cloudreve / Cloudreve

🌩支持多家云存储的云盘系统 (Self-hosted file management and sharing system, supports multiple storage providers)
https://cloudreve.org
GNU General Public License v3.0
22k stars 3.45k forks source link

BT Linux面板使用Nginx反向代理出现错误,502 Bad Gateway。The BT Linux panel encountered an error using the Nginx reverse proxy, 502bad Gateway. #2081

Open IsKenKenYa opened 6 months ago

IsKenKenYa commented 6 months ago

使用宝塔面板添加反向代理后,没有在网站的server字段下添加

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://127.0.0.1:5212;

    # 如果您要使用本地存储策略,请将下一行注释符删除,并更改大小为理论最大文件尺寸
    # client_max_body_size 20000m;
}

在刚开始的时候可以正常进行访问,也能使用部分,仅在如图所示BT面板自带的反向代理设置进行设置。 image

同时我添加了DV测试SSL证书。 但是超过几个小时后就会变成这样: 502 Bad Gateway nginx

当我尝试在「server字段」添加上述代码,保存更改后报错如下:

error:
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [emerg] duplicate location "/" in /www/server/panel/vhost/nginx/hanhandisk.kenblogwebsite.com.conf:71
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed

如下是「server字段」全文:

server
{
    listen 80;
        listen 443 ssl http2;
    server_name This is My Domain 这是域名;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/HanHanCloud;
    #CERT-APPLY-CHECK--START
    # 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
    include /www/server/panel/vhost/nginx/well-known/This is My Domain 这是域名.conf;
    #CERT-APPLY-CHECK--END

    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://This is My Domain 这是域名 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /www/server/panel/vhost/cert/hanhanThis is My Domain 这是域名/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/This is My Domain 这是域名/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    #SSL-END

    #ERROR-PAGE-START  错误页配置,可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP引用配置,可以注释或修改
    #清理缓存规则

    location ~ /purge(/.*) {
        proxy_cache_purge cache_one $host$1$is_args$args;
        access_log  /www/wwwlogs/This is My Domain 这是域名_purge_cache.log;
    }
    #引用反向代理规则,注释后配置的反向代理将无效
    include /www/server/panel/vhost/nginx/proxy/This is My Domain 这是域名.com/*.conf;

    include enable-php-00.conf;
    #PHP-INFO-END

    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/This is My Domain 这是域名.com.conf;
    #REWRITE-END

    #禁止访问的文件或目录
    # location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    # {
    #     return 404;
    # }

    # #一键申请SSL证书验证目录相关设置
    # location ~ \.well-known{
    #     allow all;
    # }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    access_log  /www/wwwlogs/This is My Domain 这是域名.com.log;
    error_log  /www/wwwlogs/This is My Domain 这是域名.com.error.log;
}

——————————————————————

以下是英语翻译,不用重复查看:

I am sorry that my English is not good, so I can not give native english-speaking users a better reading experience, sorry in advance.

After using the BT Linux panel to add a reverse proxy, it is not added under the server field of the web site

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://127.0.0.1:5212;

# If you are using a local storage policy, remove the next line comment and change the size to the theoretical maximum file size
    # client_max_body_size 20000m;
}

It is initially accessible as normal, but can also be partially set up using only the reverse proxy settings that come with the BT panel as shown in the figure. image

I also added the DV test SSL certificate. But after a few hours, it's like this: 502 Bad Gateway nginx

When I try to add the above code in the server field, save the changes and report the following error:

error:
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [emerg] duplicate location "/" in /www/server/panel/vhost/nginx/hanhandisk.kenblogwebsite.com.conf:71
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed
`

Here is the full text of the“Server Field”:

server { listen 80; listen 443 ssl http2; Server This is My Domain index index.php index.html index.htm default.php default.htm default.html; root /www/wwwroot/HanHanCloud;

CERT-APPLY-CHECK--START

configuration for file validation for SSL certificate requests-do not delete

Include/WWW/server/panel/vhost/NGINX/well-known/This is My Domain. Conf;

CERT-APPLY-CHECK--END

SSL-START SSL-related configuration, do not delete or modify the next line of annotated rule 404

#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){

Rewrite ^ (. *) $https://this is My Domain }

HTTP_TO_HTTPS_END

SSL/WWW/server/panel/vhost/CERT/hanhanThis is My Domain/fullchain. PEM; SSL/WWW/server/panel/vhost/CERT/This is My Domain/privkey. PEM; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri;

#SSL-END

ERROR-PAGE-START error page configuration that can be commented, deleted, or modified

#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END

PHP-INFO-START PHP reference configuration can be commented or modified

Clean up cache rules

location ~ /purge(/.*) {
    proxy_cache_purge cache_one $host$1$is_args$args;

Access/WWW/wwwlogs/This is My Domain. Log; }

reference the reverse proxy rule, the reverse proxy configured after comment will be invalid

Include/WWW/server/panel/vhost/NGINX/proxy/This is My Domain. Com/* . Conf;

include enable-php-00.conf;
#PHP-INFO-END

REWRITE-START URL rewrite rule references, which will invalidate the pseudo-static rule for panel settings

Include/WWW/server/panel/vhost/rewrite/This is My Domain. Com. Conf;

REWRITE-END

A file or directory that is not accessible

location ~ ^/(.user.ini|.htaccess|.git|.env|.svn|.project|LICENSE|README.md)

# {
#     return 404;
# }

one-click application SSL Certificate Verification Directory related settings

# location ~ \.well-known{
#     allow all;
# }

disallow sensitive files in the certificate verification directory

if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
    return 403;
}

Access/WWW/wwwlogs/This is My Domain. Com. Log; Error/WWW/wwwlogs/This is My Domain. Com. Error. Log; }

dhermann6 commented 6 months ago

报错已经给你很明显了你的nginx配置错误了

nginx: [emerg] duplicate location "/" in /www/server/panel/vhost/nginx/hanhandisk.kenblogwebsite.com.conf:71

建议多了解下nginx配置

IsKenKenYa commented 5 months ago

好的,我将重新审视代码,学习一下nginx,查漏补缺。