Transmission remote GUI proxy_protocol broken header

Francis Daly francis at daoine.org
Tue Sep 20 19:49:56 UTC 2016


On Mon, Sep 19, 2016 at 09:08:57AM -0400, adrhc wrote:

Hi there,

> nginx-1.11.3
> Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 ->
> nginx:127.0.0.1:443 (no ssl, with listen ... proxy_protocol,
> port_in_redirect on)

There are a lot of potential moving parts there.

> nginx:127.0.0.1:443 -> here I'm getting in fact plain http but I have an
> nginx patch forcing Location header to use https when using 443 port so I
> need 443.

I *suspect* that that change will not affect this problem, but it is
good to be sure. When you have a simple reproducible test case, could you
swap in a stock nginx version to confirm that the problem remains there?

But first...

> I'm getting the error:
> 
> 2016/09/19 16:02:51 [error] 12665#0: *7 broken header: ">:E_��Zp�
> ���(�ZЉ�'��0�,�(�$��
> ����kjih9876�����2�.�*�&���=5��/�+�'�#��	����g@?>3210����EDCB�1�-�)�%���</�A���
> �                                                                          
>            ��
> �g
>    	127.0.0.1
>  
" while reading PROXY protocol, client:
> 127.0.0.1, server: 127.0.0.1:443

If I have understood your architecture correctly, your nginx is http-only
(no ssl). And that usually means "no binary stuff", unless you know you
are asking for compression or something like that.

So: where does this log come from?

Can you see: what is the one request that causes this to happen? Can you
remove as much as possible, and just make one https request to stunnel and
see if the same problem happens? If so, you have eliminated Transmission
and sshttp from the problem space.

Make a request for something simple like /file.txt that you know will
be handled cleanly by your nginx.

Simplify it as much as possible, and there will be a much better chance
that someone else will build something to reproduce the problem.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list