Opened 3 years ago

Last modified 2 years ago

#2322 new defect

client_max_body_size doesn't work in named location

Reported by: gadskypapa@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version:
Keywords: client_max_body_size named location Cc: gadskypapa@…
uname -a: Linux app-4 4.18.0-348.12.2.el8_5.x86_64 #1 SMP Mon Jan 17 07:06:06 EST 2022 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.20.2
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/lo
g/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx
/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_te
mp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_aut
h_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index
_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module
--with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-
opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/u
sr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-prot
ection -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

I have the next configuration and client_max_body_size doesn't matter in a named location. I have errors "413 Request Entity Too Large" in log files. Everything is OK when I move client_max_body_size to server {} from named locations.

error log:
client intended to send too large body: 1441104 bytes, client: 10.178.67.87, server: loki, request: "POST /loki/api/v1/push HTTP/1.1", host: "loki"
access log:
10.178.67.87 - eissd [18/Feb/2022:14:37:55 +0500] eissd_dev "POST /loki/api/v1/push HTTP/1.1" 413 306 "Apache-HttpClient/4.5.13 (Java/17.0.2)" 0.086 -

Attachments (1)

loki.conf (2.5 KB ) - added by gadskypapa@… 3 years ago.

Download all attachments as: .zip

Change History (3)

by gadskypapa@…, 3 years ago

Attachment: loki.conf added

comment:1 by gadskypapa@…, 3 years ago

I reworked my config and it looks much better. And I sorted out my problem. But anyway client_max_body_size doesn't work in named locations. Maybe it should be clarified in documentation at least.

upstream loki {

server 127.0.0.1:3100;

}

map "$uri:$http_upgrade" $loki_connection {

"~/loki/api/v1/tail:.+" $http_connection;
default "";

}

map $http_x_scope_orgid $tenant {

eissd "eissd";
eissd_dev "eissd";
crmb2b "crmb2b";
default "okd4p";

}

server {

listen 443 ssl http2;
server_name loki;

access_log /var/log/nginx/loki.access.log loki;
error_log /var/log/nginx/loki.error.log notice;

location /metrics {

proxy_pass http_://loki;
allow 10.178.67.3/32;
deny all;

}

location /loki/api/v1/tail {

proxy_pass http_://loki;


proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection $loki_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Authorization ;

auth_basic "Loki";
auth_basic_user_file .htpasswd.loki.$tenant;

}

location /loki/api/v1/push {

proxy_pass http_://loki;
proxy_request_buffering on;


client_body_buffer_size 32k;
client_max_body_size 6m;

auth_basic "Loki";
auth_basic_user_file .htpasswd.loki.$tenant;

}

location / {

proxy_pass http_://loki;


auth_basic "Loki";
auth_basic_user_file .htpasswd.loki.$tenant;

}

}

comment:2 by SorinGFS@…, 2 years ago

I confirm that client_max_body_size does not work in named location (nginx 1.21.6). In fact, in this case nginx seem not to consider the named location as the selected location block, but instead considers the selected location block the one which triggered named location selection.

Example:

location /upload/ {
    # this is considered selected location block and client_body_max_size works!
    client_body_max_size 100m;
    try_files $uri @upload;
}

location @upload {
    # this is NOT considered selected location block and client_body_max_size DOES NOT WORK!
    client_body_max_size 100m;
    fastcgi_pass upstreamName;
    # ...
}

I have to admit, this discovery has shaken my confidence about my NGINX knowledge. I usually set the options to http level and override them at server or location level. I have always relied on documentation, and this case seems to show that not all nginx directives are applied in the same way. Here are some questions I would like an answer:

  • Is this application of the nginx directives some in the parent block, others in the internal redirected block a desired one or is it a bug?
    1. If this a desired behaviour, where can we find a list of directives that have differentiated application?
    2. If this is a bug, will it be fixed? Is there a nginx version that does not contain this bug?
    3. If this is a bug, is it just for client_max_body_size or there may be some other directives in the same situation?
Last edited 2 years ago by SorinGFS@… (previous) (diff)
Note: See TracTickets for help on using tickets.