Prevent nginx from adding extra slashes - nginx

I wanted my nginx configuration to redirect all incomings requests from
myServer.com/myApplication/doSomething -> myServer.com:7080/doSomething
myServer.com/myApplication/doSomethingElse -> myServer.com:7080/doSomethingElse
I came up with the following solution after reading this post:
location /myApplication{
proxy_pass http://127.0.0.1:7080/;
}
No I encounter this weird behavior, that when I test everything locally on the server it seems to work fine, but when I call it from another machine nginx seems to add an extra slash to the path. The curl request I use is this one:
curl --location --request POST 'myServer.com/myApplication/doSomething'
The error I get from my application has the follwing error message:
{
"timestamp": "2021-06-07T12:33:41.666+0000",
"status": 500,
"error": "Internal Server Error",
"message": "The request was rejected because the URL contained a potentially malicious String \"//\"",
"path": "//doSomething"
}
The error message says, that there is a problem with the extra slashes, but the curl request does not contain double slashes. When testing it locally, where everything works, I use the following request:
curl -X POST localhost:7080/doSomething
Thanks in advance.

It looks like I just needed to add a / to the end of the location so it would be properly substituted away.
location /myApplication/{
proxy_pass http://127.0.0.1:7080/;
}

Related

Get an access token

I tried to get an access token with the google documentation.
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?
client_id=oauth2-client-id& client_secret=oauth2-client-secret&
code=authorization-code& grant_type=authorization_code&
redirect_uri=https://www.google.com'
With this request it didn't worked.
I added -H 'Content-Length: 0' and now I'm ending up with
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
Anybody have an idea?
If fixing the space didn't work, re-do you linking here from the Google guide, steps 1-6. Then get a new authorization code. I had the same issue and re-linking worked for me (with the -H flag).
it seems you have a space in the request:
/v4/token? client_id=oauth2-client-id
when i tried to copy past the commands from the documentation it didn't work.
i had to re-edit the request before i could use it and it worked.
I've got the same issue.
curl -L -X POST "https://www.googleapis.com/oauth2/v4/token?client_id=<client_id>.apps.googleusercontent.com&client_secret=<secret>&code=4/4wGANiKF5......N0Jg&grant_type=authorization_code&redirect_uri=https://www.google.com"
Stumped
Don't you have to use a different redirect_uri? Your own configured redirect uri?

Upload file to Nginx with cURL

All,
I'm trying to upload a local file to my remote Nginx server via cURL. I have built Nginx from source with the upload module and the DAV module. At the bottom of the Nginx page, there is an example form to upload a file. I'm not sure how I would implement the form, and (several) Google searches have returned little helpful information about uploading directly to Nginx via cURL.
Current tech stack:
Nginx
Green Unicorn
Flask
Of all the different avenues I've tried, the following is the one that seems the most appropriate for the task.
curl -X POST -F "image=#example.gif" http://54.226.64.199/upload
However, the response is underwhelming.
I've tried --uploade-file as well, the response is a 405. From what I've read, upload only accepts a POST command, not PUT, hence why I get a 405.
I don't need a full solution (would be great!), only pointing in the right direction.
Any help is appreciated. Thanks
EDIT: sorry wanted to include part of my .conf
location /upload {
upload_store /tmp;
#upload_pass #none;
upload_store_access all:rw;
upload_cleanup 400 404 499 500-505;
}
You can do this by specifying filename into URL, without using any external module :
location ~ "/upload/([0-9a-zA-Z-.]*)$" {
alias /storage/www/upload/$1;
client_body_temp_path /tmp/upload_tmp;
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
dav_access group:rw all:r;
}
And use : curl -T example.gif http://54.226.64.199/upload/example.gif

How to use invoke http to perform GET request in nifi?

I need to perform a get request from nifi to couchbase. The curl command is:
curl http://HOST:PORT/query/service -d "statement=select item.Date from bucket unnest bucket as item" -u USER:PASSWORD
I tried using InvokeHttp and ExecuteStreamCommand but it keeps returning errors(status code 400). The full error message is:
{ "requestID": "bff62c0b-36fd-401d-bca0-0959e0944323", "errors":
[{"code":1050,"msg":"No statement or prepared value"}], "status":
"fatal", "metrics": {"elapsedTime": "113.31µs","executionTime":
"74.321µs","resultCount": 0,"resultSize": 0,"errorCount": 1
It's important to say that I prefer that the http request will be triggered by an incoming flowfile. I tried using the processors in various of ways but non of them worked.
When I run the command from the nifi server it works fine.
Thanks for the help
the -d parameter of the curl utility forces HTTP POST command
and application/x-www-form-urlencoded mime-type.
so, in the nifi InvokeHTTP select the following parameters
HTTP Method = POST
Remote URL = <your url here>
Basic Authentication Username = <username>
Basic Authentication Password = <password>
Content-Type = application/x-www-form-urlencoded
and the body of the flow file should be
statement=select item.Date from bucket unnest bucket as item
I don't know nifi, but based on the error message, the "statement=" part of the request isn't being included, or you are not sending the request as a POST command.

Error 500 when retrieving Clockify workspaces

When retrieving workspaces using the GET /workspaces/ API endpoint, I’m getting the following error 500:
{
"timestamp": "2018-10-18T05:48:29.740+0000",
"status": 500,
"error": "Internal Server Error",
"exception": "java.lang.RuntimeException",
"message": "java.lang.NullPointerException",
"path": "/workspaces/"
}
This is the request I'm sending:
curl -XGET -H 'X-Api-Key: <snip>' https://api.clockify.me/api/workspaces/
I hope this is trivial to resolve.
Your example works when using the API key generated on the settings page, i.e.:
curl -XGET -H 'X-Api-Key: WchCprB5h15WpmvB' https://api.clockify.me/api/workspaces/
(of course that is not a valid key, but I've posted it so you see the format).
Make sure you're not adding any additional formatting or using the wrong key. If you're using a JWT token you need 'X-Auth-Token' header instead.

Nginx auth_request handler accessing POST request body?

I'm using Nginx (version 1.9.9) as a reverse proxy to my backend server. It needs to perform authentication/authorization based on the contents of the POST requests. And I'm having trouble reading the POST request body in my auth_request handler. Here's what I got.
Nginx configuration (relevant part):
server {
location / {
auth_request /auth-proxy;
proxy_pass http://backend/;
}
location = /auth-proxy {
internal;
proxy_pass http://auth-server/;
proxy_pass_request_body on;
proxy_no_cache "1";
}
}
And in my auth-server code (Python 2.7), I try to read the request body like this:
class AuthHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def get_request_body(self):
content_len = int(self.headers.getheader('content-length', 0))
content = self.rfile.read(content_len)
return content
I printed out the content_len and it had the correct value. However, the self.rfile.read() will simply hang. And eventually it will time out and returns "[Errno 32] Broken pipe".
This is how I posted test data to the server:
$ curl --data '12345678' localhost:1234
The above command hangs as well and eventually times out and prints "Closing connection 0".
Any obvious mistakes in what I'm doing?
Thanks much!
The code of the nginx-auth-request-module is annotated at nginx.com. The module always replaces the POST body with an empty buffer.
In one of the tutorials, they explain the reason, stating:
As the request body is discarded for authentication subrequests, you will
need to set the proxy_pass_request_body directive to off and also set the
Content-Length header to a null string
The reason for this is that auth subrequests are sent at HTTP GET methods, not POST. Since GET has no body, the body is discarded. The only workaround with the existing module would be to pull the needed information from the request body and put it into an HTTP header that is passed to the auth service.

Resources