nginx에 관해 질문이 있습니다. nginx를 통해 역방향 프록시를 만들었습니다. Letscrypt를 사용하여 SSL 암호화를 활성화합니다. 모든 것이 잘 작동하고 클라이언트의 모든 요청은 지정된 업스트림 원본 서버로 전송됩니다. 가끔 난 실수를 해
502 Chrome 브라우저의 잘못된 게이트웨이 nginx/1.16.1.
nginx error.log를 확인했는데 오류는 다음과 같습니다.
SSL 핸드셰이크 104에서 피어에 의해 연결이 닫혔습니다. 피어가 업스트림과의 SSL 핸드셰이크 중에 연결을 재설정했습니다.
모든 제안을 검색하고 테스트했습니다. 이 오류는 여전히 가끔 발생합니다.
example.com.conf:
upstream example_com {
server 50.90.20.70:443 max_fails=10 fail_timeout=60s;
}
server {
server_name *.example_com;
location / {
#proxy_ssl_server_name on;
proxy_pass https://example_com ;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Accept-Encoding "";
proxy_set_header Host "example.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
add_header 'host' "$host";
add_header Strict-Transport-Security "max-age=31536000";
proxy_redirect off;
proxy_buffering on;
proxy_cache off;
proxy_cache_valid 200 4h;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#proxy_ssl_verify on;
#proxy_ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#ssl_ecdh_curve secp384r1:prime256v1;
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
}
server_name example.com;
listen 80;
return 404;
}
nginx.conf:
user nginx;
worker_processes 6;
worker_rlimit_nofile 5000;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1000;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=STATIC:10m
inactive=1h max_size=950g;
log_format main '$host'
access_log /var/log/nginx/access.log main;
sendfile off;
tcp_nopush on;
#server_names_hash_max_size: 512;
server_names_hash_bucket_size 128;
keepalive_timeout 65;
large_client_header_buffers 4 32k;
client_max_body_size 100M;
proxy_no_cache $cookie_nocache $arg_nocache$arg_comment $http_x_no_cache;
proxy_no_cache $http_pragma $http_authorization;
proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
proxy_cache_bypass $http_pragma $http_authorization $http_x_no_cache ;
proxy_ssl_server_name on;
#gzip on;
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml applicati$
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# include /etc/nginx/conf.d/*.conf;
server {
error_page 500 502 503 504 /error503.html;
location = /error503.html {
root /usr/share/nginx/html;
internal;
}
}
include /etc/nginx/conf.d/*.conf;
}