我在 Cloudflare 的 Pages 上部署了 github 的项目,默认域名是.dev 的,于是我绑定了一个在 cloudflare 上托管的域名,假设是 abc.com ,项目解析的是 pj.abc.com ,我访问 pj.abc.com 的时候是 reset ,因为长城的原因,我只能使用 VPN ,但这不是一个好办法,于是我找到了一台能够翻墙的 Linux 服务器,使用 nginx 对这个域名进行反向代理,但是似乎访问时会报 502 ,这个是啥问题引起的?
server {
listen 6659;
server_name pj.123.com;
access_log /var/nginx/logs/http_proxy_access.log main;
error_log /var/nginx/logs/http_proxy_error.log debug;
if ($host ~* "^pj.123.com$") {
rewrite ^/(.*)$ https://pj.123.com:7956$request_uri permanent;
}
}
server {
listen 7956 ssl;
server_name pj.123.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/nginx/logs/https_proxy_access.log main;
error_log /data/nginx/logs/https_proxy_error.log debug;
gzip on;
gzip_comp_level 9;
gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml;
charset utf-8;
ssl_certificate /etc/sssl_cert/pj.123.com.crt;
ssl_certificate_key /etc/ssl_cert/pj.123.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://pj.abc.com;
proxy_connect_timeout 30;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Connection "upgrade";
#proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
}
}
我看了下日志,似乎是报 SSL 的问题
2025/08/08 03:46:46 [error] 22#22: *7 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [warn] 22#22: *7 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [error] 22#22: *7 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [warn] 22#22: *7 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [error] 22#22: *7 no live upstreams while connecting to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/"
 |
1
ChicC 25 天前
proxy_set_header Host pj.abc.com;
|
 |
2
StephenJoseDai OP @ChicC 后面我也加了,也还是 502
|
|
3
StephenJoseDai OP @ChicC location 部分现在是这样
location / { proxy_pass https://pj.abc.com; proxy_set_header Host pj.abc.com; proxy_ssl_server_name on; } |
 |
4
ankikong 25 天前
proxy pass 放到最下面
|
|
5
ankikong 25 天前
上面再加个 proxy_ssl_name pm.abc.com
|
|
6
ChicC 24 天前
proxy_pass https://pj.abc.com;
proxy_set_header Host pj.abc.com; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ssl_server_name on; |
|
7
ChicC 24 天前 via iPhone
或者你反代默认的那个 dev 域名
|
|
8
StephenJoseDai OP 试了你俩的,好像还是 502 ,反向代理 dev 那个也一样
2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956" 2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956" 2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956" 2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956" 2025/08/08 19:51:03 [error] 22#22: *1 no live upstreams while connecting to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/" server { listen 7956 ssl; server_name pj.123.com; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log /data/nginx/logs/https_pj_access.log main; error_log /data/nginx/logs/https_pj_error.log debug; #gzip on; #gzip_comp_level 9; #gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml; charset utf-8; ssl_certificate /data/ssl_cert/pj.123.com.crt; ssl_certificate_key /data/ssl_cert/pj.123.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location / { proxy_set_header Host pj.abc.com; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ssl_server_name on; proxy_ssl_name pj.abc.com; proxy_pass https://pj.abc.com; } } |
|
9
StephenJoseDai OP 哦,好像是缓存,为啥反向代理 dev 就可以,反代自己的域名就不行啊?
|
Select Language