nginx 配置 https 502错误

在配置 express 项目中配置 https 时, 遇到了 502 错误, 日志如下:

2017/02/06 17:23:35 [error] 4831#0: *49 connect() failed (111: Connection refused) while connecting to upstream, client: 101.67.136.202, server: www.xxxx.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8000/", host: "xxxx.com"

node.js(模板代码修改了关于https的部分)

var app = require('../app');
var debug = require('debug')('socket:server');
var fs = require('fs');
var https = require('https');

var keyPath = 'ssl/ca.key';
var certPath = 'ssl/ca.pem';

var hskey = fs.readFileSync(keyPath);
var hscert = fs.readFileSync(certPath);

var port = normalizePort(process.env.PORT || '8000');
app.set('httpsport', port);

var server = https.createServer({
  key: hskey,
  cert: hscert
}, app)

var io = require('socket.io')(server)

io.sockets.on('connection', function (socket) {
  socket.on('join', function () {
    console.log('joined')
  })
})

server.listen(port);

nginx 配置

upstream nodejs__upstream {
        server 127.0.0.1:8000;
        keepalive 64;
}
server {
        listen 443 ssl;
        ssl_certificate "/etc/nginx/cert/ca.pem";
        ssl_certificate_key "/etc/nginx/cert/ca.key";
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        server_name www.xxxx.com xxxx.com;
        access_log /root/nginx.log;
        location / {
                proxy_set_header   X-Real-IP            $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_set_header   Host                   $http_host;
                proxy_set_header   X-NginX-Proxy    true;
                proxy_set_header   Connection "";
                proxy_http_version 1.1;
                proxy_pass         https://nodejs__upstream;
        }
}
server {
   listen 80;
   server_name xxxx.com;
   return 301 https://$server_name$request_uri;
}

还有一个事情挺怪的,这套配置再本地是没有问题的, 但是在线上是502错误.
去 stackoverflow 上转了一圈也没有找到对症的方法, T_T

add:

netstat -nptl 运行结果:

图片描述

阅读 8.3k
2 个回答

nginx 连不上你的 nodejs 程序。你 netstat -nptl 看一下它在监听吗?

这套配置再本地是没有问题的

那有问题的是哪里?

PS:

proxy_set_header Connection "";

这是想干嘛?

PPS: nodejs 在本地,不需要再使用 HTTPS 了。加密了再给 nginx 解密没意义,只是浪费 CPU。

执行getenforce看下是不是返回Enforcing,如果是,就关掉selinux

setenforce 0
sed -i 's/enforcing$/disabled/g' /etc/selinux/config
撰写回答
你尚未登录,登录后可以
  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进
推荐问题