Nginx bypassing proxy_pass - nginx

In my conf file I have
upstream backend {
server xx.xx.xx.xx:8080;
server xx.xx.xx.xx:8080;
}
and then
location /adcode/adcode {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_IP $remote_addr;
proxy_pass http://backend;
}
But sometimes instead of request going to the upstream servers. It goes to http://backend/adcode/adcode.
016/01/10 14:14:46 [error] 18474#0: *149951 no live upstreams while connecting to upstream, client: 208.107.89.45, server: _, request: "GET /adcode/adcode?crid=1744&refUrl=&cbrs=51487486&zz=51 HTTP/1.1", upstream: "http://backend/adcode/adcode?crid=1744&refUrl=&cbrs=51487486&zz=51", host: "show.*****.com", referrer: "http://show.****.com/adcode/adcode?crid=1744&cbrs=50633123&zz=11"
I have no idea why its doing this. Any suggestions ?

Related

Disable IPv6 in upstream servers for NginX during proxy_pass

Currently have Nginx running on the same machine as the rest of my servers, none of which are running IPv6. Relatively frequently, I get hangups when loading content while testing and I find error messages in the error.log file.
My current config:
http {
include mime.types;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
resolver 1.1.1.1 ipv6=off;
#keepalive_timeout 0;
keepalive_timeout 60s;
upstream master_process {
localhost:40088;
}
upstream http_worker {
hash $remote_addr consistent;
localhost:40089;
localhost:40090;
localhost:40091;
localhost:40092;
}
#http server
server {
listen 88;
location / {
lingering_close on;
lingering_time 15s;
lingering_timeout 2s;
proxy_pass http://http_worker;
proxy_http_version 1.1;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
}
location ~ ^/(Main|Monitor|Chart|chartfeed|getchartdata()|Live|Log$) {
proxy_pass http://master_process;
proxy_http_version 1.1;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
}
location ~.*.(gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|txt|js|css|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|htm)$ {
proxy_pass http://master_process;
gzip_static on;
expires 7d;
}
}
}
The errors I am currently receiving:
2022/01/28 11:42:27 [error] 23732#17404: *1 connect() failed (10061: No connection could be made because the target machine actively refused it) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /Main?_SID=1*479985359 HTTP/1.1", upstream: "http://[::1]:40088/Main?_SID=1*479985359", host: "localhost:88", referrer: "http://localhost:88/login()"
2022/01/28 11:42:52 [error] 23732#17404: *1 connect() failed (10061: No connection could be made because the target machine actively refused it) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /Main?_SID=1*479985359 HTTP/1.1", upstream: "http://[::1]:40088/Main?_SID=1*479985359", host: "localhost:88", referrer: "http://localhost:88/login()"
Note that I have specified a resolver in the http section so that it can be made global. I have also tried moving that resolver into the server and location sections to no avail.
I have also tried adding {server {listen 88 default_server; listen [::]:88 ipv6only=on; ...}...} which also didn't solve this issue as others have suggested after a quick search online.
Any help would be greatly appreciated!

Nginx proxy https to http - routines:ssl3_get_record:wrong version number

This is how I configure my Nginx
upstream stage {
server example.com;
}
server {
server_name IP;
listen 80;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header protocol Token;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass https://stage;
}
}
I see this on error.log
2021/11/03 15:26:14 [error] 40782#40782: *1 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL hands
haking to upstream, client: IP, server: IP, request: "POST / HTTP/1.1", upstream: "https://IP:80/", host: "IP:10784"
How can I proxy user's request from http to https?
Disabling TLS with the proxy_ssl_verify off directive will resolve the issue, although it, well, disables TLS -- something you should not be doing on a public network connecting the proxying party and the upstream.
Here is the changed configuration:
upstream stage {
server example.com:443;
}
server {
server_name IP;
listen 80;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto: https;
proxy_ssl_verify off;
proxy_pass https://stage$request_uri;
}
}

nginx proxy_pass to external url fail

I'd like to config nginx to proxy_pass my domain *xyz.abc.com to external url such as google.com/...The idea is same as this post. But it constantly show error below:
[error] 12725#12725: *1530410 no resolver defined to resolve google.com, client: 27.64.99.7, server: ~^(?<name>\w+)\.xyz\.abc\.com$, request: "GET /favicon.ico HTTP/1.1", host: "ivy1.xyz.abc.com", referrer: "http://ivy1.xyz.abc.com/"
Here is my config
server {
server_name ~^(?<name>\w+)\.xyz\.abc\.com$;
location / {
proxy_pass https://google.com/$name$request_uri;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Is the something wrong in my configuration? I'm using nginx 1.11.6
As #Richard advice,I set resolver in location context which solved my issue.
resolver 8.8.8.8;
resolver_timeout 10s;

