有时nginx会无缘无故地更改方法(POST->;01 POST到代理tomcat)
我有一个问题,对于相同的请求,nginx返回501错误(因为接收到奇怪的方法)或200 OK。 我使用nginx1.16.0作为web服务器,使用tomcat7.0.54。Nginx反向代理来连接它们。(我也使用JavaSpring。) 有时tomcat会收到奇怪的方法 (示例) nginx access.log有时nginx会无缘无故地更改方法(POST->;01 POST到代理tomcat),tomcat,nginx,proxy,reverse-proxy,http-status-codes,Tomcat,Nginx,Proxy,Reverse Proxy,Http Status Codes,我有一个问题,对于相同的请求,nginx返回501错误(因为接收到奇怪的方法)或200 OK。 我使用nginx1.16.0作为web服务器,使用tomcat7.0.54。Nginx反向代理来连接它们。(我也使用JavaSpring。) 有时tomcat会收到奇怪的方法 (示例) nginx access.log 10.33.xxx.xxx - [25/Oct/2019:16:21:19 +0900] "POST /ajax/test?ts=1571988079124 HTTP/1.1" [50
10.33.xxx.xxx - [25/Oct/2019:16:21:19 +0900] "POST /ajax/test?ts=1571988079124 HTTP/1.1" [501] 1147 0.006 "https://test.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
127.0.0.1 - - [25/Oct/2019:16:21:19 +0900] "01POST /ajax/test?ts=1571988079124 HTTP/1.1" 501 1147 "https://test.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
tomcat访问日志
10.33.xxx.xxx - [25/Oct/2019:16:21:19 +0900] "POST /ajax/test?ts=1571988079124 HTTP/1.1" [501] 1147 0.006 "https://test.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
127.0.0.1 - - [25/Oct/2019:16:21:19 +0900] "01POST /ajax/test?ts=1571988079124 HTTP/1.1" 501 1147 "https://test.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
如您所见,客户端请求POST方法,但tomcat接收01POST方法。
这很奇怪,因为它是随机发生的,即使它们是相同的url、参数和请求的用户
我尝试将proxy_方法设置为请求这样的方法
nginx.conf
proxy_method $request_method;
user irteam;
worker_processes auto;
pid /home1/irteam/apps/nginx/nginx.pid;
events {
worker_connections 16000;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
#default on
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
access_log logs/access.log combined;
error_log logs/error.log error;
sendfile on;
etag on;
keepalive_timeout 25s; #default 75s
keepalive_requests 150; #default 100
client_max_body_size 20M; # default 1M
client_body_timeout 60s; # default 60s
client_body_buffer_size 512k; #default 8k|16k
client_header_timeout 60s; # default 60s
client_header_buffer_size 8k; #default 1k
send_timeout 60s; #default 60s
large_client_header_buffers 20 32k; #default 4 8k
gzip on;
gzip_types text/html application/javascript text/css application/json text/javascript;
gzip_disable "MSIE[4-6]\.";
root /home1/irteam/test;
# upstream
upstream tomcat {
server 127.0.0.1:8080 max_fails=0;
keepalive 30;
}
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_method $request_method;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off; #default on
proxy_request_buffering off; #default on
proxy_buffer_size 32k; #default 4k|8k
proxy_buffers 20 32k; #default 8 4k|8k
proxy_connect_timeout 60s; #default 60s
proxy_read_timeout 60s; #default 60s
proxy_send_timeout 60s; #default 60s
#HTTP Server
server {
listen 80;
server_name test.com;
access_log logs/access.log combined;
error_log logs/error.log error;
rewrite ^((?!http_stub_status).)*$ https://$host$uri permanent;
location / {
allow all;
index index.html index.jsp;
proxy_pass http://tomcat;
}
#gzip static
location ~ .*\.(css|js|js.gz|css.gz)$ {
gzip_vary on;
expires 1w;
}
#static
location ~ .*\.(swf|jpe?g|png|gif|bmp|ico)$ {
expires 1w;
}
location /http_stub_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
#HTTPS Server
server {
listen 443 ssl;
server_name test.com;
access_log logs/access.log combined;
error_log logs/error.log error;
ssl_certificate /home1/irteam/apps/nginx/conf/test.cert.pem;
ssl_certificate_key /home1/irteam/apps/nginx/conf/test.key.pem;
