Nginx 反向代理 CLoudflare 的 Pages 项目域名出错

我在 Cloudflare 的 Pages 上部署了 github 的项目，默认域名是.dev 的，于是我绑定了一个在 cloudflare 上托管的域名，假设是 abc.com ，项目解析的是 pj.abc.com ，我访问 pj.abc.com 的时候是 reset ，因为长城的原因，我只能使用 VPN ，但这不是一个好办法，于是我找到了一台能够翻墙的 Linux 服务器，使用 nginx 对这个域名进行反向代理，但是似乎访问时会报 502 ，这个是啥问题引起的？

server {
    listen 6659;
    server_name pj.123.com;
    access_log /var/nginx/logs/http_proxy_access.log main;
    error_log /var/nginx/logs/http_proxy_error.log debug;
    if ($host ~* "^pj.123.com$") {
        rewrite ^/(.*)$ https://pj.123.com:7956$request_uri permanent;
    }
}

server {
    listen 7956 ssl;
    server_name pj.123.com;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    access_log /var/nginx/logs/https_proxy_access.log main;
    error_log /data/nginx/logs/https_proxy_error.log debug;
    gzip on;
    gzip_comp_level 9;
    gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml;
    charset utf-8;
    ssl_certificate   /etc/sssl_cert/pj.123.com.crt;
    ssl_certificate_key  /etc/ssl_cert/pj.123.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    
    
    location / {

        proxy_pass https://pj.abc.com;
        proxy_connect_timeout 30;
        proxy_read_timeout 60;
        proxy_send_timeout 60;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header Connection "upgrade";
        #proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_server_name on;
    }
}

我看了下日志，似乎是报 SSL 的问题

2025/08/08 03:46:46 [error] 22#22: *7 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [warn] 22#22: *7 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [error] 22#22: *7 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [warn] 22#22: *7 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 03:46:46 [error] 22#22: *7 no live upstreams while connecting to upstream, client: 3.5.2.4, server: pj.123.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/"

StephenJoseDai

26 天前

试了你俩的，好像还是 502 ，反向代理 dev 那个也一样

2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [error] 22#22: *1 no live upstreams while connecting to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/"

server {
listen 7956 ssl;
server_name pj.123.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /data/nginx/logs/https_pj_access.log main;
error_log /data/nginx/logs/https_pj_error.log debug;
#gzip on;
#gzip_comp_level 9;
#gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml;
charset utf-8;
ssl_certificate /data/ssl_cert/pj.123.com.crt;
ssl_certificate_key /data/ssl_cert/pj.123.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;

location / {
proxy_set_header Host pj.abc.com;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_ssl_name pj.abc.com;
proxy_pass https://pj.abc.com;
}
}