在我的 ASP.net 应用程序中,我使用 X509Certificate2 创建了自签名证书。当客户端访问https://hostname:10002时,我面临 500 内部服务器错误。
当我在 nginx 中启用错误日志时,我发现有一些握手错误。我是 nginx 和 openssl 的新手,所以请帮我解决这个问题。
如果我删除“auth_request /auth”或者如果我传递 http 值而不是 https 值,它工作正常。
下面是我的 nginx 配置文件。
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
error_log C:\Nginx\logs\error1.log debug;
sendfile on;
tcp_nopush off;
#keepalive_timeout 0;
keepalive_timeout 70;
# tcp_nodelay on;
#gzip on;
upstream notebook {
server hostname:10012;
}
server {
listen 10002 ssl;
server_name hostname;
ssl_certificate C:\OpenSSL\ca.crt;
ssl_certificate_key C:\OpenSSL\ca.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
auth_request /auth;
proxy_pass https://notebook/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "";
}
location = /auth {
proxy_pass https://hostname:60008/Validation/ValidateUser;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
}
}
这是我的错误日志文件:
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http cleanup add: 00810234
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, try: 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, current: 00798E7C 1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 stream socket 540
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 connect to hostname:portno, fd:540 #16
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:540 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:540 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream connect: -2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 malloc: 00800810:128
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer add: 540: 60000:3002887310
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: -4, "/auth?" a:1, c:3
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http request count:3 blk:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream request: "/auth?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream send request handler
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 set session: 00000000
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 tcp_nodelay
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:540 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL handshake handler: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 5
> 2016/10/11 14:33:29 [error] 8460#5524: *15 peer closed connection in SSL handshake (10054: An existing connection was forcibly closed by the remote host) while SSL handshaking to upstream, client: 192.168.60.29, server: hostname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://hostname:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http next upstream, 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer 2 4
> 2016/10/11 14:33:29 [warn] 8460#5524: *15 upstream server temporarily disabled while SSL handshaking to upstream, client: xxx.xxx.xx.xx, server: hostname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://hostname:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer failed: 00798E7C 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 close http upstream connection: 540
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free: 00800810, unused: 52
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer del: 540: 3002887310
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:540 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 reusable connection: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, try: 1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 get rr peer, current: 00798E14 -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 stream socket 544
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 connect to 192.168.60.29:portno, fd:544 #17
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:544 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select add event fd:544 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream connect: -2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 malloc: 00801338:128
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer add: 544: 60000:3002887311
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007DB0F8
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream request: "/auth?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http upstream send request handler
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 set session: 00000000
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 tcp_nodelay
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:544 ev:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 post event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 delete posted event 007C70F0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL handshake handler: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_do_handshake: -1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 SSL_get_error: 5
> 2016/10/11 14:33:29 [error] 8460#5524: *15 peer closed connection in SSL handshake (10054: An existing connection was forcibly closed by the remote host) while SSL handshaking to upstream, client: 192.168.60.29, server: hostname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://xxx.xxx.xx.x:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http next upstream, 2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer 1 4
> 2016/10/11 14:33:29 [warn] 8460#5524: *15 upstream server temporarily disabled while SSL handshaking to upstream, client: 192.168.60.29, server: hotname, request: "GET /tree HTTP/1.1", subrequest: "/auth", upstream: "https://xxx.xxx.xx.x:portno/Validation/ValidateUser", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free rr peer failed: 00798E14 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 finalize http upstream request: 502
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 finalize http proxy request
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 close http upstream connection: 544
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 free: 00801338, unused: 52
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 event timer del: 544: 3002887311
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 select del event fd:544 ev:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 reusable connection: 0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: 502, "/auth?" a:1, c:2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request done s:0
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http special response: 502, "/auth?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: 0, "/auth?" a:1, c:2
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request done s:502
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http wake parent request: "/tree?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http posted request: "/tree?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 access phase: 10
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request handler
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 auth request set variables
> 2016/10/11 14:33:29 [error] 8460#5524: *15 auth request unexpected status: 502 while sending to client, client: 192.168.60.29, server: hostname, request: "GET /tree HTTP/1.1", host: "hostname:10002"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http finalize request: 500, "/tree?" a:1, c:1
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http special response: 500, "/tree?"
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 http set discard body
> 2016/10/11 14:33:29 [debug] 8460#5524: *15 HTTP/1.1 500 Internal Server Error
Server: nginx/1.11.3
Date: Tue, 11 Oct 2016 09:03:29 GMT
Content-Type: text/html
Content-Length: 595
Connection: close