Nginx configuration reverse proxy or jump 400 issue processing record

After lunch break to work, colleague said test site access interface appeared in the Too request request Header Or Cookie Large hint, thought fortunately is the test server problem, the impact is not small, but also hurriedly on the server to Test view, Open Nginx and UGWSI log and configuration, found that the back-end service logging is normal, and the test site access log has more than 700 m (only run two or three days without a few visits, a few m is the normal phenomenon), Direct access to the backend service interface in the browser is also normal no problem (our Server software architecture is a microservices architecture, many modules are split after the deployment, the front end is a pure HTML site, through AJAX access to the backend services, due to the small number of visits, so the front-end site Nginx configuration, Reverse proxy access to the backend other services, so that there will be no cross-domain and need to handle multi-subdomain things-that is, access to different services, only need to use the current domain name, so the front-end developers do not have to know how much of the backend Mount service needs to use what the corresponding domain name access. Access to other sites on this server can be accessed normally, and the HTML page of the problem site will open normally ... In the testing process found that each access to the problem interface, access to the log increased by more than 30 m, brushed several times, nginx log size straight up ...

Because the log is larger, you can only use Tail-n Xxx_access.log >> xxx.log to intercept the latest log records to download, open a look found at the same time a visit, produced more than 2000 repeated loop access records, and the tail of the log $ Http_x_forwarded_for section, the regular storage of the same from the number of IP strings, that is, the last one has an IP string (real IP), the penultimate two IP strings (real IP + server local IP), the bottom third has three IP strings (real IP + Two server local IP), and so on

Baidu has a "three Bad Request request header Or Cookie Too Large", find out almost all said "Nginx Bad request is the request header too large caused, request too large, This is usually caused by a large value being written to the cookie. In the nginx.conf, the Client_header_buffer_size and large_client_header_buffers will be adjusted to solve the ", a look at it is certainly not my solution to this situation, This is because you do not know what causes the dead loop to write the IP address string to the request header, until the cache burst to return 400, if the cache is set larger, will only cause the log to increase the speed of the larger. From the analysis, it should be the problem of nginx.

There is no way to only open Nginx profile analysis, problem site configuration files, such as, and no problem found

Open the nginx.conf for a slow study and find a few more lines of code

proxy_set_header Host $host;p roxy_set_header x-real-IP $remote _addr;proxy_set_header x- Forwarded-for $proxy _add_x_forwarded_for;

This is used to pass the current access user's IP to the back-end server, remove them to restart the server nginx after testing, found to be able to access the normal ... o my God, then put it back, reboot, access, hang up, remove, restart, access, normal ... Retries several times, finally determined is suddenly more out of a few lines of code caused. (later asked a colleague to know that he was added to the server)

Is it really not possible to use it? Remember used before or normal. Try to access the pre-production environment interface, normal. Open the Nginx configuration of the pre-production environment, the package has these three lines of code, such as

After a comprehensive comparison found that the production environment with Nginx configuration is the domain name, and pre-production environment with the ip+ port, in addition to no difference, using the jump mode and reverse code test, the results are the same, add Port_in_redirect, Server_name_in_ The redirect configuration didn't work out either.

Comprehensive analysis, should be nginx in use Proxy_pass do jump, if directly use domain name, and need to submit the IP address of the current access to the back end, the cause of nginx bug caused dead loop, do not know if you have encountered this situation.

# using reverse proxy mode
# Normal configuration upstream    xxx{127.0.  0.1:23456;} Upstream yyy {    127.0.  0.1:123455;} # exception configuration upstream xxx1{    server xx.xxx.com;} Upstream Yyy2 {    server  yyy.xxx.com;}

# Use Jump Mode # Normal configuration Proxy_pass   http://127.0.0.1:23456; # Exception Configuration Proxy_pass   http://xx.xxx.com;

Copyright Notice:

This article by Allempty original and published in the blog Park, copyright and Blog Park Common All, welcome to reprint, without my consent must retain this paragraph statement, and in the article page obvious location to the original link, otherwise reserves the right to pursue legal responsibility . If you have any questions, you can contact me by [email protected] , thank you very much.

published this part of the content, the Lord is to work together with everyone to learn common progress, interested friends can gaga Q Group: 327360708, we discuss together.

For more information, please note the blog:http://www.cnblogs.com/EmptyFS/

Nginx configuration reverse proxy or jump 400 issue processing record