Opened 2 months ago

Closed 2 months ago

#1848 closed defect (invalid)

ngx_http_mirror_module

Reported by: krmelj.alen@… Owned by:
Priority: blocker Milestone:
Component: nginx-module Version: 1.17.x
Keywords: ngx_http_mirror_module, duplicate requests, bug Cc:
uname -a: Linux ip-192-168-120-172.eu-west-1.compute.internal 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.17.3 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

This is my config

server {
    listen       80;
    server_name  localhost;

    location / {
         mirror /root_mirror;
         mirror_request_body on;
         root   /usr/share/nginx/html;
    }

    location = /root_mirror {
        proxy_pass http://192.168.120.233$request_uri;
        proxy_pass_request_headers on;
        proxy_pass_request_body on;
    }

When you do:
curl localhost
on the machine that is running this config and at the same time observe tcpdump on this 192.168.120.233:

admin@ip-192-168-120-233:~$ sudo su
root@ip-192-168-120-233:/home/admin# tcpdump 'port 80'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:33:04.037267 IP ip-192-168-120-172.eu-west-1.compute.internal.44850 > ip-192-168-120-233.eu-west-1.compute.internal.http: Flags [S], seq 2887690435, win 26883, options [mss 8961,sackOK,TS val 85643749 ecr 0,nop,wscale 7], length 0
13:33:04.037297 IP ip-192-168-120-233.eu-west-1.compute.internal.http > ip-192-168-120-172.eu-west-1.compute.internal.44850: Flags [R.], seq 0, ack 2887690436, win 0, length 0
13:33:04.037332 IP ip-192-168-120-172.eu-west-1.compute.internal.44852 > ip-192-168-120-233.eu-west-1.compute.internal.http: Flags [S], seq 1504886197, win 26883, options [mss 8961,sackOK,TS val 85643749 ecr 0,nop,wscale 7], length 0
13:33:04.037336 IP ip-192-168-120-233.eu-west-1.compute.internal.http > ip-192-168-120-172.eu-west-1.compute.internal.44852: Flags [R.], seq 0, ack 1504886198, win 0, length 0

As you can see, mirror module duplicates the packet... so i'm getting double the requests that are coming to the initial nginx server.

Change History (2)

comment:1 Changed 2 months ago by krmelj.alen@…

Invalid ticket, root should not be included in the location section at all... otherwise requests gets posted again to itself and mirrored to /root_mirror.

comment:2 Changed 2 months ago by mdounin

  • Resolution set to invalid
  • Status changed from new to closed

In this particular configuration you are requesting /, which is to be handled by an index module. Likely in your case it is redirected to /index.html. Both / and /index.html are handled in the location /, so the request will be mirrored twice. If you don't want some of these to be mirrored, consider re-writing your configuration to exclude some of the requests from mirroring. See How nginx processes a request for more information on how request processing works in nginx.

Note: See TracTickets for help on using tickets.