带SSL上的Sails.js / Node.js和NGINX的Socket.io：坏的网关

我刚开始冒险NGINX和SSL。

使用Ubuntu 16.04。

我正在标准1337端口上运行Sails服务器，并使用SSL（使用letsencrypt）设置NGINX。 端口80被redirect到443，上游到达Sails。

我也有一个在8080上监听的Tomcat服务器，并使用NGINX以相同的方式redirect。

• 错误的NET :: ERR_CERT_REVOKED和SEC_ERROR_REVOKED_CERTIFICATE错误
• Nginx提供错误的证书。 两个域名redirect
• 压缩uwsgi-nginx和nginx负载均衡器之间的stream量
• PDOException（1045）SQLSTATE Laravel 4.2 MySQL 5.7
• 为什么我的环回设备上有non-127.xxxstream量？

一切工作正常：我可以浏览器上浏览器的两个服务器上没有特殊的端口。

我已经build立了socket.io只使用websockets协议（没有轮询）。 这是在服务器和浏览器客户端上设置的。

但是，socket.io（sails.io）抛出一个502错误没有浏览器。 （投票也出错了）

这里是我的NGINX站点 – 可用于Sails服务器：

upstream sails { server 127.0.0.1:1337 fail_timeout=0; } server { listen 80; listen [::]:80; server_name mysails.server.com; return 301 https://$server_name$request_uri; } server { listen 443; listen [::]:443 ssl http2; server_name mysails.server.com; include snippets/ssl-mysails.server.conf; include snippers/ssl-params.conf; large_client_header_buffers 8 32k; location / { proxy_pass http://sails/; proxy_http_version 1.1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header Port $server_port; proxy_set_header X-Real-IP $remot_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass_request_headers on; } location /socket.io/ { proxy_pass http://sails/; proxy_http_version 1.1; proxy_redirect off; proxy_set_header Host $host; proxy_set_header Port $server_port; proxy_set_header X-Real-IP $remot_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass_request_headers on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffers 8 32k; proxy_buffer_size 64k; } } 

snippets/ssl-mysails.server.conf和snippers/ssl-params.conf文件包含：

 ssl_certificate /path/to/letsencrypt/fullchain.pem; ssl_certificate_key /path/to/letsencrypt/privkey.pem; 

和

 # from https://cipherli.st/ # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable preloading HSTS for now. You can use the commented out header line that includes # the "preload" directive if you understand the implications. #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_dhparam /etc/ssl/certs/dhparam.pem; 

任何人有任何线索是怎么回事？

更新错误日志和奇怪的行为

我的nginx错误日志说：

 upstream prematurely closed connection while reading response header from upstream, client: XXXXXXXX, server: mysals.server.com, request: "GET /socket.io/?__sails_io_sdk_version=0.13.8&__sails_io_sdk_platform=browser&__sails_io_sdk_language=javascript&EIO=3&transport=websocket HTTP/1.1", upstream: "http://127.0.0.1:1337/?__sails_io_sdk_version=0.13.8&__sails_io_sdk_platform=browser&__sails_io_sdk_language=javascript&EIO=3&transport=websocket", host: "mysails.server.com" 

而我的Sails详细日志不一致。 这可能会这样说：

 *verbose*: Rendering view: "homepage" (located @ "/opt/FillForm/views/homepage") *verbose*: • using configured layout:: layout (located @ "/opt/FillForm/views/layout") *verbose*: Rendering view: "homepage" (located @ "/opt/FillForm/views/homepage") *verbose*: • using configured layout:: layout (located @ "/opt/FillForm/views/layout") *verbose*: Rendering view: "fileLink" (located @ "/opt/FillForm/views/fileLink") *verbose*: • using configured layout:: layout (located @ "/opt/FillForm/views/layout") *verbose*: Sending 404 ("Not Found") response *verbose*: Sending 404 ("Not Found") response *verbose*: Rendering view: "fileLink" (located @ "/opt/FillForm/views/fileLink") *verbose*: • using configured layout:: layout (located @ "/opt/FillForm/views/layout") *verbose*: Sending 404 ("Not Found") response *verbose*: Sending 404 ("Not Found") response 

这很奇怪，因为应该只有一个请求到/opt/FillForm/views/fileLink视图/页面。

如果刷新页面（F5），则浏览器上的Javascript控制台可能会说：

  Socket is trying to reconnect to Sails... _-|>_- (attempt #7) 

并且每一次尝试的结果都是一系列的

 verbose: Rendering view: "homepage" (located @ "/opt/FillForm/views/homepage") verbose: • using configured layout:: layout (located @ "/opt/FillForm/views/layout") 

Sails详细日志中的消息。 为什么套接字请求导致Sails呈现主页视图？

如果使用忽略caching进行刷新（shift + F5），则JavaScript控制台将开始显示尝试和502错误网关消息：

 WebSocket connection to 'wss://mysqils.server.com/socket.io/?__sails_io_sdk_version=0.13.8&__sails_io_s…tform=browser&__sails_io_sdk_language=javascript&EIO=3&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 502 Socket is trying to reconnect to Sails... _-|>_- (attempt #20) 

而Sails详细日志只显示以下消息的两个实例：

 verbose: Sending 404 ("Not Found") response verbose: Sending 404 ("Not Found") response 

并且它停止显示任何其他错误（不像以前的情况，每个websocket尝试导致查看呈现消息）。

在这种情况下，似乎wss请求没有通过Nginx的Sails。

 location /socket.io/ { proxy_pass http://sails/; ... } 

 location /socket.io/ { proxy_pass http://sails/socket.io/; ... }