#983 closed defect (invalid)

NGINX PROXY 0000 1204 0000 0000 0000 0300 0000 8000

Reported by: spagu@… Owned by:
Priority: major Milestone:
Component: other Version: 1.10.x
Keywords: Cc:
Sensitive: no
uname -a: FreeBSD revproxy 10.2-RELEASE-p17 FreeBSD 10.2-RELEASE-p17 #0: Tue May 17 06:44:54 UTC 2016 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
nginx -V: nginx version: nginx/1.10.0 built with OpenSSL 1.0.2h 3 May 2016 TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-ipv6 --with-google_perftools_module --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --add-module=/wrkdirs/usr/ports/www/nginx/work/nginx_accept_language_module-2f69842 --with-http_addition_module --add-module=/wrkdirs/usr/ports/www/nginx/work/nginx-auth-ldap-8517bb0 --add-module=/wrkdirs/usr/ports/www/nginx/work/ngx_http_auth_pam_module-1.2 --add-module=/wrkdirs/usr/ports/www/nginx/work/ngx_cache_purge-2.3 --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/headers-more-nginx-module-f5559ec --with-http_dav_module --add-module=/wrkdirs/usr/ports/www/nginx/work/nginx-http-footer-filter-1.2.2 --with-http_geoip_module=dynamic --with-http_gzip_static_module --with-http_gunzip_module --with-http_image_filter_module=dynamic --add-module=/wrkdirs/usr/ports/www/nginx/work/nginx-notice-3c95966 --with-http_perl_module=dynamic --with-http_realip_module --with-http_slice_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module=dynamic --add-module=/wrkdirs/usr/ports/www/nginx/work/ngx_devel_kit-0.2.19 --add-module=/wrkdirs/usr/ports/www/nginx/work/memc-nginx-module-0.16 --with-pcre --add-module=/wrkdirs/usr/ports/www/nginx/work/xss-nginx-module-0.04 --with-http_v2_module --with-stream=dynamic --with-stream_ssl_module --with-threads --with-http_ssl_module --add-module=/wrkdirs/usr/ports/www/nginx/work/iconv-nginx-module-0.10

Description

After last update of nginx all my pages are getting:

0000 1204 0000 0000 0000 0300 0000 8000
0400 0000 0000 0500 ffff ff00 0004 0800
0000 0000 7fff 0000 0000 0807 0000 0000
0000 0000 0000 0000 01

There is a FreeBSD/10.2-RELEASE-p17 box with jails.

10.10.10.1:80 : Apache/2.4.20 - as a internal network only - generic virtual hosts
XX.XX.XX.XX:80 : nginx/1.10.0 as proxy and load balancer to Apache24 - that is public facing
Test from internal network works (apache) on all files:

curl -I --header 'Host: myserver.com' http://10.10.10.1:80/
HTTP/1.1 200 OK
Date: Fri, 20 May 2016 11:23:08 GMT
Server: Apache
Set-Cookie: _icl_current_language=en; expires=Sat, 21-May-2016 11:23:08 GMT; Max-Age=86400; path=/
Set-Cookie: _icl_current_language=en; expires=Sat, 21-May-2016 11:23:08 GMT; Max-Age=86400; path=/
Content-Type: text/html; charset=UTF-8
Test from internal or external network (nginx) fails on all files:

curl -I --header 'Host: myserver.com' http://XX.XX.XX.XX:80/
▒▒
It is happening with all configs; no SSL involved for this server.

server {

listen 80 ;
server_name myserver.com
expires off;

location / {

proxy_no_cache 1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://10.10.10.1:80/;
}

}

Initially I thought it might be connected with http/2 but I am not using it on this hosts configuration. Nginx has multiple hosts and some have a http/2 connection to other nginx http/2 hosts - this works fine. There is invalid SSL installed for the other hosts proxy on nginx - but it works.

This happen only to Apache servers that are behind. The same configuration was working for last 6 years; this happened after the nginx upgrade.

Any idea what might be happening? Bug?

Change History (1)

comment:1 Changed 17 months ago by mdounin

  • Resolution set to invalid
  • Status changed from new to closed

It looks like you have HTTP/2 enabled on the listening socket on port 80. Without SSL it means that HTTP/2 will be the only protocol used on the port, assuming prior knowledge. Search your configuration for listen 80 http2 and remove the http2 parameter.

Note: See TracTickets for help on using tickets.