关于halo升级后启动失败，访问博客返回 502 Openresty 问题

以下是日志文件：

2026-03-16T23:42:54.635+08:00 ERROR 7 --- [tor-tcp-epoll-2] i.a.r.mysql.client.ReactorNettyClient:
Error: (handshake_failure) Received fatal alert: handshake_failure

javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.decode(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:na]
	at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:na]
	at java.base/javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:na]
	at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:305) ~[netty-handler-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1502) ~[netty-handler-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1393) ~[netty-handler-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1444) ~[netty-handler-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:545) ~[netty-codec-base-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:484) ~[netty-codec-base-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296) ~[netty-codec-base-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-transport-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1429) ~[netty-transport-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:918) ~[netty-transport-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:804) ~[netty-transport-classes-epoll-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.epoll.AbstractEpollChannel$AbstractEpollUnsafe.handle(AbstractEpollChannel.java:482) ~[netty-transport-classes-epoll-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.epoll.EpollIoHandler$DefaultEpollIoRegistration.handle(EpollIoHandler.java:317) ~[netty-transport-classes-epoll-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.epoll.EpollIoHandler.processReady(EpollIoHandler.java:515) ~[netty-transport-classes-epoll-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.epoll.EpollIoHandler.run(EpollIoHandler.java:460) ~[netty-transport-classes-epoll-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.SingleThreadIoEventLoop.runIo(SingleThreadIoEventLoop.java:225) ~[netty-transport-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.channel.SingleThreadIoEventLoop.run(SingleThreadIoEventLoop.java:196) ~[netty-transport-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:1195) ~[netty-common-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.2.10.Final.jar:4.2.10.Final]
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.2.10.Final.jar:4.2.10.Final]
	at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]

2026-03-16T23:42:54.638+08:00  WARN 7 --- [tor-tcp-epoll-2] reactor.netty.channel.FluxReceive : 
[d98b5493, L:/172.18.0.4:39858 ! R:mysql/172.18.0.3:3306] An exception has been observed post termination, 
use DEBUG level to see the full stack: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure

通篇字眼 SSL ，日志出现：

javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure

那就是在SSL握手上出现问题，还原旧版本未复现相关问题，那大概率是新版本强制开启了SSL加密，但是具体的我不知道是哪一块的SSL，我能想到的也就是网站域名这块（笔者才疏学浅，只能想到这个），然后各种必应，也是没找到想要的答案，后来再分析WARN日志，有一个字眼 mysql ，数据库SSL，数据库从来没用过SSL加密（至少我是没有），那也就是说新版默认强制开启数据库SSL握手，但是由于数据库未开启SSL，MySQL端的SSL配置与应用端不兼容，导致握手失败，报错502 Openresty。

随后就是开始找解决办法，自己不会配置数据库SSL加密，那就从Docker配置文件捣鼓：

以下是解决办法：

一、修改Command

将容器原有command追加以下内容，在spring.r2dbc.url后追加SSL禁用参数，其他参数默认：

?sslMode=DISABLED&useSSL=false&verifyServerCertificate=false&allowPublicKeyRetrieval=true

完整代码：

--spring.r2dbc.url=r2dbc:pool:mysql://mysql:3306/halo?sslMode=DISABLED&useSSL=false&verifyServerCertificate=false&allowPublicKeyRetrieval=true
--spring.r2dbc.username=XXXXXXX（数据库名称）
--spring.r2dbc.password=XXXXXXXXXXX（数据库密码）
--spring.sql.init.platform=mysql
--halo.external-url=http://localhost:8090

二、修改说明

SSL握手失败：

sslMode=DISABLED：强制关闭SSL连接（优先级最高，能覆盖驱动默认行为）；

useSSL=false：兼容传统驱动的SSL禁用参数；

verifyServerCertificate=false：跳过证书验证；

allowPublicKeyRetrieval=true：兼容MySQL8.0认证机制。

用?分隔参数，用&连接参数

然后我的博客正常访问~~嘿

2026 年 3 月
日	一	二	三	四	五	六
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31