Django Celery с ALB на AWS постоянная ошибка HTTP 502 Bad Gateway
Я не могу понять, что не так в моей настройке.
Фронтенд (HTTPS: 5173
) docker контейнер + django/celery (HTTPS: 8000
, gunicorn
) контейнер на ec2.
Оба, 80
и 443
, открыты.
Loadbalancer с HTTPS:443
Listener, целевая группа по умолчанию для frontend, правило для /api/* путь к Django https:8000. проверка здоровья никогда не работает, независимо от того, http, https, путь с косой чертой или без.
самоподписанный сертификат отлично работает локально, работал несколько дней назад на aws, импортированном для *.localhost/CN=localhost
. срок действия > 100 дней
.
тест рукопожатия пройден
журналы из django/celery:
[2024-10-18 09:33:25 +0000] [11] [WARNING] Invalid request from ip=172.31.xx.91: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:41 +0000] [11] [WARNING] Invalid request from ip=172.31.xx.217: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:43 +0000] [12] [WARNING] Invalid request from ip=172.31.xx.144: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:49 +0000] [12] [WARNING] Invalid request from ip=172.31.33.xx: [SSL] PEM lib (_ssl.c:3900)
[2024-10-18 09:33:55 +0000] [12] [WARNING] Invalid request from ip=172.31.xx.91: [SSL] PEM lib (_ssl.c:3900)
части из журналов доступа ALB:
ELB status code: 502 (Bad Gateway, indicating issues with the target or downstream services)
SSL cipher and protocol: TLS_AES_128_GCM_SHA256 TLSv1.3
Браузер тот же:
index-BbUzq7eH.js:27
GET https://xxxxxxxxx.eu-central-1.elb.amazonaws.com/api/set-csrf/ 502 (Bad Gateway)
Django ALLOWED_HOSTS установлен на [«*»] для тестирования
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOW_CREDENTIALS = True
SECURE_SSL_REDIRECT = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = False
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
USE_X_FORWARDED_HOST = True
USE_X_FORWARDED_PORT = True
ALLOWED_HOSTS = ["*"]
CSRF_TRUSTED_ORIGINS = ["https://localhost:5173", "https://xxxxxcentral-1.elb.amazonaws.com"]
CORS_ALLOWED_ORIGINS = [
'https://localhost:5173', # Your Vue dev server address
'https://3.76.xx.xx',
'https://xxxxxx.eu-central-1.elb.amazonaws.com',
]
CORS_ORIGIN_WHITELIST = [
'https://localhost:5173',
'https://3.76.xx.xx',
'https://xxxxx.eu-central-1.elb.amazonaws.com'
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
nginx:
server {
listen 80;
server_name _;
location /api/health/ {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Redirect all other HTTP traffic to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# Configuration for handling HTTPS traffic
server {
listen 8000 ssl;
server_name _;
ssl_certificate /app/certs/localhost.crt;
ssl_certificate_key /app/certs/localhost.key;
location /static/ {
alias /app/staticfiles/;
}
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Я пробовал его с nginx и без него, разницы в поведении нет.
Почему я вижу 502?