Home > Blockchain >  Second nginx auth_request timed out
Second nginx auth_request timed out

Time:09-24

I have the following nginx setup:

    location = /novnc-auth {
        internal;
        # calls the django view below
        proxy_pass http://127.0.0.1:8000/api/proxmox/novnc-connection-lookup/$cookie_novnc/;
        # set $pve $upstream_http_pve;
        # set $vmhhost $upstream_http_vmhhost;
    }

    location = /novnc/ {
        auth_request /novnc-auth;
        auth_request_set $vmhhost $upstream_http_vmhhost;
        auth_request_set $pve $upstream_http_pve;
        proxy_set_header Cookie 'PVEAuthCookie=$pve';
        proxy_pass https://$vmhhost;
    }
    
    location ~ /vncproxy/ {
        auth_request /novnc-auth;
        auth_request_set $vmhhost $upstream_http_vmhhost;
        auth_request_set $pve $upstream_http_pve;
        proxy_set_header Cookie 'PVEAuthCookie=$pve';
        proxy_pass https://$vmhhost;
    }

django view

   def view(self, ...):
        data = json.loads(data_string)
        resp = HttpResponse(data_string)
        resp['Pve'] = data['pve']
        resp['Vmhhost'] = data['host']
        return resp

A popup html window opens at /novnc/, which subsequently fires an ajax call to /vncproxy/.

The problem I am having is, first call to /novnc/ worked as it should, performs auth_request fine, but then when an ajax call to /vncproxy/ it hangs on the auth_request part and giving me upstream timed out (110: Connection timed out) while reading response header from upstream then auth request unexpected status: 504 while sending to client, client

enter image description here

CodePudding user response:

I digged into it and have build a Poc that had a similiar problem till I removed the not_modified headers

    if_modified_since off;
    add_header Last-Modified "";

in my auth_request backend mock http://127.0.0.1:8080/;. This mocks your auth-app running on port 8000.

server {
  listen 80;

    location = /novnc-auth {
        internal;
        # calls the django view below
        proxy_pass http://127.0.0.1:8080/;
        set $pve $upstream_http_pve;
        set $vmhhost $upstream_http_vmhhost;
    }

    location = /novnc/ {
        auth_request /novnc-auth;
        auth_request_set $vmhhost $upstream_http_vmhhost;
        proxy_pass http://$vmhhost;
    }

    location ~ /vncproxy/ {
        auth_request /novnc-auth;
        auth_request_set $pvmhhost $upstream_http_vmhhost;
        proxy_pass http://$pvmhhost;
    }

}

server {
  listen 9000;

  location / {
   root /usr/share/nginx/html;
   index index.html;
  }
}

server {
  listen 8080;

  location / {
    root /usr/share/nginx/html;
    index index.html;
    if_modified_since off;
    add_header Last-Modified "";
    add_header "vmhhost" "127.0.0.1:9000/";
    add_header "pve" "Somedata";
  }
}

My index.html file loaded includes an XHR-Request that will triggered as soon as I load the page.

<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
    <script type="text/javascript">

var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
       // Typical action to be performed when the document is ready:
       document.getElementById("demo").innerHTML = xhttp.responseText;
    }
};
xhttp.open("GET", "http://localhost:55000/vncproxy/", true);
xhttp.send();

    </script>

    <div id="demo"></div>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

The debug-log of NGINX is showing that the auth_request was triggered twice and called successfully.

Your error says it can connect to the upstream but failed to receive the http header. Are you able to share the debug logs from that request? Another test you can try is to use some fake auth server like I did and see if that is working with your JavaScript Frontend to determine where the problem sits.

CodePudding user response:

I figured it out by following the example, the problem is that I needed to set the following, I just realised ajax call was making a POST method

location = /novnc-auth {
        internal;
        # calls the django view below
        proxy_pass http://127.0.0.1:8080/;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
    }

Page link:https//www.codepudding.com/Blockchain/125805.html

Prev:Longer lasting user credentials with gcloud auth? Prevent expiration?
Next:Why when I changed the value of the variable using pointer, the value was still the same?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding