“请求标头或Cookie太大"在Nginx中使用proxy_pass [英] "Request Header Or Cookie Too Large" in nginx with proxy_pass
问题描述
我在服务器A上进行了以下nginx设置(面向互联网,仅相关部分):
I have a following nginx setup on my server A (internet facing, only relevant parts):
upstream new_api {
server unix:///home/ubuntu/new_api/shared/tmp/sockets/puma.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
large_client_header_buffers 4 16k;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
location ~ (^(/some/location|/some/other)) {
proxy_pass http://new_api;
}
location / {
proxy_pass https://serverB.com;
}
}
现在,如果我转到/some/location,则上游的新api可以很好地服务.但是我从nginx那里得到了"400 Bad Request Request Header or Cookie Too Large"的消息.即使没有cookie且只有两个短标头的卷曲.增加large_client_header_buffers并没有帮助.
Now, if I go to /some/location it is served fine with new api upstream. But with anything else I keep getting "400 Bad Request Request Header Or Cookie Too Large" from nginx. Even with curl with no cookies and only two short headers. Increasing large_client_header_buffers does not help.
有趣的是,我完全看不到服务器B的请求,因此服务器A上的请求被切断.为什么?可能是因为我要https协议proxy_passing了吗?
The interesting part is that I don't see this request coming to Server B at all, so it gets cut off on Server A. Why? Can it be because of https protocol I'm proxy_passing to?
此外,在设置服务器A之前,所有内容都将毫无问题地进入服务器B.
Also, before setting up Server A everything was going to Server B without any problems.
推荐答案
事实证明,在域解析方面存在一些混淆(我不太了解),因此,对服务器B的请求被传递到服务器A代替.它一直将自己的IP添加到X-Forwarded-For标头中,直到超过最大大小为止-因此错误消息实际上是正确的.
It turns out there was some mix-up with domain resolving (which I don't really understand), and as a result request to server B were passed to Server A instead. It kept adding its own IP to X-Forwarded-For header, until it exceeded max size - so the error message was actually correct.
为了进一步调试,我使用了
To debug further, I used
tcpdump -n -S -s 0 -A 'tcp dst port 80' | grep -B3 -A10 "GET"
这篇关于“请求标头或Cookie太大"在Nginx中使用proxy_pass的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
