代码之家  ›  专栏  ›  技术社区  ›  Aris_D

NGINX反向代理上游在读取上游时发送的数据多于“内容长度”标头中指定的数据

  •  0
  • Aris_D  · 技术社区  · 1 年前

    所以,我有一个authulia和另一个网络应用程序的设置,它在nginx反向代理后面用2FA进行保护。

    除了web应用程序中的一个插件外,一切都运行得很好。

    Nginx代理管理器给我以下错误,页面为空白:

    023/09/28 10:04:50[警告]169#169:*85上游读取上游时发送的数据超过“内容长度”标头中指定的数据,客户端:XX.XX.XX.XX,服务器:domain.mydomain.com,请求:“GET/console/plugins/1302/app_proxy/next dashboard HTTP/2.0”,上游:“https://CC.CC.CC.CC:443/console/plugins/1302/app_proxy/next-dashboard”,主机:“domain.mydomain.com”,引用者:“https://domain.mydomain.com/jsp/myapp.jsp“

    没有介于两者之间的authlia应用程序可以很好地与我的nginx配合使用。

    这是我的配置:

    server {
      set $forward_scheme https;
      set $server         "IP";
      set $port           443;
    
      listen 80;
    listen [::]:80;
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    
      server_name domain.mydomain.com;
    
    
      # Custom SSL
      ssl_certificate /cert.pem;
      ssl_certificate_key /cert.pem;
    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
    
    
      access_log /data/logs/proxy-host-9_access.log proxy;
      error_log /data/logs/proxy-host-9_error.log warn;
    
    location /authelia {
        internal;
        set $upstream_authelia http://IP/api/verify; #
        proxy_pass_request_body off;
        proxy_pass $upstream_authelia;    
        proxy_set_header Content-Length "";
     
        # Timeout if the real server is dead
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        #proxy_buffering off;
        client_body_buffer_size 128k;
        proxy_set_header Host $host;
        proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr; 
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Uri $request_uri;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_redirect  http://  $scheme://;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_cache_bypass $cookie_session;
        proxy_no_cache $cookie_session;
        proxy_buffers 4 256k;
        proxy_buffer_size 256k;
        send_timeout 5m;
        proxy_read_timeout 240;
        proxy_send_timeout 240;
        proxy_connect_timeout 240;
    }
     
        location / {
            set $upstream_app https://IP:443;  
            proxy_pass $upstream_app;  
     
            auth_request /authelia;
            auth_request_set $target_url $scheme://$http_host$request_uri;
            auth_request_set $user $upstream_http_remote_user;
            auth_request_set $groups $upstream_http_remote_groups;
            proxy_set_header Remote-User $user;
            proxy_set_header Remote-Groups $groups;
            error_page 401 =302 https://auth.mydomain.com/?rd=$target_url; 
            client_body_buffer_size 128k;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
     
            send_timeout 5m;
            proxy_read_timeout 360;
            proxy_send_timeout 360;
            proxy_connect_timeout 360;
     
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_set_header X-Forwarded-Uri $request_uri;
            proxy_set_header X-Forwarded-Ssl on;
            proxy_redirect  http://  $scheme://;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_cache_bypass $cookie_session;
            proxy_no_cache $cookie_session;
            proxy_buffer_size 256k;
            proxy_buffers 32 256k;
            fastcgi_buffer_size 32k;
                fastcgi_buffers 4 32k;
    
    
            real_ip_header X-Forwarded-For;
            real_ip_recursive on;
     
        }
    
    
    large_client_header_buffers 4 8k;
    
      # Custom
      include /data/nginx/custom/server_proxy[.]conf;
    }
    

    有什么想法吗? 这个配置变得一团糟,因为我尝试了很多cr@p最后2天。

    我尝试删除代理缓冲区,行为是一样的,我还添加了fastcgi_buffers,但什么都没发生。

    0 回复  |  直到 1 年前