500 Internal Server Error

openresty 新建网站,用域名:端口号的方式访问。
在设置https后,配置文件中添加https端口信息

listen 789 ssl http2 ;

结果访问网站显示:

500 Internal Server Error
openresty

请问是什么情况?
防火墙和端口转发检查过没有问题。

先检查下配置文件:nginx -t 看看有没有配置上的问题
如果代理的后端服务,再检查下后端服务的状态

1 个赞

nginx -t 检查没有问题,容器也都显示运转正常

看openresty的站点日志报错

站点内的error.log显示:

2024/05/31 01:53:10 [warn] 6#6: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/abc.com/ssl/fullchain.pem"
2024/05/31 02:19:17 [error] 6#6: *39728 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: abc.com, server: 0.0.0.0:1234
2024/05/31 02:19:17 [error] 6#6: *39729 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:17 [error] 6#6: *39730 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:17 [error] 6#6: *39731 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39734 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39735 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39736 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:18 [error] 6#6: *39737 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39750 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39751 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39752 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:27 [error] 6#6: *39753 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.1.7, server: 0.0.0.0:1234
2024/05/31 02:19:35 [warn] 6#6: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/xyz.com/ssl/fullchain.pem"
2024/05/31 02:24:51 [error] 6#6: *40084 lua entry thread aborted: runtime error: ./waf.lua:51: bad argument #1 to 'ipairs' (table expected, got userdata)
stack traceback:
coroutine 0:
	[C]: in function 'ipairs'
	./waf.lua:51: in function 'get_website_key'
	./waf.lua:72: in function 'init'
	./waf.lua:171: in main chunk, client: 192.168.1.7, server: _, request: "GET /favicon.ico HTTP/1.1", host: "192.168.1.10:54321", referrer: "http://192.168.1.10:54321/"
2024/05/31 02:25:04 [error] 6#6: *40083 lua entry thread aborted: runtime error: ./waf.lua:51: bad argument #1 to 'ipairs' (table expected, got userdata)
stack traceback:
coroutine 0:
	[C]: in function 'ipairs'
	./waf.lua:51: in function 'get_website_key'
	./waf.lua:72: in function 'init'
	./waf.lua:171: in main chunk, client: 192.168.1.7, server: _, request: "GET /favicon.ico HTTP/1.1", host: "192.168.1.10:54321", referrer: "http://192.168.1.10:54321/"

其中访问机ip192.168.1.7
1panel 主机ip 192.168.1.10
端口1234是OpenResty的https端口
端口54321是OpenResty的http端口
abc.com是一个静态网站
xyz.com是一个反向代理
现在他们都显示 500 Internal Server Error

真的只加了一个端口监听吗?不止吧,只加端口监听不会有问题


By Chat GPT:

解析这些OpenResty日志信息,以下是每条日志的详细说明和可能的原因分析:

  1. 2024/05/31 01:53:10 [warn] 6#6: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: “/www/sites/abc.com/ssl/fullchain.pem”

    • 描述: 该警告信息表示在尝试请求证书状态时,没有定义DNS解析器以解析r3.o.lencr.org
    • 可能原因: OpenResty配置文件中缺少DNS解析器配置。需要在配置文件中定义resolver,例如 resolver 8.8.8.8;
  2. *2024/05/31 02:19:17 [error] 6#6: 39728 cannot load certificate “data:”: PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: abc.com, server: 0.0.0.0:1234

    • 描述: 该错误信息表示在加载证书时失败,PEM_read_bio_X509_AUX函数未能读取到PEM格式的证书,错误信息指示缺少“TRUSTED CERTIFICATE”起始行。
    • 可能原因: 配置中的证书路径错误或证书文件内容损坏或格式不正确。需要检查证书文件是否正确且有效。
  3. *2024/05/31 02:24:51 [error] 6#6: 40084 lua entry thread aborted: runtime error: ./waf.lua:51: bad argument #1 to ‘ipairs’ (table expected, got userdata)

    • 描述: 该错误信息表示在运行Lua脚本时发生了运行时错误,ipairs函数期望接收到一个表,但实际得到的是userdata
    • 可能原因: Lua脚本中的get_website_key函数在调用ipairs时传递了错误的数据类型。需要检查并确保传递给ipairs的参数是一个表。

综合分析和建议

  1. DNS解析器配置问题:

    • 在OpenResty的配置文件中添加DNS解析器配置,如:
      resolver 8.8.8.8 valid=300s;
      
  2. 证书加载问题:

    • 检查并验证证书文件的路径和内容是否正确。
    • 确保证书文件包含正确的“-----BEGIN CERTIFICATE-----”和“-----END CERTIFICATE-----”标识。
  3. Lua脚本错误:

    • 确保传递给ipairs的参数是一个表类型,修改waf.lua脚本,添加类型检查和错误处理,例如:
      function get_website_key(data)
          if type(data) ~= "table" then
              ngx.log(ngx.ERR, "Expected table but got " .. type(data))
              return nil
          end
          for _, v in ipairs(data) do
              -- your logic here
          end
      end
      

通过以上调整,可以解决大部分日志中的警告和错误信息,确保OpenResty运行稳定。

我修改配置文件,只留了

listen 789 ssl http2 ;

也就是我删除了OpenResty的默认端口,另外,我并没有使用默认的80 和443 ,自己改的别端口。这会导致这个问题吗?