Здравствуйте!

Тестируем взаимодействие с НСПК через cpnginx.
Настроили вэбсервер по документу "МИР. Шифрование Nginx с поддержкой ГОСТ TLS".
Архитектура следующая:
Контейнер с cpnginx --> Шлюз HAProxy для выхода во внешку --> api-partner-v2-demo.nspk.ru.
Все работает, но есть несколько неприятных моментов, а именно:
1. После запуска сервера любой первый запрос всегда получает ошибку "Certificate chain trust error: 0x10000 (The certificate chain is not complete) while checking remote certificate, client: х,х,х,х, server: mir-cpnginx-gw-out, request: "GET /api/v2/ping HTTP/1.1", upstream: "https://х,х,х,х:443/api/v2/ping", host: "х,х,х,х:8080"". Следующий запрос уже отрабатывает нормально.
2. После долгого простоя (неделя и больше) то ошибка становится постоянной. Помогает вызов из контейнер /opt/cprocsp/bin/amd64/curl -vvv http://localhost/api/v2/ping.

Данное поведение явно указывает на то, что проблема во времени жизни либо сессии, либо чего другого. К моему сожалению, я не смог найти достаточно информации о таком поведении nginx.

Прошу помочь локализовать проблему.

[code=markup]
Certmgr Ver:5.0.13000 OS:Linux CPU:AMD64 (c) "Crypto-Pro", 2007-2024.
Program for managing certificates, CRLs and stores.
Installing:
=============================================================================
1-------
Issuer : C=RU, S=Москва, L=Москва, O="АО ""НСПК""", CN=Primary Root CA GOST
Subject : C=RU, S=Москва, L=Москва, O="АО ""НСПК""", CN=Primary Root CA GOST
Serial : 0x1E71F300F6AD80A647D75A775366B670
SHA1 Thumbprint : 75093718899ca353552ee646373837f6934578bc
SubjectKeyID : 51b004c7e461d1742be9872dec72080eb365225f
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 256 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 256 бит (512 bits)
Not valid before : 06/12/2021 14:36:21 UTC
Not valid after : 06/12/2026 14:36:21 UTC
PrivateKey Link : No
=============================================================================
CPCSP: Warning: installing a root certificate with an unconfirmed thumbprint is a security risk. Do you want to install this certificate?
Subject: Primary Root CA GOST
Thumbprint (sha1): 75093718899CA353552EE646373837F6934578BC
(o)OK, (c)Cancel

[ErrorCode: 0x00000000]
Certmgr Ver:5.0.13000 OS:Linux CPU:AMD64 (c) "Crypto-Pro", 2007-2024.
Program for managing certificates, CRLs and stores.
Installing:
=============================================================================
1-------
Issuer : C=RU, S=Москва, L=Москва, O="АО ""НСПК""", CN=Primary Root CA GOST
Subject : C=RU, S=Moscow, L=Moscow, O=NSPK JSC, CN=InfosystemsGost
Serial : 0x611FED0096B0119840CCEB808D88A67B
SHA1 Thumbprint : 136b151c52beb3efb70ad035edbbf53907a4272e
SubjectKeyID : e67481d185566b87f9a74856703f684cad0ed242
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 256 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 256 бит (512 bits)
Not valid before : 09/10/2023 14:13:30 UTC
Not valid after : 06/12/2026 14:36:21 UTC
PrivateKey Link : No
CA cert URL : http://cdp01.mirconnect.ru/prcag/prcag.crt
CA cert URL : http://cdp02.mirconnect.ru/prcag/prcag.crt
CDP : http://cdp01.mirconnect.ru/prcag/prcag.crl
CDP : http://cdp02.mirconnect.ru/prcag/prcag.crl
=============================================================================

