Custom Query (2296 matches)
Results (22 - 24 of 2296)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#830 | worksforme | 400 Bad Request - No required SSL certificate was sent occurs randomly during a valid SSL session | ||
Description |
What is wrong? Subdomains are protected with a client certificate per subdomain. It is possible to access the subdomain when you choose the right client certificate. Randomly during a session (can be after 5min, or after 2 hours) NGINX will return with a "400 Bad Request - No required SSL certificate was sent". I would expect either NGINX to re-request the client certificate or just continue with the previous session. Configuration We have 112 SNI based subdomains protected with client certificates like so: server { listen 443 ssl; server_name sub.domain.com; ssl_certificate /etc/nginx/ssl/certs/site.pem; ssl_certificate_key /etc/nginx/ssl/private/site.key; ssl_client_certificate /etc/nginx/ssl/certs/clientCA.crt; ssl_verify_client on; include /etc/nginx/props/ssldefault.conf; location / { include /etc/nginx/props/proxyall.conf; if ( $ssl_client_serial != 61) {return 403;} proxy_pass http://backend; } } Because we have 112 subdomains we've set the following: server_names_hash_max_size 1600; Debugging so far See attached debug log. Either the browser does not get informed it should send a certificate, or NGINX ignore the sent certificate, might be losing the cache Reproduce It's hard to reproduce, but the best way so far:
This bug does occur in other browsers as well, but might take 2 to 8 hours to reproduce. |
|||
#1752 | wontfix | 400 Bad Request when Content-Length header value starts with HT | ||
Description |
When client send HTTP request with a header of Content-Length that starts with horizontal tab character (HT=0x09), Ngins responds with HTTP 400 Bad Request. According to HTTP RFC (https://tools.ietf.org/html/rfc2616#section-4.2): "... The field value MAY be preceded by any amount of LWS, though a single SP is preferred." LWS is defined as: LWS = [CRLF] 1*( SP | HT ) So, it looks like a header such as: Content-Type:<0x09>110\r\n should not be treated as an error. |
|||
#931 | fixed | 400 response to cyrillic domain | ||
Description |
I've created a cyrillic domain name and want to use nginx to serve simple html files. I get 400 when I try to open the domain. No useful information in logs is shown. I copied nginx.conf from an ASCII domain I had, but that didn't work. Also permissions to my public_html are same. I restarted nginx, that didn't help (-s reload and also killing the process). debug.log: 2016/03/13 09:32:20 [debug] 16419#0: accept on 0.0.0.0:80, ready: 0 2016/03/13 09:32:20 [debug] 16419#0: posix_memalign: 00007F6A8C587EB0:256 @16 2016/03/13 09:32:20 [debug] 16419#0: *16 accept: 90.154.64.230 fd:3 2016/03/13 09:32:20 [debug] 16419#0: posix_memalign: 00007F6A8C4CAA80:256 @16 2016/03/13 09:32:20 [debug] 16419#0: *16 event timer add: 3: 60000:1457876000528 2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 1 2016/03/13 09:32:20 [debug] 16419#0: *16 epoll add event: fd:3 op:1 ev:80002001 2016/03/13 09:32:20 [debug] 16419#0: *16 http wait request handler 2016/03/13 09:32:20 [debug] 16419#0: *16 malloc: 00007F6A8C4C6B30:1024 2016/03/13 09:32:20 [debug] 16419#0: *16 recv: fd:3 309 of 1024 2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C44EA00:4096 @16 2016/03/13 09:32:20 [debug] 16419#0: *16 http process request line 2016/03/13 09:32:20 [debug] 16419#0: *16 http request line: "GET / HTTP/1.1" 2016/03/13 09:32:20 [debug] 16419#0: *16 http uri: "/" 2016/03/13 09:32:20 [debug] 16419#0: *16 http args: "" 2016/03/13 09:32:20 [debug] 16419#0: *16 http exten: "" 2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C4A41A0:4096 @16 2016/03/13 09:32:20 [debug] 16419#0: *16 http process request header line 2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Host: xn--80aaagiydsciqb5hsf.xn--p1ai" 2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0" 2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" 2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Accept-Language: en-US,en;q=0.5" 2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Accept-Encoding: gzip, deflate" 2016/03/13 