主页 / server / 问题 / 840970
Accepted
darkpool
Asked: 2017-03-28 23:42:55 +0800 CST

Nginx - 连接到上游时连接()失败(111:连接被拒绝)

  • 772

我正在运行一个使用 Django、Nginx、Gunicorn、Supervisord 和 fail2ban(只允许 ssh、http 和 https)的站点。该站点正常运行,但有一些有关的 nginx 错误日志条目:

connect() failed (111: Connection refused) while connecting to upstream, client: x.x.x.x, server: www.example.com, request: "GET /example/url/to/get/ HTTP/1.1", upstream: "http://[::1]:8000/example/url/to/get/", host: "www.example.com"

upstream server temporarily disabled while connecting to upstream, client: x.x.x.x, server: www.example.com, request: "GET /example/url/to/get/ HTTP/1.1", upstream: "http://[::1]:8000/example/url/to/get/", host: "www.example.com"

这是我的 nginx 配置:

upstream app_server_wsgiapp {
  server localhost:8000 fail_timeout=0;
}

server {
 listen 80;
 server_name www.example.com;
 return 301 https://www.example.com$request_uri;
}

server {
  server_name           www.example.com;
  listen                443 ssl;

  if ($host = 'example.com') {
    return 301 https://www.example.com$request_uri;
  }

  ssl_certificate       /etc/nginx/example/example.crt;
  ssl_certificate_key   /etc/nginx/example/example.key;
  ssl_session_timeout   1d;
  ssl_session_cache     shared:SSL:50m;
  ssl_protocols         TLSv1.1 TLSv1.2;
  ssl_ciphers           'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-
AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-
SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-
SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-
SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-
AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-
SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-
SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-
SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-
SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-
CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_prefer_server_ciphers   on;

  access_log          /var/log/nginx/www.example.com.access.log;
  error_log           /var/log/nginx/www.example.com.error.log info;
  keepalive_timeout   5;

  proxy_read_timeout    120s;

  # nginx serve up static and media files
  location /static {
    autoindex on;
    alias /static/path;
  }

  location /media {
        autoindex on;
        alias /media/path;
  }

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    if (!-f $request_filename) {
        proxy_pass http://app_server_wsgiapp;
        break;
    }
  }
}

我在 Gunicorn 日志中没有任何错误。

就像我说的,该网站运行正常。但我不想忽略以后可能会成为更大问题的错误日志。

nginx

1 个回答

  1. Best Answer

    这可能是因为您的系统是双栈的,但您的上游仅是 IPv4?

    看起来好像localhost正在解决[::1],这取决于您的上游可能是问题本身。

    鉴于您通过环回进行通信,我倾向于假设这Connection refused是“真实的” - 它反映了实际问题。

    localhost您可以通过127.0.0.1在上游配置中替换为来检查这是否是问题:

    upstream app_server_wsgiapp {
  server 127.0.0.1:8000 fail_timeout=0;
}
    • 10

相关问题