[ErrorCode: 0x00000000]
Certmgr Ver:5.0.13000 OS:Linux CPU:AMD64 (c) "Crypto-Pro", 2007-2024.
Program for managing certificates, CRLs and stores.
Installing:
=============================================================================
1-------
Issuer : CN=InfosystemsGost_Test, C=RU, S=Moscow, L=Moscow, O=NSPK JSC, OU=Security Department
ThisUpdate : 18/01/2024 12:06:17 UTC
NextUpdate : 06/12/2026 14:36:21 UTC
NextPublish : 19/01/2024 15:00:00 UTC
AuthorityKeyID : c7f8cd318b7ca2d7fa348c095398c2392c4f42f4
Entries : 1
CRL Number : 0x1e
=============================================================================

[ErrorCode: 0x00000000]
worker_processes 1;
daemon off;
error_log /dev/stderr debug;
pid /var/run/cpnginx.pid;
events {}
http {
include /etc/opt/cprocsp/cpnginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /dev/stdout main;

server {
listen 8080 default;
listen 80;
keepalive_timeout 70;
ssl_session_tickets on;
ssl_session_cache shared:SSL:100m;
ssl_session_timeout 1h;
server_name mir-cpnginx-gw-out.integration.ump-pss-test.mbrd.ru;
location / {
proxy_pass https://api-partner-v2-d...common.svc.cluster.local:443;
proxy_sspi on;
proxy_ssl_verify on;
proxy_ssl_server_name on;
proxy_ssl_trusted_certificate Root;
proxy_ssl_verify_local_crl_only on;
proxy_ssl_protocols TLSv1.2;
proxy_set_header Host api-partner-v2-demo.nspk.ru;
}
}
}
2025/03/27 13:07:53 [debug] 17#0: bind() 0.0.0.0:8080 #6
2025/03/27 13:07:53 [debug] 17#0: bind() 0.0.0.0:80 #7
2025/03/27 13:07:53 [notice] 17#0: using the "epoll" event method
2025/03/27 13:07:53 [debug] 17#0: counter: 00007FA588A6A080, 1
2025/03/27 13:07:53 [notice] 17#0: nginx/1.22.1
2025/03/27 13:07:53 [notice] 17#0: built by gcc 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)
2025/03/27 13:07:53 [notice] 17#0: OS: Linux 5.15.178-1.el7.3.x86_64
2025/03/27 13:07:53 [notice] 17#0: getrlimit(RLIMIT_NOFILE): 1073741816:1073741816
2025/03/27 13:07:53 [debug] 17#0: write: 8, 00007FFCC5227BC0, 3, 0
2025/03/27 13:07:53 [debug] 17#0: setproctitle: "nginx: master process /opt/cprocsp/sbin/amd64/cpnginx -c nginx.conf"
2025/03/27 13:07:53 [notice] 17#0: start worker processes
2025/03/27 13:07:53 [debug] 17#0: channel 3:8
2025/03/27 13:07:53 [notice] 17#0: start worker process 18
2025/03/27 13:07:53 [debug] 17#0: sigsuspend
2025/03/27 13:07:53 [debug] 18#0: add cleanup: 000055C13AED2290
2025/03/27 13:07:53 [debug] 18#0: malloc: 000055C13AE9C820:8
2025/03/27 13:07:53 [debug] 18#0: notify eventfd: 10
