首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
StephenJoseDai
V2EX  ›  Cloudflare

Nginx 反向代理 CLoudflare 的 Pages 项目域名出错

  •   
  •   StephenJoseDai · 84 天前 · 1049 次点击
    这是一个创建于 84 天前的主题,其中的信息可能已经有所发展或是发生改变。

    我在 Cloudflare 的 Pages 上部署了 github 的项目,默认域名是.dev 的,于是我绑定了一个在 cloudflare 上托管的域名,假设是 abc.com ,项目解析的是 pj.abc.com ,我访问 pj.abc.com 的时候是 reset ,因为长城的原因,我只能使用 VPN ,但这不是一个好办法,于是我找到了一台能够翻墙的 Linux 服务器,使用 nginx 对这个域名进行反向代理,但是似乎访问时会报 502 ,这个是啥问题引起的?

    server {
    listen 6659;
    server_name pj.123.com;
    access_log /var/nginx/logs/http_proxy_access.log main;
    error_log /var/nginx/logs/http_proxy_error.log debug;
    if ($host ~* "^pj.123.com$") {
        rewrite ^/(.*)$ https://pj.123.com:7956$request_uri permanent;
    }
}

server {
    listen 7956 ssl;
    server_name pj.123.com;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    access_log /var/nginx/logs/https_proxy_access.log main;
    error_log /data/nginx/logs/https_proxy_error.log debug;
    gzip on;
    gzip_comp_level 9;
    gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml;
    charset utf-8;
    ssl_certificate   /etc/sssl_cert/pj.123.com.crt;
    ssl_certificate_key  /etc/ssl_cert/pj.123.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    
    
    location / {

        proxy_pass https://pj.abc.com;
        proxy_connect_timeout 30;
        proxy_read_timeout 60;
        proxy_send_timeout 60;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header Connection "upgrade";
        #proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_server_name on;
    }
}

    我看了下日志,似乎是报 SSL 的问题

    2025/08/08 03:46:46 [error] 22#22: *7 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [warn] 22#22: *7 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [error] 22#22: *7 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [warn] 22#22: *7 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [error] 22#22: *7 no live upstreams while connecting to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/"
  • Nginx
  • SSL
  • 反向代理
    9 条回复    2025-08-08 19:59:56 +08:00
    ChicC
        1
    ChicC  
       84 天前
    proxy_set_header Host pj.abc.com;
    StephenJoseDai
        2
    StephenJoseDai  
    OP
       84 天前
    @ChicC 后面我也加了,也还是 502
    StephenJoseDai
        3
    StephenJoseDai  
    OP
       84 天前
    @ChicC location 部分现在是这样

    location / {
    proxy_pass https://pj.abc.com;
    proxy_set_header Host pj.abc.com;
    proxy_ssl_server_name on;
    }
    ankikong
        4
    ankikong  
       84 天前
    proxy pass 放到最下面
    ankikong
        5
    ankikong  
       84 天前
    上面再加个 proxy_ssl_name pm.abc.com
    ChicC
        6
    ChicC  
       84 天前
    proxy_pass https://pj.abc.com;
    proxy_set_header Host pj.abc.com;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_ssl_server_name on;
    ChicC
        7
    ChicC  
       84 天前 via iPhone
    或者你反代默认的那个 dev 域名
    StephenJoseDai
        8
    StephenJoseDai  
    OP
       84 天前
    试了你俩的,好像还是 502 ,反向代理 dev 那个也一样

    2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
    2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
    2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
    2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
    2025/08/08 19:51:03 [error] 22#22: *1 no live upstreams while connecting to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/"


    server {
    listen 7956 ssl;
    server_name pj.123.com;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    access_log /data/nginx/logs/https_pj_access.log main;
    error_log /data/nginx/logs/https_pj_error.log debug;
    #gzip on;
    #gzip_comp_level 9;
    #gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml;
    charset utf-8;
    ssl_certificate /data/ssl_cert/pj.123.com.crt;
    ssl_certificate_key /data/ssl_cert/pj.123.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    location / {
    proxy_set_header Host pj.abc.com;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_ssl_server_name on;
    proxy_ssl_name pj.abc.com;
    proxy_pass https://pj.abc.com;
    }
    }
    StephenJoseDai
        9
    StephenJoseDai  
    OP
       84 天前
    哦,好像是缓存,为啥反向代理 dev 就可以,反代自己的域名就不行啊?
    关于   ·   帮助文档   ·   自助推广系统   ·   博客   ·   API   ·   FAQ   ·   Solana   ·   881 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 20:54 · PVG 04:54 · LAX 13:54 · JFK 16:54
    ♥ Do have faith in what you're doing.