Custom Query (2296 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (22 - 24 of 2296)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Ticket Resolution Summary Owner Reporter
#830 worksforme 400 Bad Request - No required SSL certificate was sent occurs randomly during a valid SSL session Jeffrey
Description

What is wrong? Subdomains are protected with a client certificate per subdomain. It is possible to access the subdomain when you choose the right client certificate. Randomly during a session (can be after 5min, or after 2 hours) NGINX will return with a "400 Bad Request - No required SSL certificate was sent". I would expect either NGINX to re-request the client certificate or just continue with the previous session.

Configuration We have 112 SNI based subdomains protected with client certificates like so: 

server {
    listen       443 ssl;
    server_name  sub.domain.com;

    ssl_certificate        /etc/nginx/ssl/certs/site.pem;
    ssl_certificate_key    /etc/nginx/ssl/private/site.key;
    ssl_client_certificate /etc/nginx/ssl/certs/clientCA.crt;
    ssl_verify_client      on;

    include     /etc/nginx/props/ssldefault.conf;

    location / {
        include         /etc/nginx/props/proxyall.conf;
        if ( $ssl_client_serial != 61) {return 403;}
        proxy_pass      http://backend;
    }
}

Because we have 112 subdomains we've set the following: 

 server_names_hash_max_size  1600;

Debugging so far See attached debug log. Either the browser does not get informed it should send a certificate, or NGINX ignore the sent certificate, might be losing the cache

Reproduce It's hard to reproduce, but the best way so far:

  • Use Internet Explorer 11
  • Go to an URL using a client certificate
  • Use multiple tabs with URLs using client certificates pointing to the same NGINX instance
  • Refresh once in a while
  • The issue will occur within 1 hour (sometimes within 5 minutes)
  • Other tabs mostly follow shortly after.

This bug does occur in other browsers as well, but might take 2 to 8 hours to reproduce.

#1752 wontfix 400 Bad Request when Content-Length header value starts with HT mstavrev@…
Description

When client send HTTP request with a header of Content-Length that starts with horizontal tab character (HT=0x09), Ngins responds with HTTP 400 Bad Request.

According to HTTP RFC (https://tools.ietf.org/html/rfc2616#section-4.2):

"... The field value MAY be preceded by any amount of LWS, though a single SP is preferred."

LWS is defined as:

LWS = [CRLF] 1*( SP | HT )

So, it looks like a header such as: 

Content-Type:<0x09>110\r\n

should not be treated as an error.

#931 fixed 400 response to cyrillic domain ynikitenko@…
Description

I've created a cyrillic domain name and want to use nginx to serve simple html files. I get 400 when I try to open the domain. No useful information in logs is shown.

I copied nginx.conf from an ASCII domain I had, but that didn't work. Also permissions to my public_html are same. I restarted nginx, that didn't help (-s reload and also killing the process).

debug.log: 