2025/03/27 13:07:53 [debug] 18#0: testing the EPOLLRDHUP flag: success
2025/03/27 13:07:53 [debug] 18#0: malloc: 000055C13AEB5A00:6144
2025/03/27 13:07:53 [debug] 18#0: malloc: 000055C13AED98C0:122880
2025/03/27 13:07:53 [debug] 18#0: malloc: 000055C13AEF78D0:49152
2025/03/27 13:07:53 [debug] 18#0: malloc: 000055C13AF038E0:49152
2025/03/27 13:07:53 [debug] 18#0: epoll add event: fd:6 op:1 ev:00002001
2025/03/27 13:07:53 [debug] 18#0: epoll add event: fd:7 op:1 ev:00002001
2025/03/27 13:07:53 [debug] 18#0: ngx_http_sspi_init_process
2025/03/27 13:07:53 [debug] 18#0: SSPI test static location: "/"
2025/03/27 13:07:53 [debug] 18#0: SSPI test static location: inclusive
2025/03/27 13:07:53 [debug] 18#0: SSPI enabled!
2025/03/27 13:07:53 [debug] 18#0: SSPI static location initialized: "/"
2025/03/27 13:07:53 [debug] 18#0: SSPI test static locations: dead end.
2025/03/27 13:07:53 [debug] 18#0: SSPI test static locations: dead end.
2025/03/27 13:07:53 [debug] 18#0: SSPI test static locations: dead end.
2025/03/27 13:07:53 [debug] 18#0: SSPI no regexp locations whatsoever.
2025/03/27 13:07:53 [debug] 18#0: ngx_stream_sspi_init_process
2025/03/27 13:07:53 [debug] 18#0: epoll add event: fd:8 op:1 ev:00002001
2025/03/27 13:07:53 [debug] 18#0: setproctitle: "nginx: worker process"
2025/03/27 13:07:53 [debug] 18#0: worker cycle
2025/03/27 13:07:53 [debug] 18#0: epoll timer: -1
2025/03/27 13:07:56 [debug] 18#0: epoll: fd:6 ev:0001 d:000055C13AED98C0
2025/03/27 13:07:56 [debug] 18#0: accept on 0.0.0.0:8080, ready: 0
2025/03/27 13:07:56 [debug] 18#0: posix_memalign: 000055C13AE919F0:512 @16
2025/03/27 13:07:56 [debug] 18#0: *1 accept: 172.16.32.60:34398 fd:3
2025/03/27 13:07:56 [debug] 18#0: *1 event timer add: 3: 60000:1313081188
2025/03/27 13:07:56 [debug] 18#0: *1 reusable connection: 1
2025/03/27 13:07:56 [debug] 18#0: *1 epoll add event: fd:3 op:1 ev:80002001
2025/03/27 13:07:56 [debug] 18#0: timer delta: 2780
2025/03/27 13:07:56 [debug] 18#0: worker cycle
2025/03/27 13:07:56 [debug] 18#0: epoll timer: 60000
2025/03/27 13:07:56 [debug] 18#0: epoll: fd:3 ev:0001 d:000055C13AED9B90
2025/03/27 13:07:56 [debug] 18#0: *1 http wait request handler
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AFC6AA0:1024
2025/03/27 13:07:56 [debug] 18#0: *1 recv: eof:0, avail:-1
2025/03/27 13:07:56 [debug] 18#0: *1 recv: fd:3 117 of 1024
2025/03/27 13:07:56 [debug] 18#0: *1 reusable connection: 0
2025/03/27 13:07:56 [debug] 18#0: *1 posix_memalign: 000055C13AFCA0C0:4096 @16
