1

在我的 ASP.net 应用程序中,我使用 X509Certificate2 创建了自签名证书。当客户端访问https://hostname:10002时,我面临 500 内部服务器错误。

当我在 nginx 中启用错误日志时,我发现有一些握手错误。我是 nginx 和 openssl 的新手,所以请帮我解决这个问题。

如果我删除“auth_request /auth”或者如果我传递 http 值而不是 https 值,它工作正常。

下面是我的 nginx 配置文件。

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    error_log C:\Nginx\logs\error1.log debug;
    sendfile        on;
    tcp_nopush     off;

    #keepalive_timeout  0;
    keepalive_timeout  70;

    # tcp_nodelay       on;

    #gzip  on;

     upstream notebook {
         server hostname:10012;
     }

    server {
        listen       10002 ssl;
        server_name  hostname;
        ssl_certificate      C:\OpenSSL\ca.crt;
        ssl_certificate_key  C:\OpenSSL\ca.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;


        location / {
            auth_request /auth;

            proxy_pass https://notebook/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Origin "";
        }

        location = /auth {
            proxy_pass https://hostname:60008/Validation/ValidateUser;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_set_header X-Original-URI $request_uri;
        }

    }

}

这是我的错误日志文件:

> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http cleanup add: 00810234
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, try: 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, current: 00798E7C 1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 stream socket 540
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 connect to hostname:portno, fd:540 #16
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:540 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:540 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream connect: -2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 malloc: 00800810:128
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer add: 540: 60000:3002887310
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: -4, "/auth?" a:1, c:3
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http request count:3 blk:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream request: "/auth?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream send request handler
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 set session: 00000000
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 tcp_nodelay
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:540 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL handshake handler: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 5
> 2016/10/11 14:33:29 [error] 8460#5524: *15 peer closed connection in SSL handshake (10054: An existing connection was forcibly closed by the remote host) while SSL handshaking to upstream, client: 192.168.60.29, server: hostname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://hostname:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http next upstream, 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer 2 4
> 2016/10/11 14:33:29 [warn] 8460#5524: *15 upstream server temporarily disabled while SSL handshaking to upstream, client: xxx.xxx.xx.xx, server: hostname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://hostname:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer failed: 00798E7C 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 close http upstream connection: 540
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free: 00800810, unused: 52
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer del: 540: 3002887310
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:540 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 reusable connection: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, try: 1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, current: 00798E14 -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 stream socket 544
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 connect to 192.168.60.29:portno, fd:544 #17
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:544 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:544 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream connect: -2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 malloc: 00801338:128
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer add: 544: 60000:3002887311
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream request: "/auth?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream send request handler
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 set session: 00000000
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 tcp_nodelay
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:544 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL handshake handler: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 5
> 2016/10/11 14:33:29 [error] 8460#5524: *15 peer closed connection in SSL handshake (10054: An existing connection was forcibly closed by the remote host) while SSL handshaking to upstream, client: 192.168.60.29, server: hostname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://xxx.xxx.xx.x:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http next upstream, 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer 1 4
> 2016/10/11 14:33:29 [warn] 8460#5524: *15 upstream server temporarily disabled while SSL handshaking to upstream, client: 192.168.60.29, server: hotname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://xxx.xxx.xx.x:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer failed: 00798E14 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 finalize http upstream request: 502
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 finalize http proxy request
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 close http upstream connection: 544
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free: 00801338, unused: 52
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer del: 544: 3002887311
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:544 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 reusable connection: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: 502, "/auth?" a:1, c:2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request done s:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http special response: 502, "/auth?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: 0, "/auth?" a:1, c:2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request done s:502
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http wake parent request: "/tree?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http posted request: "/tree?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 access phase: 10
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request handler
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request set variables
> 2016/10/11 14:33:29 [error] 8460#5524: *15 auth request unexpected status: 502 while sending to client, client: 192.168.60.29, server: hostname, request: "GET /tree HTTP/1.1", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: 500, "/tree?" a:1, c:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http special response: 500, "/tree?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http set discard body
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 HTTP/1.1 500 Internal Server Error
Server: nginx/1.11.3
Date: Tue, 11 Oct 2016 09:03:29 GMT
Content-Type: text/html
Content-Length: 595
Connection: close
4

0 回答 0