Opened 3 weeks ago

Closed 3 weeks ago

#2006 closed defect (invalid)

unusual behavior when proxy_set_header Host $host defined

Reported by: legale@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.19.x
Keywords: proxy_pass proxy_set_header Cc:
uname -a: Linux localhost 5.4.47-0-virt #1-Alpine SMP Thu, 18 Jun 2020 14:54:31 UTC x86_64 Linux
nginx -V: nginx version: nginx/1.18.0
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/var/lib/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pid --lock-path=/run/nginx/nginx.lock --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --add-dynamic-module=/home/buildozer/aports/main/nginx/src/njs-0.3.8/nginx --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_devel_kit-0.3.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_brotli-1.0.0rc --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_cache_purge-2.5 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-dav-ext-module-3.0.0 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/echo-nginx-module-0.61 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx-fancyindex-0.4.4 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/headers-more-nginx-module-0.33 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-nginx-module-0.10.15 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/lua-upstream-nginx-module-0.07 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nchan-1.2.7 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-http-shibboleth-2.0.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/redis2-nginx-module-0.15 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/set-misc-nginx-module-0.32 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-upload-progress-module-0.9.2 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-upstream-fair-0.1.3 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-rtmp-module-1.2.1 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/nginx-vod-module-1.25 --add-dynamic-module=/home/buildozer/aports/main/nginx/src/ngx_http_geoip2_module-3.3

Description (last modified by legale@…)

Config 1 with Host header replacement:

location /phpinfo {

proxy_set_header Host $host;
proxy_pass http://localhost:8000;

}

curl -s -o /dev/null -D - http://192.168.56.102/phpinfo
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 21 Jun 2020 13:12:05 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 323
Connection: keep-alive
Location: http://192.168.56.102:8000/phpinfo/

Config 2 just proxy_pass:

location /phpinfo {

proxy_pass http://localhost:8000;

}

curl -s -o /dev/null -D - http://192.168.56.102/phpinfo
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 21 Jun 2020 13:25:15 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 313
Location: http://192.168.56.102/phpinfo/
Connection: keep-alive

Summary:
proxy_pass with Host header replacement when no trailing slash defined redirects to:

http://192.168.56.102:8000/phpinfo/

Expected:

Location: http://192.168.56.102/phpinfo/

Change History (2)

comment:1 by legale@…, 3 weeks ago

Description: modified (diff)

comment:2 by Maxim Dounin, 3 weeks ago

Resolution: invalid
Status: newclosed

It looks like redirects returned by your backend are changed to something reasonable by proxy_redirect default; as long as you don't use proxy_set_header Host ...;. But redirects returned by your backend are different as log as you use proxy_set_header Host ...;, and these are not matched by default by proxy_redirect. You need to configure proxy_redirect appropriately or fix redirects returned by your backend server.

If you have further questions on how to configure nginx, consider using support options available.

Note: See TracTickets for help on using tickets.