09:32:20 [debug] 16419#0: *16 http header: "Connection: keep-alive" 2016/03/13 09:32:20 [debug] 16419#0: *16 http header done 2016/03/13 09:32:20 [debug] 16419#0: *16 event timer del: 3: 1457876000528 2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 rewrite phase: 1 2016/03/13 09:32:20 [debug] 16419#0: *16 test location: "/" 2016/03/13 09:32:20 [debug] 16419#0: *16 using configuration "/" 2016/03/13 09:32:20 [debug] 16419#0: *16 http cl:-1 max:78643200 2016/03/13 09:32:20 [debug] 16419#0: *16 rewrite phase: 3 2016/03/13 09:32:20 [debug] 16419#0: *16 post rewrite phase: 4 2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 5 2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 6 2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 7 2016/03/13 09:32:20 [debug] 16419#0: *16 generic phase: 8 2016/03/13 09:32:20 [debug] 16419#0: *16 access phase: 9 2016/03/13 09:32:20 [debug] 16419#0: *16 access phase: 10 2016/03/13 09:32:20 [debug] 16419#0: *16 post access phase: 11 2016/03/13 09:32:20 [debug] 16419#0: *16 try files phase: 12 2016/03/13 09:32:20 [debug] 16419#0: *16 http init upstream, client timer: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 epoll add event: fd:3 op:3 ev:80002005 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "QUERY_STRING" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "QUERY_STRING: " 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REQUEST_METHOD" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "GET" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REQUEST_METHOD: GET" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "CONTENT_TYPE" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "CONTENT_TYPE: " 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "CONTENT_LENGTH" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "CONTENT_LENGTH: " 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REQUEST_URI" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "/" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REQUEST_URI: /" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "PATH_INFO" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "/" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "PATH_INFO: /" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "DOCUMENT_ROOT" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "/usr/share/nginx/html" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "DOCUMENT_ROOT: /usr/share/nginx/html" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "SERVER_PROTOCOL" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "HTTP/1.1" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "SERVER_PROTOCOL: HTTP/1.1" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REQUEST_SCHEME" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "http" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REQUEST_SCHEME: http" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REMOTE_ADDR" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "90.154.64.230" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REMOTE_ADDR: 90.154.64.230" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "REMOTE_PORT" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "13760" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "REMOTE_PORT: 13760" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "SERVER_PORT" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "80" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "SERVER_PORT: 80" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script copy: "SERVER_NAME" 2016/03/13 09:32:20 [debug] 16419#0: *16 http script var: "арсенияникитенко.рф" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "SERVER_NAME: арсенияникитенко.