我遇到了这个错误:
前端错误:502 Bad gateway
99.110.244:443
2017/09/28 13:03:51 [error] 34080#34080: *1062 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.210.0.81, server: webshop.domain.be, request: "GET / HTTP/1.1", upstream: "https://10.1.10.61:443/", host: "webshop.domain.be"
配置:
# Zone voor connection logging
limit_conn_zone $binary_remote_addr zone=izSSL_webshop-api_CZ:10m;
# Zone voor rate logging
# Hoge rate limit. x r/s is soms wat snel
# 10 MB (10m) will give us enough space to store a history of 160k requests.
limit_req_zone $binary_remote_addr zone=izSSL_webshop-api_RZ:10m rate=20r/s;
upstream webshop_domain_be {
server webshop.domain.be:443;
}
server {
listen 443 ssl;
server_name webshop.domain.be webshop;
client_max_body_size 80M;
ssl_session_cache shared:webshopSSL:1m;
ssl_session_timeout 10m;
ssl_certificate /var/www/certs/webshop.domain.be/webshop.domain.be-chain.pem;
ssl_certificate_key /var/www/certs/webshop.domain.be/webshop.domain.be-key.pem;
ssl_verify_client off;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_ssl_session_reuse off;
proxy_pass $scheme://webshop_domain_be;
}
}
nginx版本:nginx/1.10.3 (Ubuntu)
另一个服务器(10.1.10.61)是一个IIS服务器,使用与我在此代理中使用的相同的证书(对吗?)。这不是IIS的问题;代理服务器可以访问10.1.10.61 / 端口443。
基于https://serverfault.com/questions/583374/configure-nginx-as-reverse-proxy-with-upstream-ssl的配置。
我正在使用Let's Encrypt证书。
webshop.domain.be:443
更改为实际 IP。并使用proxy_ssl_name "webshop.domain.be"
。如果这样不起作用,请尝试添加proxy_ssl_server_name on;
- Tarun Lalwaniproxy_ssl_server_name
,这样我就可以记录答案了。 - Tarun Lalwani