Why set-cookie does not work
I got no warnings in browser (Chrome) with this headers
Set-Cookie: mykey=myvalue; expires=Thu, 18 Aug 2022 13:39:50 GMT; HttpOnly; Max-Age=172800; Path=/; SameSite=None; Secure
Set-Cookie: mykey2=myvalue2; expires=Tue, 13 Sep 2022 19:50:47 GMT; Max-Age=2430000; Path=/; Secure; SameSite=None;
but when I go to application tab there is empty (or document.cookie empty too)
My nginx config is
proxy_pass http://5.181.108.189:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
add_header Access-Control-Expose-Headers Set-Cookie;
backend locates on server with HTTPS
frontend launched on localhost
Related
I have not been able to pass an application specific header to my application that is running on uWSGI and Flask
This is from my nginx.conf
proxy_pass http://localhost:5000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass_request_headers on;
proxy_set_header $HTTP_Chart-Type $http_chart_type;
}
These are my headers from chrome:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
chart_type: line
I am trying to pass the chart_type header to my backend.
Thanks
The default value of proxy_pass_request_headers is on, so there should be no need to explicitly set it (unless it is turned off in the config somewhere and that has an effect on your configuration).
With the default setting (on), Nginx passes all headers to the backend, so you don't need any special configuration to pass a custom header (assuming your http_chart_type is a custom header).
Your problems passing the http_chart_type header from Nginx to the backend is likely related to Nginx by default not allowing header names with underscore. See https://stackoverflow.com/a/74798560/3571 .
I’’m wondering “How to append Nginx IP to X-Forwarded-For”
I added snippet in Ingress annotation.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ing
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Forwarded-For "$remote_addr, $server_addr";
But it seems to double set in nginx.conf.
proxy_set_header X-Forwarded-For $remote_addr;
...
proxy_set_header X-Forwarded-For "$remote_addr, $server_addr";
So my backend server will get two X-Forwarded-For
Anyone knows “How to disable the proxy_set_header part generated by Nginx Ingress Controller”?
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
The accepted answer is not worked for me. You just need to add the below annotation to the ingress object;
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Forwarded-For $http_x_forwarded_for";
for testing;
❯ curl -I https://example.com/path/here
HTTP/1.1 200 OK
cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Sat, 13 Mar 2021 08:52:02 GMT
expires: 0
pragma: no-cache
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Forwarded-For: 88.888.8.8
Connection: keep-alive
Your configuration snippet is not being doubled, actually what is happening is that proxy_set_header X-Forwarded-For $remote_addr; is already set by default when you deploy NGINX Controller in your cluster.
In order to disable this default setting, you need to use a custom template.
By doing this, you can have a nginx.conf free of proxy_set_header X-Forwarded-For $remote_addr; so you can set it as you need using the annotation you have described.
Just for people with a similar problem who end up here, an alternative (perhaps cleaner) solution, if you're deploying ingress-nginx controller using Helm is to set both compute-full-forwarded-for and use-forwarded-headers to true in your values.yml. No need for additional configurations in the Ingress (like the one in the question).
I want to use nginx proxy_pass before different applications which run on their own port.
so i.e. I have
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/self-signed.crt;
ssl_certificate_key /etc/ssl/private/self-signed.key;
proxy_intercept_errors on;
location /app1/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://localhost:1111;
}
location /app2/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://localhost:2222;
}
}
However the problem is the applications itself have redirects in them which causes the /app1/ or /app2/ to disappear.
i.e. a 302 get /page1 will become https://example.com/page1 instead of https://example.com/app1/page1
So basically whenever someone is at a /app1/* page to always prefix /app1/.
and it would be really great if this doesn't happen when this is actually the full domain name so it's possible to load resources from a /app2/ url in a /app1/ page
Is there a way I can fix with Nginx config or can I only fix this in the application itself?
EDIT:
I found that Nginx has a function called sub_filter.
This replaced strings in the body of the response.
so:
app returns: 200 "hello world!"
//nginx
sub_filter "world" "moon";
then the browser will display "hello moon!"
However I also need to do this for 302 redirects.
Is there a "sub_filter equivalent" for headers?
