Opened 5 years ago
Closed 5 years ago
#1848 closed defect (invalid)
ngx_http_mirror_module
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | blocker | Milestone: | |
| Component: | nginx-module | Version: | 1.17.x |
| Keywords: | ngx_http_mirror_module, duplicate requests, bug | Cc: | |
| uname -a: | Linux ip-192-168-120-172.eu-west-1.compute.internal 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.17.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' |
||
Description
This is my config
server {
listen 80;
server_name localhost;
location / {
mirror /root_mirror;
mirror_request_body on;
root /usr/share/nginx/html;
}
location = /root_mirror {
proxy_pass http://192.168.120.233$request_uri;
proxy_pass_request_headers on;
proxy_pass_request_body on;
}
When you do:
curl localhost
on the machine that is running this config and at the same time observe tcpdump on this 192.168.120.233:
admin@ip-192-168-120-233:~$ sudo su root@ip-192-168-120-233:/home/admin# tcpdump 'port 80' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 13:33:04.037267 IP ip-192-168-120-172.eu-west-1.compute.internal.44850 > ip-192-168-120-233.eu-west-1.compute.internal.http: Flags [S], seq 2887690435, win 26883, options [mss 8961,sackOK,TS val 85643749 ecr 0,nop,wscale 7], length 0 13:33:04.037297 IP ip-192-168-120-233.eu-west-1.compute.internal.http > ip-192-168-120-172.eu-west-1.compute.internal.44850: Flags [R.], seq 0, ack 2887690436, win 0, length 0 13:33:04.037332 IP ip-192-168-120-172.eu-west-1.compute.internal.44852 > ip-192-168-120-233.eu-west-1.compute.internal.http: Flags [S], seq 1504886197, win 26883, options [mss 8961,sackOK,TS val 85643749 ecr 0,nop,wscale 7], length 0 13:33:04.037336 IP ip-192-168-120-233.eu-west-1.compute.internal.http > ip-192-168-120-172.eu-west-1.compute.internal.44852: Flags [R.], seq 0, ack 1504886198, win 0, length 0
As you can see, mirror module duplicates the packet... so i'm getting double the requests that are coming to the initial nginx server.
Change History (2)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
In this particular configuration you are requesting /, which is to be handled by an index module. Likely in your case it is redirected to /index.html. Both / and /index.html are handled in the location /, so the request will be mirrored twice. If you don't want some of these to be mirrored, consider re-writing your configuration to exclude some of the requests from mirroring. See How nginx processes a request for more information on how request processing works in nginx.
Note:
See TracTickets
for help on using tickets.
Invalid ticket, root should not be included in the location section at all... otherwise requests gets posted again to itself and mirrored to /root_mirror.