Nginx 反向代理到 HTTPS 上游得到 502 Bad Gateway？

Question

我有这个配置：

upstream frontend_upstream {
    # FrontEnd part based on `frontend` container with React app.
    server frontend:3000;
}

server {
    ...
    listen 80;
    server_name  stage.example.com;

    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        # Define the location of the proxy server to send the request to
        # Web it's a name of Docker container with a frontend.
        proxy_pass https://frontend_upstream;

        ...
    }

    # Setup communication with API container.
    location /api {
        proxy_pass http://api:9002;
        rewrite "^/api/(.*)$" /$1 break;
        proxy_redirect     off;
    }
}
server {
    listen 443 ssl;
    server_name stage.example.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/stage.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/stage.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://frontend_upstream;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

我希望能够通过 HTTP 和 HTTPS 连接到我的应用程序，但 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream 引发了问题。

这个配置有什么问题？ 有很多类似的问题，但没有一个对我有帮助。

Answer 1

    location / {
      # Define the location of the proxy server to send the request to
      # Web it's a name of Docker container with a frontend.
      proxy_pass http://frontend_upstream;

    ...
}

试试这个。

您的上游很可能在 http 上运行，而不是在 https 上运行。