2025/03/27 13:07:56 [debug] 18#0: *1 http process request line
2025/03/27 13:07:56 [debug] 18#0: *1 http request line: "GET /api/v2/ping HTTP/1.1"
2025/03/27 13:07:56 [debug] 18#0: *1 http uri: "/api/v2/ping"
2025/03/27 13:07:56 [debug] 18#0: *1 http args: ""
2025/03/27 13:07:56 [debug] 18#0: *1 http exten: ""
2025/03/27 13:07:56 [debug] 18#0: *1 posix_memalign: 000055C13AFCB0D0:4096 @16
2025/03/27 13:07:56 [debug] 18#0: *1 http process request header line
2025/03/27 13:07:56 [debug] 18#0: *1 http header: "Host: 10.244.206.113:8080"
2025/03/27 13:07:56 [debug] 18#0: *1 http header: "User-Agent: kube-probe/1.24"
2025/03/27 13:07:56 [debug] 18#0: *1 http header: "Accept: */*"
2025/03/27 13:07:56 [debug] 18#0: *1 http header: "Connection: close"
2025/03/27 13:07:56 [debug] 18#0: *1 http header done
2025/03/27 13:07:56 [debug] 18#0: *1 event timer del: 3: 1313081188
2025/03/27 13:07:56 [debug] 18#0: *1 rewrite phase: 0
2025/03/27 13:07:56 [debug] 18#0: *1 test location: "/"
2025/03/27 13:07:56 [debug] 18#0: *1 using configuration "/"
2025/03/27 13:07:56 [debug] 18#0: *1 http cl:-1 max:1048576
2025/03/27 13:07:56 [debug] 18#0: *1 rewrite phase: 2
2025/03/27 13:07:56 [debug] 18#0: *1 post rewrite phase: 3
2025/03/27 13:07:56 [debug] 18#0: *1 generic phase: 4
2025/03/27 13:07:56 [debug] 18#0: *1 generic phase: 5
2025/03/27 13:07:56 [debug] 18#0: *1 access phase: 6
2025/03/27 13:07:56 [debug] 18#0: *1 access phase: 7
2025/03/27 13:07:56 [debug] 18#0: *1 post access phase: 8
2025/03/27 13:07:56 [debug] 18#0: *1 generic phase: 9
2025/03/27 13:07:56 [debug] 18#0: *1 generic phase: 10
2025/03/27 13:07:56 [debug] 18#0: *1 http init upstream, client timer: 0
2025/03/27 13:07:56 [debug] 18#0: *1 epoll add event: fd:3 op:3 ev:80002005
2025/03/27 13:07:56 [debug] 18#0: *1 http script copy: "Host"
2025/03/27 13:07:56 [debug] 18#0: *1 http script copy: "api-partner-v2-demo.nspk.ru"
2025/03/27 13:07:56 [debug] 18#0: *1 http script copy: "Connection"
2025/03/27 13:07:56 [debug] 18#0: *1 http script copy: "close"
2025/03/27 13:07:56 [debug] 18#0: *1 http script copy: ""
2025/03/27 13:07:56 [debug] 18#0: *1 http script copy: ""
2025/03/27 13:07:56 [debug] 18#0: *1 http proxy header: "User-Agent: kube-probe/1.24"
2025/03/27 13:07:56 [debug] 18#0: *1 http proxy header: "Accept: */*"
2025/03/27 13:07:56 [debug] 18#0: *1 http proxy header:
"GET /api/v2/ping HTTP/1.0
Host: api-partner-v2-demo.nspk.ru
Connection: close
User-Agent: kube-probe/1.24
Accept: */*

