id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 858 Use of PROXY protocol return HTTP 400 error Jonathan Leroy "Nginx return an HTTP 400 (Bad Request) error when I configure HAProxy to use PROXY protocol while communicate with it. Nginx doesn't seems to recognize the PROXY header. My Nginx config : {{{ set_real_ip_from fd41:9eff:0c33::/48; real_ip_header proxy_protocol; server { listen [fd41:9eff:c33::3]:443; server_name www.domain.tld; root /var/www/www.domain.tld/public; access_log syslog:server=[fd41:9eff:c33::1]:514,facility=local7,severity=info,tag=nginx_access combined; error_log syslog:server=[fd41:9eff:c33::1]:514,facility=local7,severity=info,tag=nginx_errors; # HTTP Strict Transport Security (HSTS). 1 year. add_header Strict-Transport-Security max-age=31536000; expires $expires; client_max_body_size 25m; index index.php index.html; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ ^(.+\.php)(.*)$ { try_files $uri =403; #fastcgi_buffers 8 16k; #fastcgi_buffer_size 32k; fastcgi_read_timeout 180s; fastcgi_split_path_info ^(.+\.php)(.*)$; include fastcgi.conf; fastcgi_param SERVER_NAME $http_host; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param HTTPS $https; #fastcgi_param PHP_VALUE ""sendmail_path=/usr/sbin/sendmail -t -i -f $http_host@domain.tld""; fastcgi_pass unix:/var/run/php5-fpm-www.domain.tld.sock; } location ~ /\. { deny all; access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } } server { listen [fd41:9eff:c33::3]:443 default_server ssl spdy proxy_protocol; server_name domain.tld; access_log off; error_log /dev/null; # HTTP Strict Transport Security (HSTS). 1 year. add_header Strict-Transport-Security max-age=31536000; ssl_certificate /etc/XXXXXX/ssl/certs/domain.tld-wildcard/domain.tld-wildcard+dvcasha2.crt; ssl_certificate_key /etc/XXXXXX/ssl/certs/domain.tld-wildcard/domain.tld-wildcard.key; #ssl_stapling on; #ssl_stapling_verify on; #ssl_trusted_certificate /etc/XXXXXX/ssl/CA/Certum/OCSP/CTNCA+dvcasha2.pem; return 301 https://www.domain.tld$request_uri; } server { listen [fd41:9eff:c33::3]:80 default_server proxy_protocol; server_name domain.tld www.domain.tld; access_log off; error_log /dev/null; return 301 https://www.domain.tld$request_uri; } }}} Nginx error log : {{{ Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 accept: [fd41:9eff:c33::ffff]:36222 fd:44 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 event timer add: 44: 60000:1449845703579 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 reusable connection: 1 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 epoll add event: fd:44 op:1 ev:80002001 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 post event 00000000018E5748 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 delete posted event 00000000018E5748 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http wait request handler Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 malloc: 000000000194ACD0:1024 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 recv: fd:44 258 of 1024 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 reusable connection: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 posix_memalign: 0000000001924B90:4096 @16 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http process request line Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [info] 31660#31660: *3055 client sent invalid request while reading client request line, client: fd41:9eff:c33::ffff, server: collectorsquare.com, request: ""PROXY TCP4 178.250.6.44 178.33.237.85 52692 80"" Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http finalize request: 400, ""?"" a:1, c:1 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 event timer del: 44: 1449845703579 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http special response: 400, ""?"" Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http set discard body Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 xslt filter header Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 HTTP/1.1 400 Bad Request#015#012Server: nginx/1.8.0#015#012Date: Fri, 11 Dec 2015 14:54:03 GMT#015#012Content-Type: text/html#015#012Content-Length: 172#015#012Connection: close#015 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 write new buf t:1 f:0 00000000019259A0, pos 00000000019259A0, size: 151 file: 0, size: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http write filter: l:0 f:0 s:151 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http output filter ""?"" Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http copy filter: ""?"" Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 posix_memalign: 0000000001925BA0:4096 @16 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 image filter Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 xslt filter body Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http postpone filter ""?"" 0000000001925B78 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 write old buf t:1 f:0 00000000019259A0, pos 00000000019259A0, size: 151 file: 0, size: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 write new buf t:0 f:0 0000000000000000, pos 00000000006FAF40, size: 120 file: 0, size: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 write new buf t:0 f:0 0000000000000000, pos 00000000006FB460, size: 52 file: 0, size: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http write filter: l:1 f:0 s:323 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http write filter limit 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 writev: 323 of 323 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http write filter 0000000000000000 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http copy filter: 0 ""?"" Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http finalize request: 0, ""?"" a:1, c:1 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 event timer add: 44: 5000:1449845648579 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http lingering close handler Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 recv: fd:44 -1 of 4096 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 recv() not ready (11: Resource temporarily unavailable) Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 lingering read: -2 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 event timer: 44, old: 1449845648579, new: 1449845648579 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 post event 00000000018E5748 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 delete posted event 00000000018E5748 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http lingering close handler Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 recv: fd:44 0 of 4096 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 lingering read: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http request count:1 blk:0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http close request Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http log handler Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 http pinba handler Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 free: 0000000001924B90, unused: 8 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 free: 0000000001925BA0, unused: 4016 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 close http connection: 44 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 event timer del: 44: 1449845648579 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 reusable connection: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 free: 000000000194ACD0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 free: 0000000001910730, unused: 0 Dec 11 15:54:03 server3 nginx_errors: 2015/12/11 15:54:03 [debug] 31660#31660: *3055 free: 0000000001910490, unused: 48 }}}" defect closed minor nginx-core 1.8.x fixed jonathan@… Linux b2o-web3-l 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 GNU/Linux "nginx version: nginx/1.8.0 built with OpenSSL 1.0.1k 8 Jan 2015 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_gunzip_module --with-file-aio --with-threads --with-http_spdy_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/usr/src/builddir/debian/modules/nginx-auth-pam --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module --add-module=/usr/src/builddir/debian/modules/nginx-echo --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge --add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header --with-ld-opt=-lossp-uuid"