#1586 closed defect (invalid)
App not get query behind nginx proxy - (curl: (47) Maximum (50) redirects followed)
| Reported by: | Alexandr Minzak | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | other | Version: | 1.14.x |
| Keywords: | Cc: | ||
| uname -a: | Linux monero 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.14.0
built by gcc 4.9.2 (Debian 4.9.2-10+deb8u1) built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' |
||
Description
I have app, listen on 18083 port, and curl works with him:
root@monero:/mnt/monero/logs# curl -u monerowalletrpc:pass --digest -X POST http://127.0.0.1:18083/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_languages"}' -H 'Content-Type: application/json'
{
"id": "0",
"jsonrpc": "2.0",
"result": {
"languages": ["Deutsch","English","Español","Français","Italiano","Nederlands","Português","русский язык","日本語","简体中文 (中国)","Esperanto","Lojban"]
}
}
I have nginx.config:
server {
listen 8500 default_server;
ssl on;
ssl_certificate /etc/ssl/private/letsencrypt-domain.pem;
ssl_certificate_key /etc/ssl/private/letsencrypt-domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name monero.domain;
error_log /var/log/nginx/monero.error.log warn;
access_log /var/log/nginx/monero.access.log ;
proxy_http_version 1.1;
proxy_connect_timeout 360;
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_pass_header Authorization;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_buffering off;
proxy_set_header Connection "Keep-Alive";
location / {
proxy_pass http://127.0.0.1:18083;
}
}
And curl for 8500 ports are not work!
root@monero:/mnt/monero/logs# curl -u monerowalletrpc:pass --digest -X POST https://monero.domain:8500/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_languages"}' -H 'Content-Type: application/json'
curl: (47) Maximum (50) redirects followed
P.S. no iptables, no ufw, no other blocker.
I also try use 127.0.0.0:8500 - same bad result! (
What is wrong?
Also Full detail here - https://github.com/monero-project/monero/issues/4084
Change History (5)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
In log file i see:
178.128.XX.XX - - [29/Jun/2018:19:35:13 +0000] "POST /json_rpc HTTP/1.1" 400 264 "-" "curl/7.38.0" 178.128.XX.XX - - [29/Jun/2018:19:35:23 +0000] "POST /json_rpc HTTP/1.1" 401 98 "-" "curl/7.38.0" 178.128.XX.XX - - [29/Jun/2018:19:35:23 +0000] "POST /json_rpc HTTP/1.1" 401 98 "-" "curl/7.38.0" ... many same rows here .. 178.128.XX.XX - - [29/Jun/2018:19:35:23 +0000] "POST /json_rpc HTTP/1.1" 401 98 "-" "curl/7.38.0" 178.128.XX.XX - - [29/Jun/2018:19:35:23 +0000] "POST /json_rpc HTTP/1.1" 401 98 "-" "curl/7.38.0"
comment:3 by , 6 years ago
If i use curl -v i found one differend:
< WWW-authenticate:Digest qop="auth",algorithm=MD5,realm="monero-rpc",nonce="Z9mB73VddoLs/vx0GpXwyg==",stale=false
stale=false in one case and stale=true in other.
Is it important?
comment:4 by , 6 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
For some reason your backend reject requests with the error 401 Unauthorized. You have to investigate your backend to find out why it does this. Either way, this doesn't looks like a bug in nginx, so closing this.
My best guess is that your backend requires authenticated requests to be on the same connection where previous 401 response was returned. This needs to be fixed in the backend as this explicitly contradicts the stateless nature of HTTP. For tests, you may try configuring keepalive connections to backend servers to see if it works with keepalive enabled.
Note:
See TracTickets
for help on using tickets.
Without ssl - same bad result (
Without default_server - same bad result (
Without any other vhost - same bad result (