在nginx下起一个https服务器用作另一个http服务器的代理,配置文件为:
server {
listen 4430 ssl;
server_name 192.168.10.151 localhost;
ssl_certificate /usr/local/nginx/cert/cert.pem;
ssl_certificate_key /usr/local/nginx/cert/cert.key;
location / {
proxy_pass http://localhost:8019;
}
}
server {
listen 8019;
server_name 127.0.0.1 localhost;
location / {
root /usr/local/nginx/html/admin;
index index.html index.htm;
}
测试的时候,查看error日志发现报错,如下:
2020/11/17 09:08:01 [error] 20010#0: *555 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.10.134, server: 192.168.10.151, request: "GET / HTTP/1.1", upstream: "http://[::1]:8019/", host: "192.168.10.151:4430"
2020/11/17 09:23:39 [notice] 20821#0: signal process started
2020/11/17 09:24:08 [error] 20822#0: *601 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.10.134, server: 192.168.10.151, request: "GET / HTTP/1.1", upstream: "http://[::1]:8019/", host: "192.168.10.151:4430"
基本上全是connect failed的信息。去网上搜索一番,发现upstream中[::1]是ipv6的地址,linux下输入命令ip address 查看,确实本机开启了ipv6的地址
link/ether 52:54:00:21:1e:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.10.151/24 brd 192.168.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::e856:db72:3ac7:fc2b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
所以请求是转发到ipv6的http服务去了,当然会connect failed了。所以配置文件修改为
server {
listen 4430 ssl;
server_name 192.168.10.151 localhost;
ssl_certificate /usr/local/nginx/cert/cert.pem;
ssl_certificate_key /usr/local/nginx/cert/cert.key;
location / {
proxy_pass http://127.0.0.1:8019;
}
}
显示指明为ipv4地址
但是此时请求还是没被转发,到error日志和access日志查看,都没有什么消息。后来在chrome上面调试才发现请求都被chrome屏蔽了(因为网站证书不是受信任的证书,请求会被chrome默认屏蔽掉)
需要到chrome设置里配置一下
设置--->隐私设置和安全性--->不安全内容--->允许
然后刷新页面后,就可以正常访问网站了。
网友评论