рф" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_HOST: xn--80aaagiydsciqb5hsf.xn--p1ai" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_USER_AGENT: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.5" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_ACCEPT_ENCODING: gzip, deflate" 2016/03/13 09:32:20 [debug] 16419#0: *16 uwsgi param: "HTTP_CONNECTION: keep-alive" 2016/03/13 09:32:20 [debug] 16419#0: *16 http cleanup add: 00007F6A8C44F910 2016/03/13 09:32:20 [debug] 16419#0: *16 get rr peer, try: 1 2016/03/13 09:32:20 [debug] 16419#0: *16 socket 4 2016/03/13 09:32:20 [debug] 16419#0: *16 epoll add connection: fd:4 ev:80002005 2016/03/13 09:32:20 [debug] 16419#0: *16 connect to unix:///home/nikitenko/arsenia/arsenia.sock, fd:4 #17 2016/03/13 09:32:20 [debug] 16419#0: *16 connected 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream connect: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C4C5170:128 @16 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream send request 2016/03/13 09:32:20 [debug] 16419#0: *16 chain writer buf fl:0 s:630 2016/03/13 09:32:20 [debug] 16419#0: *16 chain writer in: 00007F6A8C44F948 2016/03/13 09:32:20 [debug] 16419#0: *16 writev: 630 2016/03/13 09:32:20 [debug] 16419#0: *16 chain writer out: 0000000000000000 2016/03/13 09:32:20 [debug] 16419#0: *16 event timer add: 4: 60000:1457876000528 2016/03/13 09:32:20 [debug] 16419#0: *16 http finalize request: -4, "/?" a:1, c:2 2016/03/13 09:32:20 [debug] 16419#0: *16 http request count:2 blk:0 2016/03/13 09:32:20 [debug] 16419#0: *16 http run request: "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream check client, write event:1, "/" 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream recv(): -1 (11: Resource temporarily unavailable) 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream request: "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream dummy handler 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream request: "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream process header 2016/03/13 09:32:20 [debug] 16419#0: *16 malloc: 00007F6A8C4B0350:4096 2016/03/13 09:32:20 [debug] 16419#0: *16 recv: fd:4 108 of 4096 2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi status 400 "400 BAD REQUEST" 2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi header: "X-Frame-Options: SAMEORIGIN" 2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi header: "Content-Type: text/html" 2016/03/13 09:32:20 [debug] 16419#0: *16 http uwsgi header done 2016/03/13 09:32:20 [debug] 16419#0: *16 xslt filter header 2016/03/13 09:32:20 [debug] 16419#0: *16 charset: "" > "utf-8" 2016/03/13 09:32:20 [debug] 16419#0: *16 HTTP/1.1 400 BAD REQUEST 2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:1 f:0 00007F6A8C4A4D78, pos 00007F6A8C4A4D78, size: 207 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter: l:0 f:0 s:207 2016/03/13 09:32:20 [debug] 16419#0: *16 http cacheable: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream process upstream 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe read upstream: 1 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe preread: 26 2016/03/13 09:32:20 [debug] 16419#0: *16 readv: 1:3988 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe recv chain: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe buf free s:0 t:1 f:0 00007F6A8C4B0350, pos 00007F6A8C4B03A2, size: 26 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe length: -1 2016/03/13 09:32:20 [debug] 16419#0: *16 input buf #0 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe write downstream: 1 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe write downstream flush in 2016/03/13 09:32:20 [debug] 16419#0: *16 http output filter "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 image filter 2016/03/13 09:32:20 [debug] 16419#0: *16 xslt filter body 2016/03/13 09:32:20 [debug] 16419#0: *16 http postpone filter "/?" 00007F6A8C4A4F48 2016/03/13 09:32:20 [debug] 16419#0: *16 http chunk: 26 2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4A4D78, pos 00007F6A8C4A4D78, size: 207 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:1 f:0 00007F6A8C4A5088, pos 00007F6A8C4A5088, size: 4 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:1 f:0 00007F6A8C4B0350, pos 00007F6A8C4B03A2, size: 26 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:0 f:0 0000000000000000, pos 00007F6A8BE9795D, size: 2 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter: l:0 f:0 s:239 2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: 0 "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 pipe write downstream done 2016/03/13 09:32:20 [debug] 16419#0: *16 event timer: 4, old: 1457876000528, new: 