502 dotnet WebApplication 的网关 nginx 错误

我正在尝试在运行 Centos9 Stream 和 Nginx 的 Digital Ocean Droplet 上运行测试 Web 应用程序 WebApplication 是从 Visual Studio 模板创建的默认项目。 它使用net8.0。 Microsoft.AspNetCore.OpenApi 7.0.14 和 Swashbuckle.AspNetCore 6.5.0

我还通过 LetsEncrypt 安装了证书

在 Droplet 上启动 nginx 后，我还使用以下命令启动应用程序

DotNet WebApplication.dll

看到它正在监听端口 5000

但是如果我尝试

curl -I https://example.com

我明白了

   HTTP/1.1 502 Bad Gateway
   Server: nginx/1.22.1

我看到 WebApplication 控制台输出警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
Failed to determine the https port for redirect

我在 /etc/nginx/nginx.conf 中有以下内容

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        server_name example.com;
        location / {
            proxy_pass         http://localhost:5000; # Your .NET app's URL
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }


        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/examplecom/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#        location = /404.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#        location = /50x.html {
#        }
#    }



    server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen       80;
        listen       [::]:80;
        server_name example.com;
    return 404; # managed by Certbot


}}

[更新]

cat /var/log/nginx/error.log

报道

Permission denied while connecting to upstream  
  

[更新]

看了这张票我尝试了

setsebool -P httpd_can_network_connect 1

并重新启动。

现在当我跑步时

dotnet WebApplication.dll

我收到警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
failed to deterimine the https port for redirect.
Microsoft.Hosting.Lifetime[0]
Application is shutting down.

我仍然收到 502 Bad Gateway 错误

curl -I https://example.com

我不再在日志中看到“权限被拒绝”错误。 它是（IP地址被混淆）

2024/01/06 04:39:52 [notice] 1323#1323: signal 3 (SIGQUIT) received from 1, shutting down
2024/01/06 04:39:52 [notice] 1323#1323: signal 17 (SIGCHLD) received from 1324
2024/01/06 04:39:52 [notice] 1323#1323: worker process 1324 exited with code 0
2024/01/06 04:39:52 [notice] 1323#1323: exit
2024/01/06 04:43:25 [notice] 1339#1339: using the "epoll" event method
2024/01/06 04:43:25 [notice] 1339#1339: nginx/1.22.1
2024/01/06 04:43:25 [notice] 1339#1339: built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC) 
2024/01/06 04:43:25 [notice] 1339#1339: OS: Linux 5.14.0-391.el9.x86_64
2024/01/06 04:43:25 [notice] 1339#1339: getrlimit(RLIMIT_NOFILE): 1024:524288
2024/01/06 04:43:25 [notice] 1340#1340: start worker processes
2024/01/06 04:43:25 [notice] 1340#1340: start worker process 1341
2024/01/06 05:00:14 [error] 1341#1341: *5 connect() failed (111: Connection refused) while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "example.com"
2024/01/06 05:00:14 [warn] 1341#1341: *5 upstream server temporarily disabled while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "example.com"
2024/01/06 05:00:14 [error] 1341#1341: *5 connect() failed (111: Connection refused) while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://[::1]:5000/", host: "example.com"
2024/01/06 05:00:14 [warn] 1341#1341: *5 upstream server temporarily disabled while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://[::1]:5000/", host: "example.com" 

[更新]

我看到发布的 appsettings.json 中没有提到 https（而在开发 launchsettings.json 中却提到了）

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

[更新] 从这里我了解到

如果未指定端口，Kestrel 会绑定到 http://localhost:5000。

下一步添加

  "Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost:5000"
      }
    }
  },

现在我明白了

ASP.NET 开发人员证书不受信任。 请参阅这个

此外，Bad Gateway 仍然没有解决。

[更新]

我通过使 nginx.conf 和 appsettings.json 使用 http://localhost:5000 解决了证书问题

我仍然收到 502 Bad Gateway

https://example.com/swagger/index.html给出

nginx 错误。这一页 您正在寻找的暂时无法找到。

[更新]

我在 Droplet 上启用了 IPV6（注意到它在 nginx.conf 中处于打开状态后）

现在

curl -I https://example.com 

报告 404 未找到

WebApplication 控制台也会发出警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware3 无法确定重定向的 https 端口。

我可以看到使用

cat /var/log/nginx/error.log

那个

SSL_do_handshake() 失败（SSL:error0A00006C:SSL 例程::密钥错误 分享）同时 SSL 握手

[更新]

阅读ozkanpakdil的评论后，我更改了program.cs以删除app.UseHttpsRedirection();

现在

curl -I example.com 

给予

301 Moved Permanently

[更新]

我想知道 nginx 状态输出中禁用的单词。