背景:
sap部署在北京微软云,供应商提供cname解析地址,公司提供域名解析到该cname,因国外访问国内地址过慢,因此通过香港nginx通过反向代理转发。
错误:
最初配置如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| upstream beijingsap {
server xx.xx.xx.xx:443;
}
server {
listen 443 ssl http2;
server_name sap.xxx.com;
include ssl/ssl-global.conf;
#include proxy.conf;
access_log logs/sap-access.log main;
error_log logs/sap-error.log error;
client_max_body_size 50M;
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host 'sap.xxx.com';
proxy_pass https://beijingsap/;
}
}
|
配置完成后,访问xx.xxx.com会提示502错误,查看nginx日志,提示一下错误
1
| 2022/09/23 13:29:51 [error] 1236#1236: *22 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.146.15.222, server: localhost, request: "GET / HTTP/1.1", upstream: "https://xx.xx.xx.xx:443/webgui", host: "10.146.14.240"
|
解决方案:
需要添加一下配置解决
1
2
| proxy_ssl_name sap.xxx.com;
proxy_ssl_server_name on;
|
最终配置如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| upstream beijingsap {
server xx.xx.xx.xx:443;
}
server {
listen 443 ssl http2;
server_name sap.xxx.com;
include ssl/ssl-global.conf;
#include proxy.conf;
access_log logs/sap-access.log main;
error_log logs/sap-error.log error;
client_max_body_size 50M;
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host 'sap.xxx.com';
proxy_pass https://beijingsap/;
proxy_ssl_name sap.xxx.com;
proxy_ssl_server_name on;
}
}
|