500 Internal Server Error

user-rgkafgoraaw · 2024 年5 月 26 日 18:57

openresty 新建网站，用域名：端口号的方式访问。
在设置https后，配置文件中添加https端口信息

listen 789 ssl http2 ;

结果访问网站显示：

500 Internal Server Error
openresty

请问是什么情况？
防火墙和端口转发检查过没有问题。

zhishang.wang · 2024 年5 月 27 日 02:48

先检查下配置文件：nginx -t 看看有没有配置上的问题
如果代理的后端服务，再检查下后端服务的状态

user-rgkafgoraaw · 2024 年5 月 27 日 17:03

nginx -t 检查没有问题，容器也都显示运转正常

ToolMan · 2024 年5 月 30 日 09:26

看openresty的站点日志报错

user-rgkafgoraaw · 2024 年5 月 30 日 19:12

站点内的error.log显示：

2024/05/31 01:53:10 [warn] 6#6: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/abc.com/ssl/fullchain.pem"
2024/05/31 02:19:17 [error] 6#6: *39728 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: abc.com, server: 0.0.0.0:1234
2024/05/31 02:19:17 [error] 6#6: *39729 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:17 [error] 6#6: *39730 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:17 [error] 6#6: *39731 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39734 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39735 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39736 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39737 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39750 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39751 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39752 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39753 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:35 [warn] 6#6: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/xyz.com/ssl/fullchain.pem"
2024/05/31 02:24:51 [error] 6#6: *40084 lua entry thread aborted: runtime error: ./waf.lua:51: bad argument #1 to 'ipairs' (table expected, got userdata)
stack traceback:
coroutine 0:
	[C]: in function 'ipairs'
	./waf.lua:51: in function 'get_website_key'
	./waf.lua:72: in function 'init'
	./waf.lua:171: in main chunk, client: 192.168.1.7, server: _, request: "GET /favicon.ico HTTP/1.1", host: "192.168.1.10:54321", referrer: "http://192.168.1.10:54321/"
2024/05/31 02:25:04 [error] 6#6: *40083 lua entry thread aborted: runtime error: ./waf.lua:51: bad argument #1 to 'ipairs' (table expected, got userdata)
stack traceback:
coroutine 0:
	[C]: in function 'ipairs'
	./waf.lua:51: in function 'get_website_key'
	./waf.lua:72: in function 'init'
	./waf.lua:171: in main chunk, client: 192.168.1.7, server: _, request: "GET /favicon.ico HTTP/1.1", host: "192.168.1.10:54321", referrer: "http://192.168.1.10:54321/"

其中访问机ip192.168.1.7
1panel 主机ip 192.168.1.10
端口1234是OpenResty的https端口
端口54321是OpenResty的http端口
abc.com是一个静态网站
xyz.com是一个反向代理
现在他们都显示 500 Internal Server Error

ToolMan · 2024 年5 月 31 日 00:40

真的只加了一个端口监听吗？不止吧，只加端口监听不会有问题

By Chat GPT：

解析这些OpenResty日志信息，以下是每条日志的详细说明和可能的原因分析：

2024/05/31 01:53:10 [warn] 6#6: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: “/www/sites/abc.com/ssl/fullchain.pem”
- 描述: 该警告信息表示在尝试请求证书状态时，没有定义DNS解析器以解析r3.o.lencr.org。
- 可能原因: OpenResty配置文件中缺少DNS解析器配置。需要在配置文件中定义resolver，例如 resolver 8.8.8.8;。
*2024/05/31 02:19:17 [error] 6#6: 39728 cannot load certificate “data:”: PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: abc.com, server: 0.0.0.0:1234
- 描述: 该错误信息表示在加载证书时失败，PEM_read_bio_X509_AUX函数未能读取到PEM格式的证书，错误信息指示缺少“TRUSTED CERTIFICATE”起始行。
- 可能原因: 配置中的证书路径错误或证书文件内容损坏或格式不正确。需要检查证书文件是否正确且有效。
*2024/05/31 02:24:51 [error] 6#6: 40084 lua entry thread aborted: runtime error: ./waf.lua:51: bad argument #1 to ‘ipairs’ (table expected, got userdata)
- 描述: 该错误信息表示在运行Lua脚本时发生了运行时错误，ipairs函数期望接收到一个表，但实际得到的是userdata。
- 可能原因: Lua脚本中的get_website_key函数在调用ipairs时传递了错误的数据类型。需要检查并确保传递给ipairs的参数是一个表。

综合分析和建议

DNS解析器配置问题:
- 在OpenResty的配置文件中添加DNS解析器配置，如：
```
resolver 8.8.8.8 valid=300s;
```
证书加载问题:
- 检查并验证证书文件的路径和内容是否正确。
- 确保证书文件包含正确的“-----BEGIN CERTIFICATE-----”和“-----END CERTIFICATE-----”标识。

Lua脚本错误:

确保传递给ipairs的参数是一个表类型，修改waf.lua脚本，添加类型检查和错误处理，例如：

function get_website_key(data)
    if type(data) ~= "table" then
        ngx.log(ngx.ERR, "Expected table but got " .. type(data))
        return nil
    end
    for _, v in ipairs(data) do
        -- your logic here
    end
end

通过以上调整，可以解决大部分日志中的警告和错误信息，确保OpenResty运行稳定。

user-rgkafgoraaw · 2024 年5 月 31 日 03:12

我修改配置文件，只留了

listen 789 ssl http2 ;

也就是我删除了OpenResty的默认端口，另外，我并没有使用默认的80 和443 ，自己改的别端口。这会导致这个问题吗？