我在 Ubuntu 20.04.6 上有一台服务器,使用带 ssl 的 Nginx 和 Varnish 6.2.1。我收到错误:
400 Bad Request The plain HTTP request was sent to HTTPS port nginx/1.18.0 (Ubuntu)
我的 /etc/nginx/sites-available/file:
server {
listen 91 ssl http2;
server_name my_site_name;
# varnish proxy
location / {
proxy_pass http://127.0.0.1:6081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/my_site_name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my_site_name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
我的/etc/varnish/default.vcl:
vcl 4.0;
backend default {
.host = "my_https_site";
.port = "85";
}
sub vcl_recv {
if (client.ip != "127.0.0.1" && req.http.host ~ "my_host.by") {
set req.http.x-redir = "https://my_https_site" + req.url;
return(synth(850, ""));
}
}
sub vcl_deliver {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 301;
return (deliver);
}
}
我的 /etc/default/varnish:
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
我看到命令 varnishstat 的结果工作正常,接收数据。
清漆日志(后端“varnishlog -b”):
* << BeReq >> 98394
- Begin bereq 98393 fetch
- VCL_use boot
- Timestamp Start: 1682520086.557505 0.000000 0.000000
- BereqMethod GET
- BereqURL /
- BereqProtocol HTTP/1.1
- BereqHeader Host: my_host
- BereqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- BereqHeader sec-ch-ua-mobile: ?0
- BereqHeader sec-ch-ua-platform: "Linux"
- BereqHeader upgrade-insecure-requests: 1
- BereqHeader user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- BereqHeader accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
- BereqHeader sec-fetch-site: none
- BereqHeader sec-fetch-mode: navigate
- BereqHeader sec-fetch-user: ?1
- BereqHeader sec-fetch-dest: document
- BereqHeader accept-language: en-US,en;q=0.9,ru;q=0.8
- BereqHeader X-Forwarded-For: 127.0.0.1
- BereqHeader Accept-Encoding: gzip
- BereqHeader X-Varnish: 98394
- VCL_call BACKEND_FETCH
- VCL_return fetch
- BackendOpen 26 default 181.122.19.2 85 181.122.19.2 33736
- BackendStart 181.122.19.2 85
- Timestamp Bereq: 1682520086.557843 0.000338 0.000338
- Timestamp Beresp: 1682520086.558193 0.000688 0.000350
- BerespProtocol HTTP/1.1
- BerespStatus 400
- BerespReason Bad Request
- BerespHeader Server: nginx/1.18.0 (Ubuntu)
- BerespHeader Date: Wed, 26 Apr 2023 14:41:26 GMT
- BerespHeader Content-Type: text/html
- BerespHeader Content-Length: 666
- BerespHeader Connection: close
- TTL RFC -1 10 0 1682520087 1682520087 1682520086 0 0 cacheable
- VCL_call BACKEND_RESPONSE
- TTL VCL 120 10 0 1682520087 cacheable
- TTL VCL 120 10 0 1682520087 uncacheable
- VCL_return deliver
- Filters
- Storage malloc Transient
- Fetch_Body 3 length stream
- BackendClose 26 default
- Timestamp BerespBody: 1682520086.558474 0.000969 0.000281
- Length 666
- BereqAcct 657 0 657 161 666 827
- End
客户记录:
* << Request >> 98399
- Begin req 98398 rxreq
- Timestamp Start: 1682521060.864589 0.000000 0.000000
- Timestamp Req: 1682521060.864589 0.000000 0.000000
- VCL_use boot
- ReqStart 127.0.0.1 35458 a0
- ReqMethod GET
- ReqURL /favicon.ico
- ReqProtocol HTTP/1.1
- ReqHeader Connection: upgrade
- ReqHeader Host: my_host
- ReqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- ReqHeader sec-ch-ua-mobile: ?0
- ReqHeader user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- ReqHeader sec-ch-ua-platform: "Linux"
- ReqHeader accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
- ReqHeader sec-fetch-site: same-origin
- ReqHeader sec-fetch-mode: no-cors
- ReqHeader sec-fetch-dest: image
- ReqHeader referer: https://alva.by:91/
- ReqHeader accept-encoding: gzip, deflate, br
- ReqHeader accept-language: en-US,en;q=0.9,ru;q=0.8
- ReqHeader X-Forwarded-For: 127.0.0.1
- VCL_call RECV
- VCL_return hash
- ReqUnset accept-encoding: gzip, deflate, br
- ReqHeader Accept-Encoding: gzip
- VCL_call HASH
- VCL_return lookup
- VCL_call MISS
- VCL_return fetch
- Link bereq 98400 fetch
- Timestamp Fetch: 1682521060.865292 0.000702 0.000702
- RespProtocol HTTP/1.1
- RespStatus 400
- RespReason Bad Request
- RespHeader Server: nginx/1.18.0 (Ubuntu)
- RespHeader Date: Wed, 26 Apr 2023 14:57:40 GMT
- RespHeader Content-Type: text/html
- RespHeader Content-Length: 666
- RespHeader X-Varnish: 98399
- RespHeader Age: 0
- RespHeader Via: 1.1 varnish (Varnish/6.2)
- VCL_call DELIVER
- VCL_return deliver
- Timestamp Process: 1682521060.865304 0.000715 0.000012
- Filters
- RespHeader Connection: keep-alive
- Timestamp Resp: 1682521060.865364 0.000775 0.000061
- ReqAcct 568 0 568 224 666 890
- End
我尝试了很多东西,比如改变 default.vcl 文件,改变 sites-available 的文件等等。
附言端口已打开。
我解决了这个问题。这是因为我使用的不是 Varnish Enterprise,它不是免费的。但是,我知道如何使用 nginx 在我的 PC 上使用它。所以有一些笔记(也许它会帮助某人)。
请求如何与 nginx 一起工作?
您通过网络浏览器向具有定义端口(例如 80)的远程(或本地)服务器发送请求 -> “https://myServer:80”
然后nginx在6081端口发送给varnsih(默认)
Varnish 执行其逻辑并将其转发到您的后端本地主机
然后它继续反向路径。
所以,如果您使用自己的网站,就不会使用其他远程来源进行兑现,对吗?
所以,在 /etc/varnish/default.vcl 中使用 http 协议。
附言现在我正在研究如何将 varnish 与 docker 一起使用,bcz docker 使用自己的网络。
希望,这会帮助某人