nginx上的一个反向代理https的错误

在nginx上突然出现的一个反向代理https的错误，特此记录

问题说明

本来就是一个简单的反向代理，用来代理openai的api，今天之前用得好好的，重启了nginx后，就不能用了

真实域名已隐藏

server {
        server_name openai.your.domain;

        location / {
            proxy_pass https://api.openai.com/;
            proxy_set_header Host api.openai.com;
            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header Connection '';
            proxy_http_version 1.1;
            chunked_transfer_encoding off;
            proxy_buffering off;
            proxy_cache off;

        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/openai.your.domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/openai.your.domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

http请求报502

nginx日志报错，大致是这样

2023/04/07 10:53:24 [error] 886#886: *21 SSL_do_handshake() failed (SSL: error:0A000410:SSL routines::sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 151.61.223.142, server: openai.your.domain, request: "GET /v1/chat/completions HTTP/1.1", upstream: "https://104.18.7.192:443/v1/chat/completions", host: "openai.your.domain"

解决

在location里加一句proxy_ssl_server_name on;，再重启nginx就可以了，如：

location / {
    proxy_ssl_server_name on;
    proxy_pass https://api.openai.com/;
    proxy_set_header Host api.openai.com;
    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;

}

那么，从日志看，proxy_set_header Host api.openai.com;这一句是不是没有生效呢。再研究吧

参考

https://www.claudiokuenzler.com/blog/1120/nginx-reverse-proxy-ssl-alert-number-40-while-ssl-handshaking-upstream