EDIT2:
As Ivan suggested probably proxy redirect should do the trick, but it's not changing anything.
my nginx code is:
location /app1/ {
proxy_set_header Accept-Encoding ""; # no compression allowed or next won't work
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_connect_timeout 3600;
fastcgi_read_timeout 3600s;
proxy_pass http://localhost:5000/;
proxy_redirect http://localhost:5000/ /app1/; #also tried full domain
}
As for the app I'm testing this with a simple Flask app like this:
#app.route('/')
def hello_world():
return redirect("http://localhost:5000/testing", code=302)
and the browser response headers are:
HTTP/1.1 302 FOUND
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 06 Nov 2019 15:56:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://localhost:5000/testing
Use proxy_redirect directive for your case:
proxy_redirect / /app1/;
and
proxy_redirect / /app2/;
Remove any proxy_redirect off; directive because it cancels the effect of all proxy_redirect directives on the same level.
So I have set up a reverse proxy to tunnel my application.
Unfortunately the application thinks it is served via http and not https and gives out URLs with port 80.
How can I handle this in the nginx reverse proxy? (by rewriting maybe)
When I go on the page:
https://my.server.com
index.php loads, everything is okay
after clicking something I have a URL like this:
https://my.server.com:80/page/stuff/?redirect_to
which throws an error within the browser because my reverse proxy doesn't serve SSL on port 80.
How can I migitate this?
My current nginx ssl vhost for the site:
... ssl stuff ...
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://localhost:22228;
proxy_buffering off;
proxy_redirect off;
proxy_read_timeout 43800;
proxy_pass_request_headers on;
proxy_set_header Connection "Keep-Alive";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
proxy_set_header X-Forwarded-Proto https;
}
(yes I know my request headers look like a christmas tree 🎄)
Also bonus points if you show where the documentation addressing this issue is and what the mechanism is called.
For rewriting response body you can use http_sub_module:
location / {
proxy_pass http://localhost:22228;
sub_filter_once off;
sub_filter_types text/css application/javascript; # in addition to text/html
sub_filter "//my.server.com:80/" "//my.server.com/";
}
Many people says (1, 2) that you need to disable compression when using sub_filter directive:
proxy_set_header Accept-Encoding "";
For me, it works fine without this line in config, but it can be a feature of OpenResty which I use instead of nginx.
If your app generates HTTP 30x redirects with explicit indication of domain:port, you can rewrite Location header value with the proxy_redirect directive:
proxy_redirect //my.server.com:80/ //my.server.com/;
I am trying to setup nginx to handle file uploads and pass the file information on to a backend server once done. I came across a post at https://coderwall.com/p/swgfvw that shows how to do this and I am able to see a file being uploaded to the /tmp directory. However I would like to also pass on the file name and type (Content-Disposition and Content-Type) to the backend server.
I tried capturing what is received at the http server port and see the below,
POST /upload HTTP/1.1
User-Agent: curl/7.32.0
Host: MyHostName
Accept: */*
Content-Length: 4431
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------6060af4f937c14c9
--------------------------6060af4f937c14c9
Content-Disposition: form-data; name="filedata"; filename="sessions.txt"
Content-Type: text/plain
followed by the data.
My nginx location block for upload is,
location /upload {
limit_except POST { deny all; }
client_body_temp_path /tmp/;
client_body_in_file_only on;
client_body_buffer_size 128K;
client_max_body_size 100M;
proxy_redirect off;
proxy_set_header X-FILE $request_body_file;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass_request_headers on;
proxy_set_body off;
proxy_http_version 1.1;
proxy_pass http://my_backend;
}
With this I am able to pass on and receive the following at my backend,
'content-type': 'multipart/form-data; boundary=------------------------6060af4f937c14c9'
'x-file': '/tmp/0000000001'
but would really like to know how I can get the
Content-Disposition: form-data; name="filedata"; filename="sessions.txt"
Content-Type: text/plain
to my backend. Any help with this is much appreciated.
P.S: hope its ok for this question here? (tried superuser but it doesn't seem to have much activity)
if the header is being ignored, try
proxy_pass_header Content-Disposition;
or directly pass
proxy_set_header Content-Disposition $http_content_disposition;
The underscores in custom headers are silently ignored in nginx, a option that might help
underscores_in_headers on;