I am trying to hit a URL on nginx which be proxied to Netty, for a particular URL I am getting net::ERR_INCOMPLETE_CHUNKED_ENCODING on chrome and on Safari some times it works and some times not.
Here is the configuration:
location /service-order-api {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host:$server_port;
proxy_pass http://service_order_api;
#proxy_read_timeout 120;
proxy_set_header X-Real-IP $remote_addr;
#proxy_buffer_size 2k;
#proxy_buffers 8 24k;
proxy_redirect off;
#proxy_buffering off;
chunked_transfer_encoding on;
}
Try setting this option for your server:
proxy_buffering off;
Don't know the reason, but this solved my case.
Related
I want to use nginx proxy_pass before different applications which run on their own port.
so i.e. I have
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/self-signed.crt;
ssl_certificate_key /etc/ssl/private/self-signed.key;
proxy_intercept_errors on;
location /app1/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://localhost:1111;
}
location /app2/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://localhost:2222;
}
}
However the problem is the applications itself have redirects in them which causes the /app1/ or /app2/ to disappear.
i.e. a 302 get /page1 will become https://example.com/page1 instead of https://example.com/app1/page1
So basically whenever someone is at a /app1/* page to always prefix /app1/.
and it would be really great if this doesn't happen when this is actually the full domain name so it's possible to load resources from a /app2/ url in a /app1/ page
Is there a way I can fix with Nginx config or can I only fix this in the application itself?
EDIT:
I found that Nginx has a function called sub_filter.
This replaced strings in the body of the response.
so:
app returns: 200 "hello world!"
//nginx
sub_filter "world" "moon";
then the browser will display "hello moon!"
However I also need to do this for 302 redirects.
Is there a "sub_filter equivalent" for headers?
EDIT2:
As Ivan suggested probably proxy redirect should do the trick, but it's not changing anything.
my nginx code is:
location /app1/ {
proxy_set_header Accept-Encoding ""; # no compression allowed or next won't work
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_connect_timeout 3600;
fastcgi_read_timeout 3600s;
proxy_pass http://localhost:5000/;
proxy_redirect http://localhost:5000/ /app1/; #also tried full domain
}
As for the app I'm testing this with a simple Flask app like this:
#app.route('/')
def hello_world():
return redirect("http://localhost:5000/testing", code=302)
and the browser response headers are:
HTTP/1.1 302 FOUND
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 06 Nov 2019 15:56:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://localhost:5000/testing
Use proxy_redirect directive for your case:
proxy_redirect / /app1/;
and
proxy_redirect / /app2/;
Remove any proxy_redirect off; directive because it cancels the effect of all proxy_redirect directives on the same level.
i have this NGINX location in my default.conf
location /api-gateway/ {
proxy_http_version 1.1;
proxy_connect_timeout 75s;
proxy_read_timeout 100s;
client_max_body_size 100m;
proxy_set_header Host test.domain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_buffers 16 8k;
proxy_buffer_size 4k;
proxy_max_temp_file_size 0;
rewrite ^/api-gateway/(.*)$ $1 break;
proxy_pass http://ingress-srv; # ingress-srv is an upstream
}
here is an example of the request that is coming to my NGINX server: http://demo.domain.com/api-gateway/service/v1/metrics
i need to do the below
remove the /api-gateway/ from the original url and then,
rewrite/send the requests to ingress-srv upstream without
changing the URL (no redirect)
change the header from demo.domain.com to test.domain.com which i believe i have done it correctly
i can not make it work ..
Instead of
proxy_pass http://ingress-srv; # ingress-srv is an upstream
try doing (notice the slash):
proxy_pass http://ingress-srv/; # ingress-srv is an upstream
You can take out the rewrite directive.
As Oscar Wilde said "I was working on nginx.conf all the morning, and took out a comma. In the afternoon I put it back again."
I've been trying to do rewrite in Nginx:
domain.com/one/two -> onetwo.domain.com. The URL that user sees should not be changed in address bar.
This code does not work correctly - it changes URL in address bar
rewrite ^/one/two/ http://onetwo.domain.com/ last;
What solution must be there?
Thanks.
This isn't possible, because you're changing hostnames. Browser security is tied to it, as is webserver configuration.
You can rewrite URLs within same hostname, but changing hostnames requires redirect or using a frame.
Use proxy pass:
location /one/two/ {
proxy_pass http://onetwo.domain.com/;
include proxy.conf;
}
Where proxy.conf is where you keep your proxy settings, stuff like:
proxy_ignore_client_abort off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 120;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REQUEST_SCHEME $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header 'SERVER_PORT' $server_port;
i have VPS server work in digitalocean with nginx and ubuntu 12.4 LTS 64bit, i try to make ghost blog work in my subdomain blog.csbukhari.com but it dose not work.
this is my conf file in nginx
server {
listen 80;
server_name blog.csbukhari.com;
location / {
expires 8d;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_read_timeout 5m;
proxy_connect_timeout 5m;
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
and i add the subdomain blog in dns as A record
You can see my example conf file here but yours looks right.
I assume you have restarted nginx and you have Ghost started and listing on port 2368?
Has anyone run into the problem of mod-security only allowing one set-cookie through a proxy request response? We are using nginx with mod-security and seeing all but the last set-cookie be removed by nginx on the response from our application server. We are applying the mod-security in the location section
location ~* ^/(test|securitytest|$) {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
create_full_put_path on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app;
proxy_read_timeout 10;
proxy_redirect off;
}
there was a bug in modsecurity+nginx that was dropping all except one cookie for each request. It was fixed, have a look at:
https://github.com/SpiderLabs/ModSecurity/issues/154