2016/03/13 09:32:20 [debug] 16419#0: accept on 0.0.0.0:80, ready: 0
2016/03/13 09:32:20 [debug] 16419#0: posix_memalign: 00007F6A8C587EB0:256 @16
2016/03/13 09:32:20 [debug] 16419#0: *16 accept: 90.154.64.230 fd:3
2016/03/13 09:32:20 [debug] 16419#0: posix_memalign: 00007F6A8C4CAA80:256 @16
2016/03/13 09:32:20 [debug] 16419#0: *16 event timer add: 3: 60000:1457876000528
2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 1
2016/03/13 09:32:20 [debug] 16419#0: *16 epoll add event: fd:3 op:1 ev:80002001
2016/03/13 09:32:20 [debug] 16419#0: *16 http wait request handler
2016/03/13 09:32:20 [debug] 16419#0: *16 malloc: 00007F6A8C4C6B30:1024
2016/03/13 09:32:20 [debug] 16419#0: *16 recv: fd:3 309 of 1024
2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C44EA00:4096 @16
2016/03/13 09:32:20 [debug] 16419#0: *16 http process request line
2016/03/13 09:32:20 [debug] 16419#0: *16 http request line: "GET / HTTP/1.1"
2016/03/13 09:32:20 [debug] 16419#0: *16 http uri: "/"
2016/03/13 09:32:20 [debug] 16419#0: *16 http args: ""
2016/03/13 09:32:20 [debug] 16419#0: *16 http exten: ""
2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C4A41A0:4096 @16
2016/03/13 09:32:20 [debug] 16419#0: *16 http process request header line
2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Host: xn--80aaagiydsciqb5hsf.xn--p1ai"
2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Accept-Language: en-US,en;q=0.5"
2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Accept-Encoding: gzip, deflate"
2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Connection: keep-alive"
2016/03/13 09:32:20 [debug] 16419#0: *16 http header done
2016/03/13 09:32:20 [debug] 16419#0: *16 event timer del: 3: 1457876000528
2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 rewrite phase: 1
2016/03/13 09:32:20 [debug] 16419#0: *16 test location: "/"
2016/03/13 09:32:20 [debug] 16419#0: *16 using configuration "/"
2016/03/13 09:32:20 [debug] 16419#0: *16 http cl:-1 max:78643200
2016/03/13 09:32:20 [debug] 16419#0: *16 rewrite phase: 3
2016/03/13 09:32:20 [debug] 16419#0: *16 post rewrite phase: 4
2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 5
2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 6
2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 7
2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 8
2016/03/13 09:32:20 [debug] 16419#0: *16 access phase: 9
2016/03/13 09:32:20 [debug] 16419#0: *16 access phase: 10
2016/03/13 09:32:20 [debug] 16419#0: *16 post access phase: 11
2016/03/13 09:32:20 [debug] 16419#0: *16 try files phase: 12
2016/03/13 09:32:20 [debug] 16419#0: *16 http init upstream, client timer: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 epoll add event: fd:3 op:3 ev:80002005
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "QUERY_STRING"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "QUERY_STRING: "
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REQUEST_METHOD"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "GET"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REQUEST_METHOD: GET"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "CONTENT_TYPE"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "CONTENT_TYPE: "
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "CONTENT_LENGTH"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "CONTENT_LENGTH: "
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REQUEST_URI"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "/"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REQUEST_URI: /"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "PATH_INFO"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "/"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "PATH_INFO: /"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "DOCUMENT_ROOT"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "/usr/share/nginx/html"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "DOCUMENT_ROOT: /usr/share/nginx/html"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "SERVER_PROTOCOL"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "HTTP/1.1"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "SERVER_PROTOCOL: HTTP/1.1"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REQUEST_SCHEME"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "http"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REQUEST_SCHEME: http"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: ""
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REMOTE_ADDR"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "90.154.64.230"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REMOTE_ADDR: 90.154.64.230"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REMOTE_PORT"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "13760"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REMOTE_PORT: 13760"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "SERVER_PORT"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "80"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "SERVER_PORT: 80"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "SERVER_NAME"
2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "арсенияникитенко.рф"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "SERVER_NAME: арсенияникитенко.рф"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_HOST: xn--80aaagiydsciqb5hsf.xn--p1ai"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_USER_AGENT: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.5"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_ACCEPT_ENCODING: gzip, deflate"
2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_CONNECTION: keep-alive"
2016/03/13 09:32:20 [debug] 16419#0: *16 http cleanup add: 00007F6A8C44F910
2016/03/13 09:32:20 [debug] 16419#0: *16 get rr peer, try: 1
2016/03/13 09:32:20 [debug] 16419#0: *16 socket 4
2016/03/13 09:32:20 [debug] 16419#0: *16 epoll add connection: fd:4 ev:80002005
2016/03/13 09:32:20 [debug] 16419#0: *16 connect to unix:///home/nikitenko/arsenia/arsenia.sock, fd:4 #17
2016/03/13 09:32:20 [debug] 16419#0: *16 connected
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream connect: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C4C5170:128 @16
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream send request
2016/03/13 09:32:20 [debug] 16419#0: *16 chain writer buf fl:0 s:630
2016/03/13 09:32:20 [debug] 16419#0: *16 chain writer in: 00007F6A8C44F948
2016/03/13 09:32:20 [debug] 16419#0: *16 writev: 630
2016/03/13 09:32:20 [debug] 16419#0: *16 chain writer out: 0000000000000000
2016/03/13 09:32:20 [debug] 16419#0: *16 event timer add: 4: 60000:1457876000528
2016/03/13 09:32:20 [debug] 16419#0: *16 http finalize request: -4, "/?" a:1, c:2
2016/03/13 09:32:20 [debug] 16419#0: *16 http request count:2 blk:0
2016/03/13 09:32:20 [debug] 16419#0: *16 http run request: "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream check client, write event:1, "/"
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream recv(): -1 (11: Resource temporarily unavailable)
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream request: "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream dummy handler
