I have a very basic nginx reverse proxy setup for openstreetmaps:
worker_processes 1;
error_log logs/error.log notice;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
postpone_output 0;
log_format logresponsetime '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time';
access_log logs/access.log logresponsetime;
resolver 192.168.0.1 ipv6=off;
#default proxy settings:
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_read_timeout 600;
proxy_ssl_server_name on;
upstream tile.openstreetmap.org {
server tile.openstreetmap.org:443;
keepalive 10;
keepalive_time 5m;
}
server {
listen 480;
access_log logs/osm.http.access.log logresponsetime;
server_name $hostname;
location / {
resolver 192.168.0.1 ipv6=off;
proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36";
proxy_pass https://tile.openstreetmap.org;
}
}
}
There is a line to set User-Agent header because OSM requires it and I need compatibility with a client that doesn't send a user agent string. However, when nginx sets this header, approximately 10% of requests fail (nginx returns 502 to client), and my nginx error log fills up with this:
2021/06/13 14:37:49 [error] 67240#87020: *71 connect() failed (10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) while connecting to upstream, client: 127.0.0.1, server: server, request: "GET /16/64153/41313.png HTTP/1.1", upstream: "https://151.101.166.217:443/16/64153/41313.png", host: "localhost:480"
Without the proxy_set_header, everything is fine. The requests in this case are all being made from chrome, so the User-Agent as seen by the OSM servers should be the same in both cases.
nginx version is 1.19.10 (windows). What am I doing wrong?