Need help on proxy_pass which works sometime (nginx version: nginx/1.21.6).
I build a RESTful web and run it locally. It works well without any problems. I can access all features by "http://localhost:7000".
Then, I config a NGINX server to simulate the https locally. The server config is
http {
server_names_hash_bucket_size 64;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
expires -1;
server {
server_name my-service.foo.com;
rewrite ^(.*) https://my-service.foo.com$1 permanent;
}
server {
listen 443 ssl;
ssl_certificate /opt/local/etc/nginx/myservice.crt;
ssl_certificate_key /opt/local/etc/nginx/myservice.key;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name my-service.foo.com;
proxy_set_header Host $host;
location / {
proxy_pass http://localhost:7000;
}
}
}
Of course, I config /etc/hosts to add 127.0.0.1 my-service.foo.com.
The strange part is, when using http://localhost:7000 directly, everything is good.
But, when using https://my-service.foo.com, it returns 403 some time (I use Firefox).
e.g. when accessing https://my-service.foo.com/welcome.html, it loads welcome.html correctly. But returns 403 for style.css which is in welcome.html (<link rel="stylesheet" href="style.css">).
And, if I refresh the page, it returns 403 for https://my-service.foo.com/welcome.html. Refresh it again, getting welcome.html correctly but 403 for style.css.
Basically, it returns 403 for welcome.html and style.css by turns.
And, when it returns 403, I could not find the request at my web app side. It seems NGINX does not send the request.
When looking the error.log of NGINX, nothing. access.log just shows something like:
127.0.0.1 - - [01/Jun/2022:22:08:31 -0700] "GET /welcome.html HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:08:32 -0700] "GET /welcome.html HTTP/1.1" 200 1881 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:08:32 -0700] "GET /style.css HTTP/1.1" 403 0 "https://my-service.foo.com/welcome.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:08:33 -0700] "GET /session/status HTTP/1.1" 200 38 "https://my-service.foo.com/welcome.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:05 -0700] "GET /welcome.html HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:11 -0700] "GET /welcome.html HTTP/1.1" 200 1881 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:11 -0700] "GET /style.css HTTP/1.1" 403 0 "https://my-service.foo.com/welcome.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:11 -0700] "GET /session/status HTTP/1.1" 200 38 "https://my-service.foo.com/welcome.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:24 -0700] "GET /welcome.html HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:26 -0700] "GET /welcome.html HTTP/1.1" 200 1881 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:26 -0700] "GET /style.css HTTP/1.1" 403 0 "https://my-service.foo.com/welcome.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
127.0.0.1 - - [01/Jun/2022:22:10:27 -0700] "GET /session/status HTTP/1.1" 200 38 "https://my-service.foo.com/welcome.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0"
CodePudding user response:
Finally, I figured out this problem by changing the port from 7000 to other.
On Mac, listen on port 7000 too. Once updating the port, the strange behavior disappeared.