 09:41:33 [debug] 19161#0: *15114 old session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request body
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer buf fl:1 s:110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer in: 000055F4469230E8
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469EC560:80
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F44692E570:16384
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL buf copy: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL to write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer out: 0000000000000000
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer del: 23: 1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953455
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469BE300:4096
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_get_error: 5
2023/08/28 09:41:43 [debug] 19161#0: *15114 peer shutdown SSL cleanly
2023/08/28 09:41:43 [error] 19161#0: *15114 upstream prematurely closed connection while reading response header from upstream, client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", upstream: "https://1.1.1.1:443/agent_ws-SOF46", host: "localhost"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http next upstream, 2
2023/08/28 09:41:43 [debug] 19161#0: *15114 free rr peer 1 4
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http upstream request: 502
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http proxy request
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_shutdown: 1
2023/08/28 09:41:43 [debug] 19161#0: *15114 close http upstream connection: 23
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F44692E570
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469EC560
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469DFCE0
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F446A570D0, unused: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 event timer del: 23: 1693204953455
2023/08/28 09:41:43 [debug] 19161#0: *15114 reusable connection: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 http finalize request: 502, "/agent_ws-SOF46?" a:1, c:1
2023/08/28 09:41:43 [debug] 19161#0: *15114 http special response: 502, "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 internal redirect: "/50x.html?"

Tenha em mente que mudei o endereço IP e o nome DNS do servidor upstream propositalmente com servidores fictícios, mas eles foram testados e estão funcionando. Existem outras configurações de proxy reverso neste servidor e elas estão funcionando atualmente. Este foi feito de maneira semelhante a eles.

Editar: o servidor upstream também parece estar redirecionando para outra coisa (outro URL interno), já que a resposta do curl é 302. Suspeito que haja algo acontecendo com o redirecionamento que o servidor upstream está fazendo. É possível que a sessão SSL previamente estabelecida esteja quebrada, mas não tenho certeza e ainda é uma especulação.

informação relacionada