Nginx代理返回二进制数据

我有nginx作为代理在我的应用程序前面终止TLS。 我有它设置为听80端口和redirect到443。

最初铬会下载一个名为“下载”而不是redirect的文件，但由于某种原因，它不再这样做了（我尝试了这个问题的build议，但没有帮助）。 尽pipe问题显然还是存在，但是Chrome仍然正确地redirect，Firefox仍然通过假设它是文件下载来做出反应：

这个问题最常见的是curl：

• 如何避免与nginx的第一个字节超时
• Nginx反向代理HTTPS到HTTP IIS后端
• Nginx服务器使用IP，但不能使用任意域名
• nginx的add_header不能在我的一个位置工作
• Nginx：将httpredirect到https（错误：redirect过多）

curl -v http://example.com * Rebuilt URL to: http://example.com/ * Trying 54.213.157.146... * Connected to example.com (54.213.157.146) port 80 (#0) > GET / HTTP/1.1 > Host: example.com > User-Agent: curl/7.50.0 > Accept: */* > * Connection #0 to host example.com left intact      

而不是返回通常的标题/状态/等。 它似乎是发回二进制数据。 同时https版本似乎正常工作：

 curl -v https://example.com * Rebuilt URL to: https://example.com/ * Trying 54.213.157.146... * Connected to example.com (54.213.157.146) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=example.com * start date: Jul 29 18:50:00 2016 GMT * expire date: Oct 27 18:50:00 2016 GMT * subjectAltName: host "example.com" matched cert's "example.com" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. > GET / HTTP/1.1 > Host: example.com > User-Agent: curl/7.50.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.11.1 < Date: Fri, 29 Jul 2016 22:53:33 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 1121 < Connection: keep-alive < X-Powered-By: Express < ETag: W/"461-VBuWbiWQQ/3ptwQjG8pM3w" < Strict-Transport-Security: max-age=63072000; includeSubdomains; preload < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < <!DOCTYPE html> <html> <head> <meta charset="utf-8"> ... 

很显然，我的nginxconfiguration不正确，但是我不清楚怎么做。

我的nginx.conf：

 user nginx; worker_processes 2; events { worker_connections 8096; multi_accept on; use epoll; } http { include mime.types; default_type application/octet-stream; proxy_cache_path /var/cache/nginx keys_zone=anonymous:10m; proxy_temp_path /var/tmp/nginx; sendfile on; client_max_body_size 20M; tcp_nodelay off; tcp_nopush on; keepalive_timeout 65; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; map $http_upgrade $connection_upgrade { default upgrade; '' close; } #Include the vhost files. include vhosts/*.conf; } 

和vhosts文件：

 server { listen 80 http2; server_name ${DOMAIN}; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name ${DOMAIN}; ssl_certificate /etc/letsencrypt/live/${PATH}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${PATH}/privkey.pem; ssl_dhparam /etc/ssl/dhparams.pem; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; root /etc/letsencrypt/webrootauth; location / { proxy_pass http://${UPSTREAM}; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_cache anonymous; proxy_cache_valid 200 301 302 30m; expires 30m; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } location ~* \.(html|css|jpg|gif|ico|js)$ { proxy_cache cache; proxy_cache_key $host$uri$is_args$args; proxy_cache_valid 200 301 302 30m; expires 30m; proxy_pass http://backend; } location /.well-known/acme-challenge { alias /etc/letsencrypt/webrootauth/.well-known/acme-challenge; location ~ /.well-known/acme-challenge/(.*) { add_header Content-Type application/jose+json; } } } 

有没有人看到什么可能造成这个？