Environment
(request) -> (ALB) -> rails(unicorn) - (API) -> (ALB) -> nginx -> java server(tomcat)
nginx 1.13.0, Apache Tomcat/8.5.16
WHAT
Sometimes unicorn receives truncated json.
At the same time, error is occured on nginx.
2018/03/19 19:17:01 [error] 11#11: *234263 readv() failed
(104: Connection reset by peer) while reading upstream, client: xxx.xxx.xx.x, server: _,
request: "GET /some_endpoint HTTP/1.1", upstream: "http://xxx.xxx.xx.x:8080/some_endpoint",
host: "xxx.ap-northeast-1.elb.amazonaws.com"
I googled some words nginx truncated json, Connection reset by peer while reading upstream, but I got no information.
As each association, response json is a bit large ( under 64kb ), so I suspect https://serverfault.com/questions/315085/nginx-proxy-pass-response-truncated is the problem, but currently I think it's not related.
What's the problem on this situation?
here is my nginx configuration.
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time '
'"$http_x_app_os" "$http_x_app_version" "$http_x_kidsly_model"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
set_real_ip_from ${ELB_SUBNET_CIDR_AZ_A};
set_real_ip_from ${ELB_SUBNET_CIDR_AZ_C};
real_ip_header X-Forwarded-For;
client_max_body_size 50M;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/default.conf
server {
listen 80 default_server;
server_name _;
include /etc/nginx/mime.types;
keepalive_timeout 120;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 180;
proxy_send_timeout 180;
proxy_pass http://app:8080/;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
Related
In this script, my server is nginx.sample.com. It enabled CORS
nginx.sample.com:8080 # tomcat and host with the same server
I got Error message:
Uncaught DOMException: Blocked a frame with origin "http://nginx.sample.com" from accessing a cross-origin frame.
at HTMLIFrameElement.document.getElementById.onload (eval at _evaluateScript (http://nginx.sample.com/app/a4j/g/3_3_3.Final/org/ajax4jsf/framework.pack.js:2346:14), <anonymous>:7:116)
I already add "add_header Access-Control-Allow-Origin *;" to my configuration but no luck
and Here is my nginx configuration files:
/etc/nginx/conf.d/wildfly.conf
upstream wildfly {
server nginx.sample.com:8080 weight=100 max_fails=5 fail_timeout=5;
}
server {
listen 80;
server_name nginx.sample.com;
add_header Access-Control-Allow-Origin *;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://wildfly/;
}
}
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
Is there a way to configure nginx so my nginx.sample.com:8080 and proxywebsite1.com are not seen as different by the browser?
I'm using nginx/1.20.1
Thanks
I'm running Nginx on port 3000 and it's running fine and running Grafana on port 8080 and it's running fine. when I use Nginx as a reverse proxy for Grafana I got bad Gateway below is nginx configuration and the error log
Bad Gateway Error:
enter image description here
Nginx Configuration File:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
map $http_upgrade $connection_upgrade {
defualt upgrade;
'' close;
}
server {
listen 3000 ssl;
#server_name gemnprd1elk4.gdps.gov.sa;
#root /usr/share/nginx/html;
#index index.html index.htm;
ssl_certificate /etc/grafana/GEMNPRD1ELK4.crt;
ssl_certificate_key /etc/grafana/GEMNPRD1ELK4.key;
location / {
proxy_pass https://localhost:8080/;
access_log /var/log/nginx/access_grafana.log;
error_log /var/log/nginx/error_grafana.log;
}
location /api/live {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_pass https://localhost:8080/;
}
}
}
Error.log File: connect() failed (111 connection refused) while connecting to upstream client
Update: I converted the "proxy_pass https://localhost:8080/" to "proxy_pass http://localhost:8080/" I got the below error.
enter image description here
I am trying to make nginx have two functions like fiddler does:
1、Redirect requests from data.abc.com to 127.0.0.1:9000
2、Pass all other requests to their original servers
my nginx.conf is:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 8008;
server_name data.abc.com;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass https://127.0.0.1:9000/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
However, right now every request via port 8008 is redirected, it seems like server_name doesn't work, how to make other requests go to original server?
Your configuration is to redirect all request to https://127.0.0.1:9000
Add 2 different server block like follows
1) Redirect data.abc.com to https://127.0.0.1:9000
server {
listen 8008;
server_name data.abc.com;
return 301 https://127.0.0.1:9000$request_uri
}
2) Serve request for another website:
server {
listen 8008 default_server;;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
}
I'm trying to use Nginx as a reverse proxy in and centos 6.9_64 environment where clients connects to my server (http://www.51ti.vip).
Nginx will forward all requests to other backend server. The communication is working on port 80.
However, once proxy_set_header XXXXX is set, it will appear 403 when accessed.
There is no relevant error information in /var/log/nginx/error.log.
Where's the problem?
Page 403 Forbidden
You don't have permission to access the URL on this server.
Note:
OS System: CentOS 6.9_64
Nginx version 1.10.2
Config:
/etc/nginx/nginx.conf as follows:
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/default.conf as follows:
server {
listen 80 default_server;
server_name 47.75.249.199 "";
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://sq.otherserver.com;
#Proxy Settings
proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
The original problem was caused by "proxy_set_header Host $host",
there's no problem whith proxy_set_header X-Real-IP and proxy_set_header X-Forwarded-For.
But still don't understand why?
Nginx: when to use proxy_set_header Host $host vs $proxy_host
Module ngx_http_proxy_module
We are using nginx in a long polling scenario. We have a client that the user installs which then communicates with our server. An nginx process in that server passes that request to backends which are Python processes. The Python process holds the request for up to 650 seconds.
In the nginx access log there are a lot of 499 entries. Logging the $request_time shows that the client times out after 75 seconds. None of the nginx timeouts are set to 75 seconds though.
Some research suggest that the backend processes might be too slow, but there isn't a lot of activity in the servers containing the processes. Adding more servers/processes also didn't help, neither did upgrading the instance where nginx is.
Here are the nginx configuration files.
nginx.conf
user nobody nogroup;
worker_processes 1;
worker_rlimit_nofile 131072;
pid /run/nginx.pid;
events {
worker_connections 76800;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
keepalive_timeout 65;
server_names_hash_bucket_size 64;
include /usr/local/openresty/nginx/conf/mime.types;
default_type application/octet-stream;
log_format combined_edit '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$request_time"';
access_log /var/log/nginx/access.log combined_edit;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /usr/local/openresty/nginx/conf.d/*.conf;
include /usr/local/openresty/nginx/sites-enabled/*;
}
backend.conf
upstream backend {
server xxx.xxx.xxx.xxx:xxx max_fails=12 fail_timeout=12;
server xxx.xxx.xxx.xxx:xxx max_fails=12 fail_timeout=12;
}
server {
listen 0.0.0.0:80;
server_name host;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 0.0.0:443;
ssl_certificate /etc/ssl/certs/ssl.pem;
ssl_certificate_key /etc/ssl/certs/ssl.pem;
ssl on;
server_name host;
location / {
proxy_connect_timeout 700;
proxy_buffering off;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 10000; # something really large
proxy_pass http://backend;
}
}