nginx 反向代理，错误信息是这个，怎么解决

斌斌

配置文件是下面的。server {
    listen       8011;
    server_name 127.0.0.1;
    location / {
    proxy_pass https://imagedelivery.net;
    proxy_set_header X-Forwarded-Host $host;
             proxy_set_header X-Forwarded-Server $host;
             proxy_set_header  Host  $host;
            proxy_set_header  X-real-ip $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}



error.log 是下面的。

2022/02/16 19:54:53 [error] 3689#3689: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.2.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.2.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [error] 3689#3689: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.3.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://104.18.3.36:443/", host: "打码:8011"
2022/02/16 19:54:53 [error] 3689#3689: *1 connect() to [2606:4700::6812:224]:443 failed (101: Network is unreachable) while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:224]:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:224]:443/", host: "打码:8011"
2022/02/16 19:54:53 [error] 3689#3689: *1 connect() to [2606:4700::6812:324]:443 failed (101: Network is unreachable) while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:324]:443/", host: "打码:8011"
2022/02/16 19:54:53 [warn] 3689#3689: *1 upstream server temporarily disabled while connecting to upstream, client: 45.150.227.193, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "https://[2606:4700::6812:324]:443/", host: "打码:8011"

iks

感觉是没设置 ssl name

iks

加一个

1. proxy_ssl_server_name on;
   
2. proxy_ssl_name $host;

复制代码

Zeddicus

目测是cloudflare的ssl选项得切换到flexible

aRNoLD

跟上游的服务器通讯失败，估计不是这两段配置文件的问题吧。

3楼提到的 proxy_ssl_server_name on 可能在有些情况下有用，遇到过一回，楼主不妨试下。

斌斌

iks 发表于 2022-2-16 20:00
加一个

设置了，错误一样

斌斌

iks 发表于 2022-2-16 20:00
加一个

知道了，不能设置$host 要手动设置cf的那个域名。

Showfom

1. proxy_set_header  Host  $host;

复制代码

你这么写的话，就会用 127.0.0.1 去请求 Host

所以你得改成

1. proxy_set_header  Host  imagedelivery.net;

复制代码