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream request: "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream process header
2016/03/13 09:32:20 [debug] 16419#0: *16 malloc: 00007F6A8C4B0350:4096
2016/03/13 09:32:20 [debug] 16419#0: *16 recv: fd:4 108 of 4096
2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi status 400 "400 BAD REQUEST"
2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi header: "X-Frame-Options: SAMEORIGIN"
2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi header: "Content-Type: text/html"
2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi header done
2016/03/13 09:32:20 [debug] 16419#0: *16 xslt filter header
2016/03/13 09:32:20 [debug] 16419#0: *16 charset: "" > "utf-8"
2016/03/13 09:32:20 [debug] 16419#0: *16 HTTP/1.1 400 BAD REQUEST
2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:1 f:0 00007F6A8C4A4D78, pos 00007F6A8C4A4D78, size: 207 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter: l:0 f:0 s:207
2016/03/13 09:32:20 [debug] 16419#0: *16 http cacheable: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream process upstream
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe read upstream: 1
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe preread: 26
2016/03/13 09:32:20 [debug] 16419#0: *16 readv: 1:3988
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe recv chain: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe buf free s:0 t:1 f:0 00007F6A8C4B0350, pos 00007F6A8C4B03A2, size: 26 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe length: -1
2016/03/13 09:32:20 [debug] 16419#0: *16 input buf #0
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe write downstream: 1
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe write downstream flush in
2016/03/13 09:32:20 [debug] 16419#0: *16 http output filter "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 image filter
2016/03/13 09:32:20 [debug] 16419#0: *16 xslt filter body
2016/03/13 09:32:20 [debug] 16419#0: *16 http postpone filter "/?" 00007F6A8C4A4F48
2016/03/13 09:32:20 [debug] 16419#0: *16 http chunk: 26
2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4A4D78, pos 00007F6A8C4A4D78, size: 207 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:1 f:0 00007F6A8C4A5088, pos 00007F6A8C4A5088, size: 4 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:1 f:0 00007F6A8C4B0350, pos 00007F6A8C4B03A2, size: 26 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:0 f:0 0000000000000000, pos 00007F6A8BE9795D, size: 2 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter: l:0 f:0 s:239
2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: 0 "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 pipe write downstream done
2016/03/13 09:32:20 [debug] 16419#0: *16 event timer: 4, old: 1457876000528, new: 1457876000531
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream exit: 0000000000000000
2016/03/13 09:32:20 [debug] 16419#0: *16 finalize http upstream request: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 finalize http uwsgi request
2016/03/13 09:32:20 [debug] 16419#0: *16 free rr peer 1 0
2016/03/13 09:32:20 [debug] 16419#0: *16 close http upstream connection: 4
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C5170, unused: 48
2016/03/13 09:32:20 [debug] 16419#0: *16 event timer del: 4: 1457876000528
2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream temp fd: -1
2016/03/13 09:32:20 [debug] 16419#0: *16 http output filter "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 image filter
2016/03/13 09:32:20 [debug] 16419#0: *16 xslt filter body
2016/03/13 09:32:20 [debug] 16419#0: *16 http postpone filter "/?" 00007FFF84A55820
2016/03/13 09:32:20 [debug] 16419#0: *16 http chunk: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C4C6FF0:4096 @16
2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4A4D78, pos 00007F6A8C4A4D78, size: 207 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4A5088, pos 00007F6A8C4A5088, size: 4 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4B0350, pos 00007F6A8C4B03A2, size: 26 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:0 f:0 0000000000000000, pos 00007F6A8BE9795D, size: 2 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:0 f:0 0000000000000000, pos 00007F6A8BE9795A, size: 5 file: 0, size: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter: l:1 f:0 s:244
2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter limit 0
2016/03/13 09:32:20 [debug] 16419#0: *16 writev: 244
2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter 0000000000000000
2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: 0 "/?"
2016/03/13 09:32:20 [debug] 16419#0: *16 http finalize request: 0, "/?" a:1, c:1
2016/03/13 09:32:20 [debug] 16419#0: *16 set http keepalive handler
2016/03/13 09:32:20 [debug] 16419#0: *16 http close request
2016/03/13 09:32:20 [debug] 16419#0: *16 http log handler
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4B0350
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C44EA00, unused: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4A41A0, unused: 0
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C6FF0, unused: 3791
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C6B30
2016/03/13 09:32:20 [debug] 16419#0: *16 hc free: 0000000000000000 0
2016/03/13 09:32:20 [debug] 16419#0: *16 hc busy: 0000000000000000 0
2016/03/13 09:32:20 [debug] 16419#0: *16 tcp_nodelay
2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 1
2016/03/13 09:32:20 [debug] 16419#0: *16 event timer add: 3: 65000:1457876005531
2016/03/13 09:32:20 [debug] 16419#0: *16 post event 00007F6A8C45FA50
2016/03/13 09:32:20 [debug] 16419#0: *16 delete posted event 00007F6A8C45FA50
2016/03/13 09:32:20 [debug] 16419#0: *16 http keepalive handler
2016/03/13 09:32:20 [debug] 16419#0: *16 malloc: 00007F6A8C4C6B30:1024
2016/03/13 09:32:20 [debug] 16419#0: *16 recv: fd:3 -1 of 1024
2016/03/13 09:32:20 [debug] 16419#0: *16 recv() not ready (11: Resource temporarily unavailable)
2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C6B30

more error.log 

2016/03/13 09:18:04 [notice] 16418#0: signal process started

(note that was some time before my attempt to connect).

I know that 400 may be connected with cookies, but I used wget, curl, Opera and Firefox to open that page with the same results.

My nginx.conf: 

server {
    server_name людмилавахнина.рф;
    charset     utf-8;
    #source_charset     utf-8;
    error_log /var/log/nginx/lvahnina_debug.log debug;
    error_log /var/log/nginx/lvahnina_error.log info;
    # these two files are empty. No errors.
    root /home/nikitenko/lvahnina/public_html;

    location = / {
        try_files /index.html =404;
    }

    location = /index      { return 404; }

    location / {
        try_files $uri.html =404;
        #try_files $uri.html;
    }
}

I don't have much memory on the machine, but probably that should be enough, 

$ free
              total        used        free      shared  buff/cache   available
Mem:         262144      136308       19444        5756      106392       46756
Swap:             0           0           0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.