"
2025/03/27 13:07:56 [debug] 18#0: *1 http cleanup add: 000055C13AFCB978
2025/03/27 13:07:56 [debug] 18#0: *1 get rr peer, try: 1
2025/03/27 13:07:56 [debug] 18#0: *1 stream socket 21
2025/03/27 13:07:56 [debug] 18#0: *1 epoll add connection: fd:21 ev:80002005
2025/03/27 13:07:56 [debug] 18#0: *1 connect to 10.102.70.115:443, fd:21 #2
2025/03/27 13:07:56 [debug] 18#0: *1 http upstream connect: -2
2025/03/27 13:07:56 [debug] 18#0: *1 posix_memalign: 000055C13AF6FF30:128 @16
2025/03/27 13:07:56 [debug] 18#0: *1 event timer add: 21: 60000:1313081188
2025/03/27 13:07:56 [debug] 18#0: *1 http finalize request: -4, "/api/v2/ping?" a:1, c:2
2025/03/27 13:07:56 [debug] 18#0: *1 http request count:2 blk:0
2025/03/27 13:07:56 [debug] 18#0: timer delta: 0
2025/03/27 13:07:56 [debug] 18#0: worker cycle
2025/03/27 13:07:56 [debug] 18#0: epoll timer: 60000
2025/03/27 13:07:56 [debug] 18#0: epoll: fd:3 ev:0004 d:000055C13AED9B90
2025/03/27 13:07:56 [debug] 18#0: *1 http run request: "/api/v2/ping?"
2025/03/27 13:07:56 [debug] 18#0: *1 http upstream check client, write event:1, "/api/v2/ping"
2025/03/27 13:07:56 [debug] 18#0: timer delta: 1
2025/03/27 13:07:56 [debug] 18#0: worker cycle
2025/03/27 13:07:56 [debug] 18#0: epoll timer: 59999
2025/03/27 13:07:56 [debug] 18#0: epoll: fd:21 ev:0004 d:000055C13AED9C80
2025/03/27 13:07:56 [debug] 18#0: *1 http upstream request: "/api/v2/ping?"
2025/03/27 13:07:56 [debug] 18#0: *1 http upstream send request handler
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AFC7F00:144
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AFC6EB0:152
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AE84D60:80
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AFCC0E0:65535
2025/03/27 13:07:56 [debug] 18#0: *1 posix_memalign: 000055C13AFC6F50:128 @16
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AF595D0:80
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AFDC0F0:16453
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AE84D00:80
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13AFE0140:16384
2025/03/27 13:07:56 [debug] 18#0: *1 upstream SSPI server name: "api-partner-v2-demo-nspk-ru.common.svc.cluster.local"
2025/03/27 13:07:56 [debug] 18#0: *1 tcp_nodelay
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake target name: api-partner-v2-demo-nspk-ru.common.svc.cluster.local
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake InitializeSecurityContext: 0x90312
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake dwSSPIOutFlags: 0xC11E
2025/03/27 13:07:56 [debug] 18#0: *1 send: fd:21 208 of 208
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake sent: 208, remains to send: 0
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI_do_handshake: 0
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI last_error: 3
2025/03/27 13:07:56 [debug] 18#0: timer delta: 1
2025/03/27 13:07:56 [debug] 18#0: worker cycle
2025/03/27 13:07:56 [debug] 18#0: epoll timer: 59998
2025/03/27 13:07:56 [debug] 18#0: epoll: fd:21 ev:0005 d:000055C13AED9C80
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI handshake handler: 0
2025/03/27 13:07:56 [debug] 18#0: *1 recv: eof:0, avail:-1
2025/03/27 13:07:56 [debug] 18#0: *1 recv: fd:21 2008 of 65535
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake receive: 2008
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake target name: api-partner-v2-demo-nspk-ru.common.svc.cluster.local
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake InitializeSecurityContext: 0x90312
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake dwSSPIOutFlags: 0xC11E
2025/03/27 13:07:56 [debug] 18#0: *1 send: fd:21 229 of 229
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake sent: 229, remains to send: 0
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI_do_handshake: 0
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI last_error: 3
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI handshake handler: 1
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake target name: api-partner-v2-demo-nspk-ru.common.svc.cluster.local
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake InitializeSecurityContext: 0x80090318
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake dwSSPIOutFlags: 0x100
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI_do_handshake: 0
