事情起因是有个 https://mingkj.com/aff/JCPTQCHI 看起来很便宜,想着就买一台来做图床试试,毕竟刚开始用,这个云服务上耐不耐造就不知道了,大家如果想买个玩请自行判断可靠性,本博主不负任何责任。
买完服务器,老样子1panel
起手,上来就是要 OpenResty
、SSL
、Minio
三连击,部署完登录账户一看,貌似没啥问题。
在我创建好桶列表想着上传一张图片试试效果时,桶列表打不开了,打开F12一看,就看到这种报错。
具体报错如下图(由于我是问题解决完了才想起来记录一下,所以当时没截图,网上找了一张相似的报错):
于是我再网上找了很久的问题,可能关键词搜的不对,没有找到解决方案。
大网上搜罗的解决方案
-
OpenResty中的
proxy_set_header Connection $http_connection;
改成proxy_set_header Upgrade $http_upgrade;
-
OpenResty 增加 /ws的前缀匹配的反代
-
....等其他的配置修改
基本上每种我都尝试了,无法解决问题。
在尝试了两天后(当然不可能一天到晚都在搞这个,毕竟还要工作)。
我在 1panel 的github仓库下看到这么一个issue:
https://github.com/1Panel-dev/1Panel/issues/1508
其中有个大佬说了这么一句话
于是我开始尝试把这个配置调整了,发现还是不行。
我抱着不信邪的情况,我把默认的conf给注释了
# 注释原有的默认配置
# include /www/sites/xxx.com/proxy/*.conf;
直接搬迁了这个issue上提供的配置,增加了这么一段
location ^~ / {
proxy_pass http://127.0.0.1:9001;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
add_header Strict-Transport-Security "max-age=31536000";
}
发现依旧有问题,然后我又不信的把之前找的解决方案上要改的地方都改了。
最后完整代码变成了这样
server {
listen 80 ;
listen 443 ssl http2 ;
server_name xxx.com;
index index.php index.html index.htm default.php default.htm default.html;
# 修改 $host 为 $http_host
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# 修改 $http_connection 为 upgrade
proxy_set_header Connection "upgrade";
access_log /www/sites/xxx.com/log/access.log main;
error_log /www/sites/xxx.com/log/error.log;
# 增加反向代理配置
location ^~ / {
proxy_pass http://127.0.0.1:9001;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
add_header Strict-Transport-Security "max-age=31536000";
}
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
if ($scheme = http) {
return 301 https://$host$request_uri;
}
ssl_certificate /www/sites/xxx.com/ssl/fullchain.pem;
ssl_certificate_key /www/sites/xxx.com/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
add_header Strict-Transport-Security "max-age=31536000";
# 关闭反代缓存
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
proxy_cache_convert_head off;
# 注释原有的默认配置
# include /www/sites/xxx.com/proxy/*.conf;
`}`
然后再尝试登录控制后台,然后就可以了,之后估计还得去试试1panel上接入看看会不会还有其他的问题,等我踩完坑,再回来给各位大佬汇报。