当代理服务器关闭时,NGINX反向代理返回502错误的网关
我将nginx设置为我的Apache Tomcat的反向代理.它按我的预期正常工作.但是,当Apache Tomcat服务器关闭时NGINX总是返回502 Bad Gateway时,我感到困惑.而不是返回504错误的网关超时?
I setup nginx as a reverse proxy for my apache tomcat. It works normally as I expected. However, I got confused when NGINX is always returning a 502 Bad Gateway when the Apache Tomcat server is down. Instead of returning a 504 Bad Gateway timeout?
502错误的网关: 该服务器充当网关或代理,并从上游服务器收到无效响应.
502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server.
504网关超时 该服务器充当网关或代理,没有及时收到上游服务器的响应.
504 Gateway Timeout The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
keepalive_timeout 65;
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen *:80;
return 301 https://$host:443$request_uri;
}
server{
listen *:443; #Ip of client
# Specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.
client_max_body_size 1024M;
# ssl config
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
# for proxy timeout
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# not cache authorization
proxy_no_cache $http_pragma $http_authorization;
location /wss {
rewrite ^.*\/wss\/(?<api>.*) /$api break;
proxy_pass http://127.0.0.1:8071;
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 1d;
proxy_send_timeout 1d;
}
location / {
proxy_buffering off;
proxy_pass http://127.0.0.1:8071;
}
}
}
访问时的错误日志:
2015/10/19 10:10:03 [错误] 29475#0:* 44 connect()失败(111: 连接到上游时,客户端拒绝连接): 192.168.70.60,服务器:,请求:"GET/HTTP/1.1",上游:" http://127.0.0.1: 8071/",主机:"192.168.70.161"
2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
2015/10/19 10:10:03 [错误] 29475#0:* 44 connect()失败(111: 连接到上游时,客户端拒绝连接): 192.168.70.60,服务器:,请求:"GET/HTTP/1.1",上游:" http://127.0.0.1: 8071/",主机:"192.168.70.161"
2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
谁能解释NGINX为什么返回502 HTTP错误而不是504? 还是我的配置有问题?
Can anyone explain why the NGINX returns a 502 HTTP error instead of a 504? Or, are there problems with my configuration?
我想,我想念. 504仅在NGINX无法将请求转发到代理服务器但代理服务器未如NGINX预期的那样及时响应时发生. 就我而言:
I think, I missed. 504 only happen when NGINX can't forward request to proxied server but the proxied server doesn't response in time as NGINX expected. In my case:
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
因此,如果代理服务器关闭,NGINX将以HTTP错误代码502、503响应吗?
So in case of Proxied Server is down, NGINX will respond with the HTTP error code 502, 503?
默认情况下,SELinux配置不允许NGINX连接到远程Web,fastCGI或其他服务器.您可以使用 setenforce 0 设置许可模式,以检查是否应归咎于SELinux.如果是,那么您要做的就是使用audit2allow生成一组策略规则,该规则将允许采取必要的操作:
By default, the SELinux configuration does not allow NGINX to connect to a remote web, fastCGI, or other server. You can set permissive mode with setenforce 0 to check whether SELinux is to blame. If it is, All you have to do is use audit2allow to generate a set of policy rules that would allow the required actions:
grep nginx/var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
之后,请记住使用 setenforce 1 再次启用SELinux.
After that, remember to enable SELinux again with setenforce 1.
有关此内容的更多信息,请参见该acticle .
For more about that, you can see this acticle.