nginx 反向代理,错误信息是这个,怎么解决

[复制链接]
查看: 1950   回复: 7
发表于 2023-12-27 15:45:18 | 显示全部楼层 |阅读模式
配置文件是下面的。server {
    listen       8011;
    server_name 127.0.0.1;
    location / {
    proxy_pass https://imagedelivery.net;
    proxy_set_header X-Forwarded-Host $host;
             proxy_set_header X-Forwarded-Server $host;
             proxy_set_header  Host  $host;
            proxy_set_header  X-real-ip $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}



error.log 是下面的。

2022/02/16 19:54:53 [error] 3689#3689: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.2.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.2.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [error] 3689#3689: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.3.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.3.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [error] 3689#3689: *1 connect() to [2606:4700::6812:224]:443 failed (101: Network is unreachable) while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:224]:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:224]:443/", host: "打码:8011"
2022/02/16 19:54:53 [error] 3689#3689: *1 connect() to [2606:4700::6812:324]:443 failed (101: Network is unreachable) while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:324]:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:324]:443/", host: "打码:8011"
回复

使用道具 举报

发表于 2023-12-27 15:46:01 | 显示全部楼层
感觉是没设置 ssl name
回复 支持 反对

使用道具 举报

发表于 2023-12-27 15:46:40 | 显示全部楼层
加一个
  1. proxy_ssl_server_name on;proxy_ssl_name $host;
复制代码
回复 支持 反对

使用道具 举报

发表于 2023-12-27 15:47:09 | 显示全部楼层
目测是cloudflare的ssl选项得切换到flexible
回复 支持 反对

使用道具 举报

发表于 2023-12-27 15:47:50 | 显示全部楼层
跟上游的服务器通讯失败,估计不是这两段配置文件的问题吧。

3楼提到的 proxy_ssl_server_name on 可能在有些情况下有用,遇到过一回,楼主不妨试下。
回复 支持 反对

使用道具 举报

发表于 2023-12-27 15:48:29 | 显示全部楼层
设置了,错误一样
回复 支持 反对

使用道具 举报

发表于 2023-12-27 15:49:17 | 显示全部楼层
知道了,不能设置$host 要手动设置cf的那个域名。
回复 支持 反对

使用道具 举报

发表于 2023-12-27 15:50:01 | 显示全部楼层
  1. proxy_set_header  Host  $host;
复制代码

你这么写的话,就会用 127.0.0.1 去请求 Host

所以你得改成
  1. proxy_set_header  Host  imagedelivery.net;
复制代码
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则