当代理服务器关闭时，NGINX反向代理返回502错误的网关 [英] NGINX Reverse Proxy return 502 bad gateway when proxied server is down

问题描述

我将nginx设置为我的Apache Tomcat的反向代理.它按我的预期正常工作.但是，当Apache Tomcat服务器关闭时NGINX总是返回502 Bad Gateway时，我感到困惑.而不是返回504错误的网关超时?

I setup nginx as a reverse proxy for my apache tomcat. It works normally as I expected. However, I got confused when NGINX is always returning a 502 Bad Gateway when the Apache Tomcat server is down. Instead of returning a 504 Bad Gateway timeout?

502错误的网关: 该服务器充当网关或代理，并从上游服务器收到无效响应.

502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server.

504网关超时 该服务器充当网关或代理，没有及时收到上游服务器的响应.

504 Gateway Timeout The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.

user  root;
worker_processes  1;

events {
        worker_connections  1024;
}

http {
       include       mime.types;
       default_type  application/octet-stream;
       sendfile        on;

       ssl_session_cache   shared:SSL:20m;
       ssl_session_timeout 10m;
       keepalive_timeout  65;

       map $http_upgrade $connection_upgrade {
               default Upgrade;
               '' close;
       }

        server {
                listen          *:80;
                return 301      https://$host:443$request_uri;
        }

        server{
                listen       *:443; #Ip of client
                # Specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length.
                client_max_body_size 1024M;
                # ssl config
                ssl                  on;
                ssl_certificate      server.crt;
                ssl_certificate_key  server.key;

                # for proxy timeout
                proxy_connect_timeout 75s;
                proxy_read_timeout 600s;
                proxy_send_timeout 600s;

                # not cache authorization
                proxy_no_cache $http_pragma $http_authorization;


                location /wss {
                        rewrite ^.*\/wss\/(?<api>.*) /$api break;
                        proxy_pass http://127.0.0.1:8071;

                        # for websocket
                       proxy_set_header Upgrade $http_upgrade;
                       proxy_set_header Connection $connection_upgrade;
                       proxy_http_version 1.1;
                       proxy_buffering off;
                       proxy_ignore_client_abort off;
                       proxy_read_timeout 1d;
                       proxy_send_timeout 1d;
                }

                location / {
                        proxy_buffering off;
                        proxy_pass http://127.0.0.1:8071;
                }
        }
}

访问时的错误日志:

2015/10/19 10:10:03 [错误] 29475#0:* 44 connect()失败(111: 连接到上游时，客户端拒绝连接): 192.168.70.60，服务器:，请求:"GET/HTTP/1.1"，上游:" http://127.0.0.1: 8071/"，主机:"192.168.70.161"

2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"

2015/10/19 10:10:03 [错误] 29475#0:* 44 connect()失败(111: 连接到上游时，客户端拒绝连接): 192.168.70.60，服务器:，请求:"GET/HTTP/1.1"，上游:" http://127.0.0.1: 8071/"，主机:"192.168.70.161"

2015/10/19 10:10:03 [error] 29475#0: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.70.60, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8071/", host: "192.168.70.161"

谁能解释NGINX为什么返回502 HTTP错误而不是504? 还是我的配置有问题?

Can anyone explain why the NGINX returns a 502 HTTP error instead of a 504? Or, are there problems with my configuration?

我想，我想念. 504仅在NGINX无法将请求转发到代理服务器但代理服务器未如NGINX预期的那样及时响应时发生. 就我而言:

I think, I missed. 504 only happen when NGINX can't forward request to proxied server but the proxied server doesn't response in time as NGINX expected. In my case:

proxy_connect_timeout 75s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;

因此，如果代理服务器关闭，NGINX将以HTTP错误代码502、503响应吗?

So in case of Proxied Server is down, NGINX will respond with the HTTP error code 502, 503?

推荐答案

默认情况下，SELinux配置不允许NGINX连接到远程Web，fastCGI或其他服务器.您可以使用 setenforce 0 设置许可模式，以检查是否应归咎于SELinux.如果是，那么您要做的就是使用audit2allow生成一组策略规则，该规则将允许采取必要的操作:

By default, the SELinux configuration does not allow NGINX to connect to a remote web, fastCGI, or other server. You can set permissive mode with setenforce 0 to check whether SELinux is to blame. If it is, All you have to do is use audit2allow to generate a set of policy rules that would allow the required actions：

grep nginx/var/log/audit/audit.log | audit2allow -M nginx

semodule -i nginx.pp

之后，请记住使用 setenforce 1 再次启用SELinux.

After that, remember to enable SELinux again with setenforce 1.

有关此内容的更多信息，请参见该acticle .

For more about that, you can see this acticle.

这篇关于当代理服务器关闭时，NGINX反向代理返回502错误的网关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！