Opened 8 years ago
Closed 8 years ago
#1076 closed defect (invalid)
client_max_body_size has no effect with ssl configured
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | blocker | Milestone: | |
| Component: | other | Version: | 1.11.x |
| Keywords: | Cc: | ||
| uname -a: | Linux ef465051a9a8 4.4.11-23.53.amzn1.x86_64 #1 SMP Wed Jun 1 22:22:50 UTC 2016 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.11.3
built by gcc 4.9.2 (Debian 4.9.2-10) built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=debian/extra/njs-0.1.0/nginx --with-threads --with-stream --with-stream_ssl_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed' |
||
Description
When I set client_max_body_size 30m; without ssl everything works (files up to 30MB are accepted). However when I switch to ssl it completely ignores this directive.
My configuration looks like (/etx/nginx/conf.d/my-sites.com.conf):
server {
listen 443 ssl;
server_name my-sites.com;
ssl_certificate /etc/nginx/ssl/my-sites.com/uni_my-sites.com.crt;
ssl_certificate_key /etc/nginx/ssl/my-sites.com/my-sites.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 30m;
location / {
proxy_pass http://my-backend.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
My configuration is:
AWS EC2 nano instance
Nginx in docker (latest stable - 1.10.1)
Only one virtual host on single IP address
See stackoverflow: http://stackoverflow.com/questions/39509355/nginx-client-max-body-size-has-no-effect-with-ssl-configured
Change History (2)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Closing this, update on stackoverflow confirms that the problem is not in nginx.
Please provide full configuration as shown with "nginx -T".
Please also make sure that you are testing it properly and the problem is in nginx, not in Amazon balancer or in your backend. A trivial way to test it locally would be:
If it immediately returns 413 Request Entity Too Large, then there is a problem with nginx configuration. If it hangs till timeout, then everything is fine (timeout is expected as the command above indicates there will be 10m request body, but doesn't provide any).
To be sure I've just tested the configuration above, and it works as expected: accepts requests with less than 30m of body data, and rejects anything above 30m.