自建短链转节点订阅链接无法正常跳转, cloudflare 报 502,但转其他网站的长链却成功, 是啥情况?
winson030 2022-12-01 02:01:51 +08:00 2072 次点击这是一个创建于 1121 天前的主题,其中的信息可能已经有所发展或是发生改变。
TLDR:myurl 转换 subweb 的订阅长链接报 502 ,转换其他链接能正常跳转
起因
最近想自建短链,看到了 stilleshan 的项目,作者提供了完整的指南和配置文件,想着搭一个玩玩。根据作者的 docker-compose 文件,nginx 配置文件搭建好之后,尝试转换 subweb 的订阅链接,能转换成功返回短链,数据库也成功存储长链接数据,但通过短链访问长链确报 502 的错误,转换 Google ,bing 上别的网站的长链接能够正常跳转,甚至是作者自己搭建的短链也成功跳转(我的短链-->作者的短链-->长链),这让我非常困惑。
背景
域名在 cloudflare 上托管着,用的 nginx 做反向代理
排查
nginx
正常,可以接收短链的请求,有访问日志
ip.ip.ip.ip - - [30/Nov/2022:15:58:16 +0000] "GET /gpx3R8g HTTP/2.0" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56" "ip.ip.ip.ip" 配置文件如下
server { listen 80; server_name a.b.c; return 301 https://a.b.c$request_uri; } server { listen 443 ssl http2; server_name a.b.c; index index.php index.html index.htm default.php default.htm default.html; ssl_certificate /etc/nginx/ssl/a.b.c/fullchain1.pem; ssl_certificate_key /etc/nginx/ssl/a.b.c/privkey1.pem; gzip on; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_tickets off; resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_redirect off; # proxy_http_version 1.1; proxy_pass http://a.b.c:8002; add_header 'Access-Control-Allow-Origin' '*'; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; client_max_body_size 100m; client_body_buffer_size 128k; } # Pass PHP files to FPM. # location ~ \.php$ { # try_files $uri =404; # fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_pass unix:/var/run/php5-fpm.sock; # fastcgi_index index.php; # include fastcgi_params; # } # Deny hidden files. location ~ /\. { deny all; } # Forbidden files or directories location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) { return 404; } # Directory verification related settings for one-click application for SSL certificate location ~ \.well-known { allow all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log /dev/null; access_log off; } location ~ .*\.(js|css)?$ { expires 12h; } access_log /var/log/nginx/a.b.c.access.log main; error_log /var/log/nginx/a.b.c.error.log warn; } redis
正常,可以存储长链和短链
前端
正常,可以正确解析长链,返回短链
疑惑
目前将问题定位在 cloudflare 上,但 cloudflare 免费版能设置的也就零星几个选项,想知道该怎么设置才能解除报 502 ,正常跳转到长链接
 | 1 eason1874 2022-12-01 02:08:37 +08:00 你自己的 Nginx 都 502 ,说明不关 CF 的事,应该是短链接程序有 bug ,要看它的日志 |
 | 2 winson030 OP @eason1874 ```shell root@debian ~/myurls# docker logs myurls [GIN] 2022/11/30 - 17:15:27 | 200 | 704.002s | a.b.c.d | GET "/" 2022/11/30 17:15:38 Hit cache: gpx3R8g [GIN] 2022/11/30 - 17:15:38 | 200 | 1.762924ms | a.b.c.d | POST "/short" [GIN] 2022/11/30 - 17:15:43 | 301 | 988.202s | a.b.c.d | GET "/gpx3R8g" [GIN] 2022/11/30 - 17:18:34 | 301 | 5.359253ms | a.b.c.d | GET "/gpx3R8g" [GIN] 2022/11/30 - 17:22:29 | 301 | 1.425363ms | a.b.c.d | GET "/gpx3R8g" ``` docker 上的日志是这样的,没看出啥毛病呀? |
| 4 eason1874 2022-12-01 02:21:19 +08:00 |
| 5 winson030 OP @eason1874 试了下,返回了下面这些信息 ```shell HTTP/2 502 server: nginx/1.23.2 date: Wed, 30 Nov 2022 18:23:35 GMT content-type: text/html content-length: 157 <html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.23.2</center> </body> </html> ``` 这里能看出什么问题吗? |
| 6 eason1874 2022-12-01 02:33:35 +08:00 @winson030 你直接请求 docker 访问地址也报 502 ,就证实了问题出 docker 其中程序。你可以进去 shell 查看里面的日志,如果没有记录日志,你就打开后再请求然后再看。我没用过这个短链接,只能说个思路了,具体操作你得自己做 |
| 7 winson030 OP @eason1874 ```shell 2022/11/30 18:40:59 [error] 237#237: *353 upstream sent too big header while reading response header from upstream, client: a.b.c.d, server: a.b.c.d, request: "GET /W8yuvkA HTTP/2.0", upstream: "http://a.b.c.d:8002/W8yuvkA", host: "a.b.c.d" 2022/11/30 18:41:24 [error] 237#237: *353 upstream sent too big header while reading response header from upstream, client: a.b.c.d, server: a.b.c.d, request: "GET /W8yuvkA HTTP/2.0", upstream: "http://a.b.c.d:8002/W8yuvkA", host: "a.b.c.d 2022/11/30 18:41:55 [error] 237#237: *353 upstream sent too big header while reading response header from upstream, client: a.b.c.d, server: a.b.c.d, request: "GET /W8yuvkA HTTP/2.0", upstream: "http://a.b.c.d:8002/W8yuvkA", host: "a.b.c.d" ``` 看到 nginx 的报错说 " upstream sent too big header while reading response header from upstream",感觉是长链接的字节流太大了?这种情况不知道要咋整? |
| 8 eason1874 2022-12-01 02:52:57 +08:00  1 |
Select Language