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI last_error: 2
2025/03/27 13:07:56 [debug] 18#0: timer delta: 303
2025/03/27 13:07:56 [debug] 18#0: worker cycle
2025/03/27 13:07:56 [debug] 18#0: epoll timer: 59695
2025/03/27 13:07:56 [debug] 18#0: epoll: fd:21 ev:0005 d:000055C13AED9C80
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI handshake handler: 0
2025/03/27 13:07:56 [debug] 18#0: *1 recv: eof:0, avail:-1
2025/03/27 13:07:56 [debug] 18#0: *1 recv: fd:21 63 of 65535
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake receive: 63
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake target name: api-partner-v2-demo-nspk-ru.common.svc.cluster.local
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake InitializeSecurityContext: 0x0
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake dwSSPIOutFlags: 0xC11E
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI client handshake InitializeSecurityContext: empty output buffer?
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI_do_handshake: 1
2025/03/27 13:07:56 [warn] 18#0: *1 Certificate chain trust error: 0x10000 (The certificate chain is not complete) while checking remote certificate, client: 172.16.32.60, server: mir-cpnginx-gw-out.integration.ump-pss-test.mbrd.ru, request: "GET /api/v2/ping HTTP/1.1", upstream: "https://10.102.70.115:443/api/v2/ping", host: "10.244.206.113:8080"
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13B069000:80
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13B0900C0:16406
2025/03/27 13:07:56 [debug] 18#0: *1 posix_memalign: 000055C13AFC9DE0:128 @16
2025/03/27 13:07:56 [debug] 18#0: *1 QueryContextAttributes(SECPKG_ATTR_APPLICATION_PROTOCOL) failed: 0
2025/03/27 13:07:56 [error] 18#0: *1 upstream SSPI certificate verify error: (0x800B010A: A chain of certificates was not correctly created) while checking remote certificate, client: 172.16.32.60, server: mir-cpnginx-gw-out.integration.ump-pss-test.mbrd.ru, request: "GET /api/v2/ping HTTP/1.1", upstream: "https://10.102.70.115:443/api/v2/ping", host: "10.244.206.113:8080"
2025/03/27 13:07:56 [debug] 18#0: *1 http next upstream, 2
2025/03/27 13:07:56 [debug] 18#0: *1 free rr peer 1 4
2025/03/27 13:07:56 [debug] 18#0: *1 finalize http upstream request: 502
2025/03/27 13:07:56 [debug] 18#0: *1 finalize http proxy request
2025/03/27 13:07:56 [debug] 18#0: *1 malloc: 000055C13B003000:80
2025/03/27 13:07:56 [debug] 18#0: *1 send: fd:21 23 of 23
2025/03/27 13:07:56 [debug] 18#0: *1 SSPI close notify sent: 23 out of 23
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFCC0E0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFDC0F0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFE0140
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13B0900C0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFC7F00
2025/03/27 13:07:56 [debug] 18#0: *1 close http upstream connection: 21
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13B003000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 0000000000000000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13B069000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 0000000000000000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AE84D00
2025/03/27 13:07:56 [debug] 18#0: *1 free: 0000000000000000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AF595D0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 0000000000000000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AE84D60
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFC6EB0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 0000000000000000
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AF6FF30, unused: 0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFC6F50, unused: 0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFC9DE0, unused: 41
2025/03/27 13:07:56 [debug] 18#0: *1 event timer del: 21: 1313081188
2025/03/27 13:07:56 [debug] 18#0: *1 reusable connection: 0
2025/03/27 13:07:56 [debug] 18#0: *1 http finalize request: 502, "/api/v2/ping?" a:1, c:1
2025/03/27 13:07:56 [debug] 18#0: *1 http special response: 502, "/api/v2/ping?"
2025/03/27 13:07:56 [debug] 18#0: *1 HTTP/1.1 502 Bad Gateway
Server: nginx/1.22.1
Date: Thu, 27 Mar 2025 13:07:56 GMT
Content-Type: text/html
Content-Length: 157
Connection: close

