我正在尝试从 nginx 代理安全 http 到 kong 但我收到有关 http 请求的错误发送到 Z299DC869EA246FF788A?

Question

Using this config:

upstream kong {
  server 127.0.0.1:8000;
}

upstream kong_secure {
  server 127.0.0.1:8443;
}

server {
    listen 80;
    server_name api.example.co.za;
    error_log /var/log/nginx/api.error.log;
    access_log /var/log/nginx/api.access.log;

    location / {
        proxy_pass http://kong;
        proxy_set_header Host $host;
    }
}


server {
    server_name api.example.co.za;
    error_log /var/log/nginx/api.error.log;
    access_log /var/log/nginx/api.access.log;


    location / {
        proxy_pass http://kong_secure;
        proxy_set_header Host $host;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.example.co.za/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.example.co.za/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

I get:

400 Bad Request
The plain HTTP request was sent to HTTPS port

Answer 1

Kong is also running nginx, so the error was really coming from kong. I verified this by checking the access logs. Nginx vanilla was doing the ssl termination and then proxying to the upstream ssl listening on ssl.

However now it is plain http but going to an https port on kong.

So to fix this set the upsteam to the non https port and remove kong_secure it is not needed:

upstream kong {
  server 127.0.0.1:8000;
}

But now kong will complain with:

{"message":"Please use HTTPS protocol"}

To fix that you need to read the docs on Restricting the client protocol , eventually leading you to set the header X-Forwarded-Proto: https and adding the porxy ip to trusted_ips in the kong configuration.