Nginx下https反向代理转发无效问题

2020-11-17  本文已影响0人  食梦狸猫

在nginx下起一个https服务器用作另一个http服务器的代理,配置文件为:

server {
        listen       4430 ssl;
        server_name  192.168.10.151 localhost;

        ssl_certificate      /usr/local/nginx/cert/cert.pem;
        ssl_certificate_key  /usr/local/nginx/cert/cert.key;

        location / {
                proxy_pass http://localhost:8019;
        }
    }


server {
                listen       8019;
                server_name  127.0.0.1 localhost;

                location / {
                     root   /usr/local/nginx/html/admin;
                     index  index.html index.htm;
                }

测试的时候,查看error日志发现报错,如下:

2020/11/17 09:08:01 [error] 20010#0: *555 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.10.134, server: 192.168.10.151, request: "GET / HTTP/1.1", upstream: "http://[::1]:8019/", host: "192.168.10.151:4430"
2020/11/17 09:23:39 [notice] 20821#0: signal process started
2020/11/17 09:24:08 [error] 20822#0: *601 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.10.134, server: 192.168.10.151, request: "GET / HTTP/1.1", upstream: "http://[::1]:8019/", host: "192.168.10.151:4430"

基本上全是connect failed的信息。去网上搜索一番,发现upstream中[::1]是ipv6的地址,linux下输入命令ip address 查看,确实本机开启了ipv6的地址

link/ether 52:54:00:21:1e:2d brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.151/24 brd 192.168.10.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e856:db72:3ac7:fc2b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

所以请求是转发到ipv6的http服务去了,当然会connect failed了。所以配置文件修改为

server {
        listen       4430 ssl;
        server_name  192.168.10.151 localhost;

        ssl_certificate      /usr/local/nginx/cert/cert.pem;
        ssl_certificate_key  /usr/local/nginx/cert/cert.key;

        location / {
                proxy_pass http://127.0.0.1:8019;
        }
    }

显示指明为ipv4地址

但是此时请求还是没被转发,到error日志和access日志查看,都没有什么消息。后来在chrome上面调试才发现请求都被chrome屏蔽了(因为网站证书不是受信任的证书,请求会被chrome默认屏蔽掉)

需要到chrome设置里配置一下

设置--->隐私设置和安全性--->不安全内容--->允许

然后刷新页面后,就可以正常访问网站了。

上一篇下一篇

猜你喜欢

热点阅读