2025/03/27 13:07:56 [debug] 18#0: *1 write new buf t:1 f:0 000055C13AFCBA40, pos 000055C13AFCBA40, size: 152 file: 0, size: 0
2025/03/27 13:07:56 [debug] 18#0: *1 http write filter: l:0 f:0 s:152
2025/03/27 13:07:56 [debug] 18#0: *1 http output filter "/api/v2/ping?"
2025/03/27 13:07:56 [debug] 18#0: *1 http copy filter: "/api/v2/ping?"
2025/03/27 13:07:56 [debug] 18#0: *1 http postpone filter "/api/v2/ping?" 000055C13AFCBC08
2025/03/27 13:07:56 [debug] 18#0: *1 write old buf t:1 f:0 000055C13AFCBA40, pos 000055C13AFCBA40, size: 152 file: 0, size: 0
2025/03/27 13:07:56 [debug] 18#0: *1 write new buf t:0 f:0 0000000000000000, pos 000055C13AE2EAE0, size: 104 file: 0, size: 0
2025/03/27 13:07:56 [debug] 18#0: *1 write new buf t:0 f:0 0000000000000000, pos 000055C13AE2FD80, size: 53 file: 0, size: 0
2025/03/27 13:07:56 [debug] 18#0: *1 http write filter: l:1 f:0 s:309
2025/03/27 13:07:56 [debug] 18#0: *1 http write filter limit 2097152
2025/03/27 13:07:56 [debug] 18#0: *1 writev: 309 of 309
2025/03/27 13:07:56 [debug] 18#0: *1 http write filter 0000000000000000
2025/03/27 13:07:56 [debug] 18#0: *1 http copy filter: 0 "/api/v2/ping?"
2025/03/27 13:07:56 [debug] 18#0: *1 http finalize request: 0, "/api/v2/ping?" a:1, c:1
2025/03/27 13:07:56 [debug] 18#0: *1 http request count:1 blk:0
172.16.32.60 - - [27/Mar/2025:13:07:56 +0000] "GET /api/v2/ping HTTP/1.1" 502 157 "-" "kube-probe/1.24" "-"
2025/03/27 13:07:56 [debug] 18#0: *1 http close request
2025/03/27 13:07:56 [debug] 18#0: *1 http log handler
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFCA0C0, unused: 11
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFCB0D0, unused: 1018
2025/03/27 13:07:56 [debug] 18#0: *1 close http connection: 3
2025/03/27 13:07:56 [debug] 18#0: *1 reusable connection: 0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AFC6AA0
2025/03/27 13:07:56 [debug] 18#0: *1 free: 000055C13AE919F0, unused: 136
2025/03/27 13:07:56 [debug] 18#0: timer delta: 7
2025/03/27 13:07:56 [debug] 18#0: worker cycle
2025/03/27 13:07:56 [debug] 18#0: epoll timer: -1
2025/03/27 13:08:01 [debug] 18#0: epoll: fd:6 ev:0001 d:000055C13AED98C0
2025/03/27 13:08:01 [debug] 18#0: accept on 0.0.0.0:8080, ready: 0
2025/03/27 13:08:01 [debug] 18#0: posix_memalign: 000055C13AE919F0:512 @16
2025/03/27 13:08:01 [debug] 18#0: *3 accept: 172.16.32.60:55678 fd:3
2025/03/27 13:08:01 [debug] 18#0: *3 SSPI_read: Peer sent close_notify: read buf: 23, read dec buf: 0
2025/03/27 13:08:01 [debug] 18#0: *3 SSPI_read: 0 out of 3718
2025/03/27 13:08:01 [debug] 18#0: *3 SSPI_get_error(ngx_sspi_handle_recv): 6
2025/03/27 13:08:01 [debug] 18#0: *3 peer shutdown SSPI cleanly
2025/03/27 13:08:01 [debug] 18#0: *3 ngx_sspi_handle_recv: -4
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy status 200 "200 "
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "Server: nginx"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "Date: Thu, 27 Mar 2025 13:08:01 GMT"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "Content-Type: text/plain;charset=UTF-8"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "Content-Length: 4"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "Connection: close"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "x-content-type-options: nosniff"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "x-xss-protection: 1; mode=block"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "cache-control: no-cache, no-store, max-age=0, must-revalidate"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "pragma: no-cache"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "expires: 0"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "x-frame-options: DENY"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header: "strict-transport-security: max-age=31536000"
2025/03/27 13:08:01 [debug] 18#0: *3 http proxy header done
2025/03/27 13:08:01 [debug] 18#0: *3 posix_memalign: 000055C13B0C8070:4096 @16
2025/03/27 13:08:01 [debug] 18#0: *3 HTTP/1.1 200
Server: nginx/1.22.1
Date: Thu, 27 Mar 2025 13:08:01 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 4
Connection: close
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000

Отредактировано пользователем 27 марта 2025 г. 17:15:59(UTC)  | Причина: Не указана

1.

Могу предположить что причина в том, что сервер не шлёт промежуточные сертификаты.
Но это пальцем в небо.

2.

Это вообще что-то из ряда вон выходящее.
Могу только предположить что CRL протухает, и пока он скачается...

Поскольку это тестовый контур, я бы для начала предложил обновить версию CSP/cpnginx на что-то более свежее.
И если указанные симптомы будут сохранятся - разбираться более детально.

Вопрос снимается.
Проставили параметр proxy_ssl_server_name off; Стало все ок.