Custom Query (2311 matches)

When the specific configurations are set(e.g. aio threads + proxy_cache_background_update on), multiple threads can operate on the same request connection structure and ​https://hg.nginx.org/nginx/file/tip/src/event/ngx_event_openssl.c#l3361 can cause ngx_ssl_recv() call from another thread to access a NULL c->ssl pointer.

Found that if I use telnet to send non existent server protocols to my server nginx proxies it through even if its not a valid server_version. In this example I pass HTTP/1.4

telnet localhost 81 Trying ::1... Connected to localhost. Escape character is '^]'

GET /Hello HTTP/1.4 Host: myhostheader.com

::1 - - [27/Oct/2023:19:51:19 +0000] "GET /Hello HTTP/1.4" 404 714 "-" "-" "-" HTTP/1.1 404 Server: nginx/1.25.3 Date: Fri, 27 Oct 2023 19:51:19 GMT Content-Type: text/html;charset=utf-8 Content-Length: 714 Connection: keep-alive Content-Language: en

<!doctype html>....</html>

I'm not doing anything fancy to do this. I just used the nginx image and added proxy_pass

# configuration file /etc/nginx/conf.d/default.conf: server {

listen 81; listen [::]:81; server_name localhost;

location / {

root /usr/share/nginx/html; proxy_pass ​http://myupstream:80; index index.html index.htm;

}

error_page 500 502 503 504 /50x.html; location = /50x.html {

root /usr/share/nginx/html;

}

}

I would expect it to return 505 like if I enter a random other digit telnet localhost 81 Trying ::1... Connected to localhost. Escape character is '^{]'. GET /Hello HTTP/5.4 Host: myhostheader.comHTTP/1.1 505 HTTP Version Not Supported Server: nginx/1.25.3 Date: Fri, 27 Oct 2023 19:54:00 GMT Content-Type: text/html Content-Length: 187 Connection: close}

<html> <head><title>505 HTTP Version Not Supported</title></head> <body> <center><h1>505 HTTP Version Not Supported</h1></center> <hr><center>nginx/1.25.3</center> </body> </html> ::1 - - [27/Oct/2023:19:54:00 +0000] "GET /Hello HTTP/5.4" 505 187 "-" "-" "-" Connection closed by foreign host.

Hi, I've encountered an issue with the HTTP/3 / QUIC setup: The minimal testsetup is the default installation with a server as from the docs + reverse proxy:

server {

listen 443 quic reuseport; listen 443 ssl;

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

location / {

add_header Alt-Svc 'h3=":443"; ma=86400'; proxy_pass ht tp:// dm-devel.hosts.dm-intern.de; # spaced up for link limit in trac

}

}

I test this setup using:

curl -vik --http3-only htt ps:// localhost:443 -H "Host: exvhost"

and also tracing the proxy requests using

tcpdump 'port 80'

It produces the following backend request: GET / HTTP/1.0 Host: dm-devel.hosts.dm-intern.de <-- not the originally requested header, probably the expected behaviour Connection: close user-agent: .. accept: ..

Adding "proxy_set_header Host $http_host;" :

GET / HTTP/1.0 <-- no Host header at all here though! Connection: close user-agent: .. accept: ..

Using curl --http2 or --http1.1 it works:

GET / HTTP/1.0 Host: exvhost <-- our requested Host Connection: close User-Agent: .. Accept: ..