Nginx error upstream timed out (110: Connection timed out) while SSL handshaking to upstream

I have three docker containers in my project: Nginx, tornado-app, and DB. My Tornado app serves WebSocket app (URLs are /clientSocket and /gatewaySocket) and Django app (URLs are everything except WebSocket URLs).I use upstream for serving tornado app (that runs in port 8000) with Nginx. my Project just works fine in last few months with no errors until today that I got strange 504 Errors from Nginx. Here is my Nginx config file:
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=sms:10m rate=1r/m;
upstream my_server{
server web_instance_1:8000; # tornado app
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name server.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name server.com;
ssl on;
ssl_certificate /etc/nginx/ssl/chained.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
# limit_req zone=one burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://my_server;
}
location /rest/register/gateway/phone_number {
limit_req zone=sms burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://my_server;
}
location ~ /.well-known {
root /var/www/acme;
allow all;
}
location ~ ^/(admin|main-panel) {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://my_server;
}
location /gatewaySocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://my_server;
}
location /clientSocket {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://my_server;
}
}
and here the strange upstream timeout Errors :
2018/06/12 19:23:09 [error] 5#5: *154 upstream timed out (110:Connection timed out) while reading response header from upstream,client: x.x.x.x, server: server.com, request: "GET /admin/main/serverlogs/834591/change/ HTTP/1.1", upstream:"https://172.18.0.3:8000/admin/main/serverlogs/834591/change/",host:"server.com", referrer: "https://server.com/admin/main/serverlogs/"
2018/06/12 19:23:09 [error] 5#5: *145 upstream timed out (110:Connection timed out) while reading response header from upstream,client: x.x.x.x, server: server.com, request: "GET /robots.txtHTTP/1.1", upstream:"https://172.18.0.3:8000/robots.txt",host:"server.com"
2018/06/12 19:40:51 [error] 5#5: *420 upstream timed out (110:Connection timed out) while SSL handshaking to upstream, client:x.x.x.x, server: server.com, request: "GET /gatewaySocket HTTP/1.1",upstream: "https://172.18.0.3:8000/gatewaySocket",host:"server.com:443"

Nginx map doesn't use the arguments of my regular expression

I'm trying to use the map of nginx, but the results aren't what I expect.
This is what I have:
map $uri $new {
default "";
~*/cc/(?P<suffix>.*)$ test.php?suffix=$suffix;
}
location ~ [a-zA-Z0-9/_]+$ {
proxy_pass http://www.domain.com:81/$new;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
When I go to www.domain.com/cc/abc, I see this in the logs
2012/03/29 17:27:53 [warn] 3382#0: *33 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/00/0000000005 while reading upstream, client: 1.2.3.4, server: www.domain.com, request: "GET /cc/abc HTTP/1.1", upstream: "http://1270.0.0.1:81/test.php?suffix=$suffix", host: "www.domain.com"
The $suffix isn't replaced.
But when I do this:
map $uri $new {
default "";
~*/cc/(?P<suffix>.*)$ $suffix;
}
location ~ [a-zA-Z0-9/_]+$ {
proxy_pass http://www.domain.com:81/$new;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
And now, when I go to go to www.domain.com/cc/abc, the logs show me this:
2012/03/29 17:29:39 [warn] 5916#0: *26 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 1.2.3.4, server: www.domain.com, request: "GET /cc/abc HTTP/1.1", upstream: "http://1270.0.01:81/abc", host: "www.domain.com"
So, when the rewrite contains a string including the variable, it isn't replaced. But if it only contains the variable, it will work.
What am I doing wrong?
As you've discovered, map replacements can only be a static string or a single variable. Since test.php?suffix=$suffix doesn't start with a $, nginx assumes it's just a static string. Instead of using a map, you'll need to use two rewrites to accomplish what you want:
location ~ [a-zA-Z0-9/_]+$ {
rewrite ^/cc/(.*) /test.php?suffix=$1 break;
rewrite ^ / break;
proxy_pass http://www.domain.com:81;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
The first rewrite will strip any initial /cc/ from the url and append the rest as the url arg like your map was trying to. The break flag tells nginx to stop processing rewrite directives. If the first rewrite doesn't match, then the second will always match, and will set the url to /.
EDIT: As of 1.11.0, map values can be complex values, so the original config would work

Resources