标签： nginx

• Host pan.hetao.me:443 was resolved.
• IPv6: (none)
• IPv4: 192.168.33.20
• Trying 192.168.33.20:443…
• QUIC cipher selection: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256
• CAfile: /etc/ssl/certs/ca-certificates.crt
• CApath: /etc/ssl/certs
• subjectAltName: host “pan.hetao.me” matched cert’s “*.hetao.me”
• Verified certificate just fine
• Connected to pan.hetao.me (192.168.33.20) port 443
• using HTTP/3
• [HTTP/3] [0] OPENED stream for https://pan.hetao.me/
• [HTTP/3] [0] [:method: GET]
• [HTTP/3] [0] [:scheme: https]
• [HTTP/3] [0] [:authority: pan.hetao.me]
• [HTTP/3] [0] [:path: /]
• [HTTP/3] [0] [user-agent: curl/8.6.0-DEV]
• [HTTP/3] [0] [accept: /]
  GET / HTTP/3
  Host: pan.hetao.me
  User-Agent: curl/8.6.0-DEV
  Accept: /

• ngtcp2_conn_writev_stream returned error: ERR_DRAINING

• Connection #0 to host pan.hetao.me left intact
  curl: (55) ngtcp2_conn_writev_stream returned error: ERR_DRAINING

解决：
listen后面添加reuseport参数

    listen 443 quic reuseport;
    listen       443 ssl;
    listen [::]:443 quic reuseport;
    listen       [::]:443 ssl;

Views: 173

curl报的错误如下

curl: (92) Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2,h2c]

用浏览器的话也会报连接错误
造成这种问题的原因是反向代理的上游开启了HTTP/2,然后nginx通过HTTP/1.1与上游连接，这样上游返回的报文中就会添加Upgrade头来要求升级到HTTP/2连接。
知道了原因就好解决了，可以采取以下方法

• 关闭上游服务器的HTTP/2

• 使用HTTP/2或H2C与上游连接

  nginx不支持

• 过滤Upgrade头

  proxy_hide_header Upgrade;

Views: 22