Getting weird issue with Nginx reverse Proxy

Sergey A. Osokin osa at freebsd.org.ru
Thu Mar 3 20:00:45 UTC 2022


Hi there,

hope you're doing well these days.

On Thu, Mar 03, 2022 at 01:26:51PM -0500, blason wrote:
> Hi Team,
> 
> My portal name is lets say fs.example.com and it is configured on apache
> server which is then proxied to internet using Nginx reverse proxy. However
> I tried everything I was aware of and I am consistently getting below error
> whenever this URL is accessed. I am running out of ideas about
> troubleshooting the issue and I need a help on it. Here is Nginx config
> file
> 
> ```
> server {
>         listen 443 http2 ssl;
>         server_name  fs.example.com;
>         ssl_protocols  TLSv1.2;
>         ssl_prefer_server_ciphers on;
>         ssl_session_cache shared:SSL:10m;
>         ssl_certificate           /etc/nginx/ssls/isncert/isnwild.crt;
>         ssl_certificate_key   /etc/nginx/ssls/isncert/star.key;
>         ssl_ciphers
> 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:E
> CDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256
> -SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RS
> A-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
> DES-CBC3-SHA:!DSS';
>         ssl_dhparam /etc/ssl/dhparams2048.pem;
>         ssl_session_timeout 1d;
>         ssl_session_tickets off;
>         ssl_stapling on;
>         ssl_stapling_verify on;
>         resolver 8.8.8.8 8.8.4.4 valid=300s;
>         include /config/nginx/authelia.conf;
>         access_log /var/log/nginx/fs/access.log;
>         error_log /var/log/nginx/fs/error.log;
> location / {
>         client_max_body_size    10m;
>         #proxy_headers_hash_max_size 512;
>         proxy_headers_hash_bucket_size 128;
>         proxy_busy_buffers_size 256k;
>         proxy_temp_file_write_size 256k;
>         proxy_buffers     4 256k;
>         proxy_buffer_size  16k;
>         proxy_pass http://fs.example.com;
>         proxy_set_header   Host   $host;
>         proxy_set_header   X-Real-IP  $remote_addr;
>         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
>        add_header X-Content-Type-Options nosniff;
>        add_header X-XSS-Protection "1; mode=block";
>        add_header Referrer-Policy "no-referrer-when-downgrade";
>        add_header Strict-Transport-Security "max-age=31536000;
> includeSubDomains" always;
>         include /config/nginx/auth.conf;
>        include /config/nginx/restconfig.conf;
>         }
> }
> ```
> 
> And here is the error
> 
> Bad Request
> Your browser sent a request that this server could not understand.

I'd recommend to run

# nginx -T |& tee /tmp/output.log

remote/anonimyse all restricted information in the /tmp/output.log file
and share the configuration here.

Thank you.

-- 
Sergey A. Osokin



More information about the nginx mailing list