我设置nginx作为apache tomcat的反向代理。它正常工作,正如我所料。但是,当Apache Tomcat服务器关闭时,NGINX总是返回502坏网关时,我感到困惑。而不是返回一个504坏网关超时?
502坏网关:服务器充当网关或代理,从上游服务器收到无效响应。
504网关超时时间服务器充当网关或代理,没有收到来自上游服务器的及时响应。
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
keepalive_timeout 65;
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen *:80;
return 301 https://$host:443$request_uri;
}
server{
listen *:443; #Ip of client
# Specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.
client_max_body_size 1024M;
# ssl config
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
# for proxy timeout
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# not cache authorization
proxy_no_cache $http_pragma $http_authorization;
location /wss {
rewrite ^.*/wss/(?<api>.*) /$api break;
proxy_pass http://127.0.0.1:8071;
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 1d;
proxy_send_timeout 1d;
}
location / {
proxy_buffering off;
proxy_pass http://127.0.0.1:8071;
}
}
}
访问
时的错误日志2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111):连接被拒绝)连接到上游,客户端:192.168.70.60, server:, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111):连接被拒绝)连接到上游,客户端:192.168.70.60, server:, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"
谁能解释为什么NGINX返回一个502 HTTP错误而不是504?或者,我的配置有问题吗?
我想,我错过了。504只发生在NGINX不能将请求转发到被代理服务器,而被代理服务器没有按照NGINX期望的时间响应时。在我的例子中:
proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
所以在代理服务器关闭的情况下,NGINX将响应HTTP错误代码502,503 ?
默认情况下,SELinux配置不允许NGINX连接到远程web, fastCGI或其他服务器。您可以使用setenforce 0设置允许模式来检查SELinux是否有问题。如果是,您所要做的就是使用audit2allow来生成一组策略规则,这些规则将允许所需的操作:
grep nginx/var/log/audit/audit.log | audit2allow -M nginx
module -i nginx.pp
之后,记得使用setenforce 1再次启用SELinux。