1457876000531 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream exit: 0000000000000000 2016/03/13 09:32:20 [debug] 16419#0: *16 finalize http upstream request: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 finalize http uwsgi request 2016/03/13 09:32:20 [debug] 16419#0: *16 free rr peer 1 0 2016/03/13 09:32:20 [debug] 16419#0: *16 close http upstream connection: 4 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C5170, unused: 48 2016/03/13 09:32:20 [debug] 16419#0: *16 event timer del: 4: 1457876000528 2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 http upstream temp fd: -1 2016/03/13 09:32:20 [debug] 16419#0: *16 http output filter "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 image filter 2016/03/13 09:32:20 [debug] 16419#0: *16 xslt filter body 2016/03/13 09:32:20 [debug] 16419#0: *16 http postpone filter "/?" 00007FFF84A55820 2016/03/13 09:32:20 [debug] 16419#0: *16 http chunk: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 posix_memalign: 00007F6A8C4C6FF0:4096 @16 2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4A4D78, pos 00007F6A8C4A4D78, size: 207 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4A5088, pos 00007F6A8C4A5088, size: 4 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:1 f:0 00007F6A8C4B0350, pos 00007F6A8C4B03A2, size: 26 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write old buf t:0 f:0 0000000000000000, pos 00007F6A8BE9795D, size: 2 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 write new buf t:0 f:0 0000000000000000, pos 00007F6A8BE9795A, size: 5 file: 0, size: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter: l:1 f:0 s:244 2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter limit 0 2016/03/13 09:32:20 [debug] 16419#0: *16 writev: 244 2016/03/13 09:32:20 [debug] 16419#0: *16 http write filter 0000000000000000 2016/03/13 09:32:20 [debug] 16419#0: *16 http copy filter: 0 "/?" 2016/03/13 09:32:20 [debug] 16419#0: *16 http finalize request: 0, "/?" a:1, c:1 2016/03/13 09:32:20 [debug] 16419#0: *16 set http keepalive handler 2016/03/13 09:32:20 [debug] 16419#0: *16 http close request 2016/03/13 09:32:20 [debug] 16419#0: *16 http log handler 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4B0350 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C44EA00, unused: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4A41A0, unused: 0 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C6FF0, unused: 3791 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C6B30 2016/03/13 09:32:20 [debug] 16419#0: *16 hc free: 0000000000000000 0 2016/03/13 09:32:20 [debug] 16419#0: *16 hc busy: 0000000000000000 0 2016/03/13 09:32:20 [debug] 16419#0: *16 tcp_nodelay 2016/03/13 09:32:20 [debug] 16419#0: *16 reusable connection: 1 2016/03/13 09:32:20 [debug] 16419#0: *16 event timer add: 3: 65000:1457876005531 2016/03/13 09:32:20 [debug] 16419#0: *16 post event 00007F6A8C45FA50 2016/03/13 09:32:20 [debug] 16419#0: *16 delete posted event 00007F6A8C45FA50 2016/03/13 09:32:20 [debug] 16419#0: *16 http keepalive handler 2016/03/13 09:32:20 [debug] 16419#0: *16 malloc: 00007F6A8C4C6B30:1024 2016/03/13 09:32:20 [debug] 16419#0: *16 recv: fd:3 -1 of 1024 2016/03/13 09:32:20 [debug] 16419#0: *16 recv() not ready (11: Resource temporarily unavailable) 2016/03/13 09:32:20 [debug] 16419#0: *16 free: 00007F6A8C4C6B30 more error.log 2016/03/13 09:18:04 [notice] 16418#0: signal process started (note that was some time before my attempt to connect). I know that 400 may be connected with cookies, but I used wget, curl, Opera and Firefox to open that page with the same results. My nginx.conf: server { server_name людмилавахнина.рф; charset utf-8; #source_charset utf-8; error_log /var/log/nginx/lvahnina_debug.log debug; error_log /var/log/nginx/lvahnina_error.log info; # these two files are empty. No errors. root /home/nikitenko/lvahnina/public_html; location = / { try_files /index.html =404; } location = /index { return 404; } location / { try_files $uri.html =404; #try_files $uri.html; } } I don't have much memory on the machine, but probably that should be enough, $ free total used free shared buff/cache available Mem: 262144 136308 19444 5756 106392 46756 Swap: 0 0 0 |