问题描述

我在服务器A上进行了以下nginx设置(面向互联网，仅相关部分):

I have a following nginx setup on my server A (internet facing, only relevant parts):

upstream new_api {
  server unix:///home/ubuntu/new_api/shared/tmp/sockets/puma.sock;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;

  large_client_header_buffers 4 16k;

  ssl_certificate           /etc/nginx/cert.crt;
  ssl_certificate_key       /etc/nginx/cert.key;

  location ~ (^(/some/location|/some/other)) {
    proxy_pass http://new_api;
  }

  location / {
    proxy_pass https://serverB.com;
  }
}

现在，如果我转到/some/location，则上游的新api可以很好地服务.但是我从nginx那里得到了"400 Bad Request Request Header or Cookie Too Large"的消息.即使没有cookie且只有两个短标头的卷曲.增加large_client_header_buffers并没有帮助.

Now, if I go to /some/location it is served fine with new api upstream. But with anything else I keep getting "400 Bad Request Request Header Or Cookie Too Large" from nginx. Even with curl with no cookies and only two short headers. Increasing large_client_header_buffers does not help.

有趣的是，我完全看不到服务器B的请求，因此服务器A上的请求被切断.为什么?可能是因为我要https协议proxy_passing了吗?

The interesting part is that I don't see this request coming to Server B at all, so it gets cut off on Server A. Why? Can it be because of https protocol I'm proxy_passing to?

此外，在设置服务器A之前，所有内容都将毫无问题地进入服务器B.

Also, before setting up Server A everything was going to Server B without any problems.

推荐答案

事实证明，在域解析方面存在一些混淆(我不太了解)，因此，对服务器B的请求被传递到服务器A代替.它一直将自己的IP添加到X-Forwarded-For标头中，直到超过最大大小为止-因此错误消息实际上是正确的.

It turns out there was some mix-up with domain resolving (which I don't really understand), and as a result request to server B were passed to Server A instead. It kept adding its own IP to X-Forwarded-For header, until it exceeded max size - so the error message was actually correct.

为了进一步调试，我使用了

To debug further, I used

tcpdump -n -S -s 0 -A 'tcp dst port 80' | grep -B3 -A10 "GET"

这篇关于“请求标头或Cookie太大"在Nginx中使用proxy_pass的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！