I just added my website to a CDN provider https://www.qiniu.com/en. Then I realised that almost all my http APIs (https://www.funfun.ink/httpOnly...) returned a 502 bad gateway error. Additionally, https://47.52.108.146/1/#/home did not work anymore, it returned a 502 bad gateway error as well.
Probably something is wrongly set up in the CDN provider, does anyone know what may be that?
Here is the console of https://www.funfun.ink/1/#/home
Here is the console of https://www.funfun.ink/1/#/edit/
Here is the nginx block
server {
listen 80;
server_name funfun.ink www.funfun.ink;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name funfun.ink www.funfun.ink;
ssl_certificate /etc/nginx/cert/1530230026231.pem;
ssl_certificate_key /etc/nginx/cert/1530230026231.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~* ^/\b(?!1|js|socket.io|monaco-editor|libs|dist|fonts|javascripts|formatter|ui|css|stylesheets|htmls|imgs|static|httpOnly|tmp|uploads)\w+\b/? {
rewrite .* /1/#$request_uri redirect;
}
location ~* ^/1/\b(?!#|auth)\w+\b/? {
rewrite ^/1/(.*[.]js)$ https://www.funfun.ink/dist/$1 redirect;
rewrite ^/1/(.*[^.][^j][^s])$ https://www.funfun.ink/1/#/$1 redirect;
}
location = / {
return 301 /home;
}
location ~ /.well-known {
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass https://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Best Answer
proxy_pass httpS://127.0.0.1:3000
... Are you sure that you can connect to the localhost (127.0.0.1) via SSL?proxy_set_header X-Forwarded-Proto $scheme;
- in this line, you already forward the scheme to the upstream server. So, the application (or the upstream server) should be smart enough to identify the scheme being used / forwarded.So, the
proxy_pass
directive should beproxy_pass http://127.0.0.1:3000
.