Nginx 0.8.14 - cookie / proxy_pass issue

Payam Chychi pchychi at gmail.com
Fri Sep 18 04:04:06 MSD 2009


Hey Guys,

I see the following on the nginx server by going to
http://virtual_ip_on_ngix  however, the cookie headers are never
passed to the clients browser. I can see the headers in the http proxy
header but my firefox browser never sees the  cookies (i do see the
ookie with __utma* ones but not the cookie that is GCD, PHPSESSID,
SESSIOn2)

any ideas? topology is :  client --> virtual ip on nginx proxy -->
proxy_pass to origin -->

Log file:

2009/09/17 17:01:08 [debug] 4087#0: *192 http script copy: "Connection: close
"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.0.14) Gecko/2009082706 Firefox/3.0.14"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"Accept-Language: en-us,en;q=0.5"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"Accept-Encoding: gzip,deflate"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Cookie:
payam; __utma=182747233.1236263871.1253228942.1253228942.1253231200.2;
__utmc=182747233;
__utmz=182747233.1253228942.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=182747233.4.10.1253231200; GCD=Z6SV699O;
PHPSESSID=fa4326f19f65c889ee383a879a410116;
session2=59e5538b72f46538f80cf8521b3dc014"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"GET / HTTP/1.0
Host: 69.172.200.17
X-Real-IP: 70.68.178.133
X-Forwarded-For: 70.68.178.133
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.0.14) Gecko/2009082706 Firefox/3.0.14
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Cookie: payam; __utma=182747233.1236263871.1253228942.1253228942.1253231200.2;
__utmc=182747233;
__utmz=182747233.1253228942.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=182747233.4.10.1253231200; GCD=Z6SV699O;
PHPSESSID=fa4326f19f65c889ee383a879a410116;
session2=59e5538b72f46538f80cf8521b3dc014

"
2009/09/17 17:01:08 [debug] 4087#0: *192 http cleanup add: 094FED34
2009/09/17 17:01:08 [debug] 4087#0: *192 get rr peer, try: 1
2009/09/17 17:01:08 [debug] 4087#0: *192 socket 76
2009/09/17 17:01:08 [debug] 4087#0: *192 epoll add connection: fd:76 ev:80000005
2009/09/17 17:01:08 [debug] 4087#0: *192 connect to 174.143.25.223:80,
fd:76 #2021
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream connect: -2
2009/09/17 17:01:08 [debug] 4087#0: *192 event timer add: 76: 300000:3396885177
2009/09/17 17:01:08 [debug] 4087#0: *192 http run request: "/?"
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream check client,
write event:1, "/"
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream recv(): -1 (11:
Resource temporarily unavailable)
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream request: "/?"
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream send request handler
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream send request
2009/09/17 17:01:08 [debug] 4087#0: *192 chain writer buf fl:1 s:725
2009/09/17 17:01:08 [debug] 4087#0: *192 chain writer in: 094FED50
2009/09/17 17:01:08 [debug] 4087#0: *192 writev: 725
2009/09/17 17:01:08 [debug] 4087#0: *192 chain writer out: 00000000
2009/09/17 17:01:08 [debug] 4087#0: *192 event timer del: 76: 3396885177
2009/09/17 17:01:08 [debug] 4087#0: *192 event timer add: 76: 300000:3396885218

==> /var/log/nginx/69.172.200.17_ypf_http_thathostingplace_www.gametimezone.com.access.log
<==
70.68.178.133 - - [17/Sep/2009:17:01:08 -0700] "GET / HTTP/1.1" "200"
5524 "-""Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.0.14) Gecko/2009082706 Firefox/3.0.14" "-"

==> /var/log/nginx/69.172.200.17_ypf_http_thathostingplace_www.gametimezone.com.error.log
<==
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream request: "/?"
2009/09/17 17:01:08 [debug] 4087#0: *192 http upstream process header
2009/09/17 17:01:08 [debug] 4087#0: *192 malloc: 096D3150:16384
2009/09/17 17:01:08 [debug] 4087#0: *192 recv: fd:76 1448 of 16339
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy status 200 "200 OK"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Date:
Thu, 17 Sep 2009 23:58:44 GMT"
2009/09/17 17:01:08 [debug] 4087#0: *192 malloc: 09506628:4096
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Server:
Apache/2.2.3 (Debian) PHP/5.2.0-8+etch15 mod_ssl/2.2.3 OpenSSL/0.9.8c
mod_perl/2.0.2 Perl/v5.8.8"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"X-Powered-By: PHP/5.2.0-8+etch15"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"Set-Cookie: GCD=Z6SV699O; expires=Mon, 16-Nov-2009 23:58:44 GMT;
path=/"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Expires:
Sat, 26 Jul 1997 05:00:00 GMT"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"Cache-Control: no-cache, must-revalidate"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Pragma: no-cache"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header: "Connection: close"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header:
"Content-Type: text/html; charset=UTF-8"
2009/09/17 17:01:08 [debug] 4087#0: *192 http proxy header done
2009/09/17 17:01:08 [debug] 4087#0: *192 HTTP/1.1 200 OK
Server: nginx/0.7.54
Date: Fri, 18 Sep 2009 00:01:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.2.0-8+etch15
Set-Cookie: GCD=Z6SV699O; expires=Mon, 16-Nov-2009 23:58:44 GMT; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip





If i go to http://origin_ip_server all proper cookies are applied to
the header and cilent side can see all cookies

nginx.conf

http {
    include    proxy.conf;
    include       mime.types;
    include     cache.conf;
    include 	rate-limit.conf;
    include 	con-limit.conf;

   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '"$status" $body_bytes_sent "$http_referer"'
                      '"$http_user_agent" "$http_x_forwarded_for"';


    include /etc/nginx/sites-enabled/conf/*.conf;
    include /etc/nginx/servers/*http_server.conf;


        sendfile        on;
        tcp_nodelay        off;
        keepalive_timeout  300;
	send_timeout 90;
        client_body_timeout 60;
        client_header_timeout 60;
	
	client_header_buffer_size 1k;
	large_client_header_buffers 4 4k;



proxy.conf

proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   300;
proxy_send_timeout      300;
proxy_read_timeout      300;
proxy_buffer_size   16k;
proxy_buffers           32 4k;
proxy_busy_buffers_size 64k;

any help would greatly be appreciated as I cant not locate the issue
at this point

-- 
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer





More information about the nginx mailing list