Static or dynamic content
Jens Dueholm Christensen
JEDC at ramboll.com
Wed Sep 28 11:01:36 UTC 2016
Hi
I've got an issue where nginx (see below for version/compile options) returns a 405 (not allowed) to POST requests to clients when the upstream proxy returns a 503.
I know nginx doesn't allow posts to static content, but since all content (even static js, png etc) is served by upstream I cannot really understand why this happens since everything from upstream ought to be dynamic.
My config is basicly this
location / {
root /somewhere/;
try_files /offline.html @xact;
add_header Cache-Control "no-cache, max-age=0, no-store, must-revalidate";
}
location @xact {
proxy_pass http://127.0.0.1:4431;
proxy_redirect default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 1200;
}
The server behind 127.0.0.1:4431 is HAProxy that distributes requests to a number of backend instances.
All content is served from those instances and nginx does not have access to content from anywhere else.
Once in a blue moon HAProxy does not have any available server to send a request to, and it generates an internal 503 "Service unavailable" page.
When the request method is a POST nginx transforms this to a 405 "not allowed", which is - as far as I can understand from a number of posts found googling - is to be expected when POSTing to a static resource.
An individual backend instance can also return a 503 error if it encounters a problem servicing a request.
That 503 response is sent back to HAProxy, which parses it along to nginx, which returns the 503 to the client (and it's NOT converted into a 405!), so I know that nginx doesn't translate all 503s to 405s if it's generated by a backend instance even if the request is POSTed.
This leads me to think that somehow HAProxy does not provide the correct headers in the 503 errorpage to make nginx assume the response from HAProxy isn't dynamic.
The internally created 503 page that HAProxy creates is this (since it's sent more or less "as is" on the TCP socket it contains HTTP lingo - see https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-errorfile for details if questions arrise):
---
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
---
What headers do I need to have HAProxy add in order for nginx not to turn the 503 into a 405 and see the request (or at least the response) was to/from dynamic content?
$ nginx -V
nginx version: nginx/1.8.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=nginx --group=nginx --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-http_ssi_module
Regards,
Jens Dueholm Christensen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160928/b46884bf/attachment.html>
More information about the nginx
mailing list