nginx反向代理proxy_pass出现502错误SSL_do_handshake() failed 处理方法

nginx反向代理的时候,可根据报错处理。

第一种情况报错:

2021/01/12 09:51:13 [error] 8201#8201: *19782 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 12.34.56.12, server: aaa.bbb.com, request: "GET /? HTTP/2.0", upstream: "https://123.12.3.4:443/?", host: "aaa.bbb.com"

解决办法如下:

location / {
......
proxy_ssl_session_reuse off;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
......        
}

解释:
proxy_ssl_session_reuse off; 关闭默认尝试重新使用SSL上游的SSL会话
proxy_ssl_server_name on; 反向代理的时候,通过域名而不是ip地址去访问
proxy_ssl_protocols 指定协议

第二种情况报错:

2022/03/20 17:28:20 [error] 20667#20667: *4614688 upstream prematurely closed connection while reading response header from upstream, client: 123.111.222.111, server: 123.sdfs.com, request: "GET / HTTP/2.0", upstream: "https://22.33.11.22:443/", host: "123.sdfs.com"

原因是没有送过去正确的header 头,解决办法:

proxy_redirect off;
proxy_set_header Host www.被代理网站.com;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Referer https://www.被代理网站.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
滚动至顶部