StephenJoseDai

哦，好像是缓存，为啥反向代理 dev 就可以，反代自己的域名就不行啊？

试了你俩的，好像还是 502 ，反向代理 dev 那个也一样

2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://172.67.189.154:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [error] 22#22: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [warn] 22#22: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET / HTTP/1.1", upstream: "https://104.21.89.160:443/", host: "pj.123.com:7956"
2025/08/08 19:51:03 [error] 22#22: *1 no live upstreams while connecting to upstream, client: 3.2.5.1, server: y.daish.eu.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://pj.abc.com/favicon.ico", host: "pj.123.com:7956", referrer: "https://pj.123.com:7956/"


server {
listen 7956 ssl;
server_name pj.123.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /data/nginx/logs/https_pj_access.log main;
error_log /data/nginx/logs/https_pj_error.log debug;
#gzip on;
#gzip_comp_level 9;
#gzip_types text/css text/plain text/xml application/javascript application/x-javascript application/html application/xml image/png image/jpg image/jpeg image/gif image/webp image/svg+xml;
charset utf-8;
ssl_certificate /data/ssl_cert/pj.123.com.crt;
ssl_certificate_key /data/ssl_cert/pj.123.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;

location / {
proxy_set_header Host pj.abc.com;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_ssl_name pj.abc.com;
proxy_pass https://pj.abc.com;
}
}

@ChicC location 部分现在是这样

location / {
proxy_pass https://pj.abc.com;
proxy_set_header Host pj.abc.com;
proxy_ssl_server_name on;
}

@ChicC 后面我也加了，也还是 502

@Tink 我尝试将设备的 wan6 设置为中继模式，理论上应该可以拿到才对

@Tink 运营商给的是 PD ，我自己划 64 ，但是我的理解是，一级能分 v6 给客户端，那么是不是可以把二级看成就是客户端？二级的 wan 已经分配到了，有没有办法让二级的 wlan 也拿到然后再分给底下的小鸡。设备是树莓派，用的是 op 官方的固件

@leonshaw 二级路由没有 pppoe 了，都是 dhcp

@Puteulanus 它的上游也是 openwrt ，你可以理解为，我现在是二级路由，它的上级是 pppoe 拨号获取到公网 v4+v6 ，上级分配给底下设备是内网 v4+公网 v6 ，我想二级获取上级给的 v4+v6 后，再分给底下客户端一个二级段的 v4+公网 v6

@glcolof 交换机好说，问题是我没理解的是配置，eth0 已经分给了 wan 了怎么再分给 lan ？