ssl_session_cache shared:SSL:600m;
ssl_session_timeout 5m;
ssl_ciphers EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:RSA+AESGCM:RC4:!LOW:!EXP:!PSK:!KRB5:!MD5:!aNULL:!eNULL:ALL;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
rewrite ^/$ /main permanent;
location / {
allow all;
index index.html index.jsp;
proxy_pass http://tomcat;
}
#gzip static
location ~ .*\.(css|js|js.gz|css.gz)$ {
gzip_vary on;
expires 1w;
}
#static
location ~ .*\.(swf|jpe?g|png|gif|bmp|ico)$ {
expires 1w;
}
location /http_stub_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
}
但它不起作用。Tomcat仍然收到奇怪的方法
我希望nginx(或tomcat)不会返回501
我的配置-nginx.conf
proxy_method $request_method;
user irteam;
worker_processes auto;
pid /home1/irteam/apps/nginx/nginx.pid;
events {
worker_connections 16000;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
#default on
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
access_log logs/access.log combined;
error_log logs/error.log error;
sendfile on;
etag on;
keepalive_timeout 25s; #default 75s
keepalive_requests 150; #default 100
client_max_body_size 20M; # default 1M
client_body_timeout 60s; # default 60s
client_body_buffer_size 512k; #default 8k|16k
client_header_timeout 60s; # default 60s
client_header_buffer_size 8k; #default 1k
send_timeout 60s; #default 60s
large_client_header_buffers 20 32k; #default 4 8k
gzip on;
gzip_types text/html application/javascript text/css application/json text/javascript;
gzip_disable "MSIE[4-6]\.";
root /home1/irteam/test;
# upstream
upstream tomcat {
server 127.0.0.1:8080 max_fails=0;
keepalive 30;
}
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_method $request_method;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off; #default on
proxy_request_buffering off; #default on
proxy_buffer_size 32k; #default 4k|8k
proxy_buffers 20 32k; #default 8 4k|8k
proxy_connect_timeout 60s; #default 60s
proxy_read_timeout 60s; #default 60s
proxy_send_timeout 60s; #default 60s
#HTTP Server
server {
listen 80;
server_name test.com;
access_log logs/access.log combined;
error_log logs/error.log error;
rewrite ^((?!http_stub_status).)*$ https://$host$uri permanent;
location / {
allow all;
index index.html index.jsp;
proxy_pass http://tomcat;
}
#gzip static
location ~ .*\.(css|js|js.gz|css.gz)$ {
gzip_vary on;
expires 1w;
}
#static
location ~ .*\.(swf|jpe?g|png|gif|bmp|ico)$ {
expires 1w;
}
location /http_stub_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
#HTTPS Server
server {
listen 443 ssl;
server_name test.com;
access_log logs/access.log combined;
error_log logs/error.log error;
ssl_certificate /home1/irteam/apps/nginx/conf/test.cert.pem;
ssl_certificate_key /home1/irteam/apps/nginx/conf/test.key.pem;
ssl_session_cache shared:SSL:600m;
ssl_session_timeout 5m;
ssl_ciphers EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:RSA+AESGCM:RC4:!LOW:!EXP:!PSK:!KRB5:!MD5:!aNULL:!eNULL:ALL;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
rewrite ^/$ /main permanent;
location / {
allow all;
index index.html index.jsp;
proxy_pass http://tomcat;
}
#gzip static
location ~ .*\.(css|js|js.gz|css.gz)$ {
gzip_vary on;
expires 1w;
}
#static
location ~ .*\.(swf|jpe?g|png|gif|bmp|ico)$ {
expires 1w;
}
location /http_stub_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
}
1.共享nginx.conf 2。使用tcpdump捕获Nginx和Tomcat之间的数据包,以调查头内容。配置X-Forwarded-For/X-Real-IP头以在tomcat日志中查看真实客户端的IP(当前为127.0.0.1),以简化未来的调试添加nginx.conf。请检查一下。我将尝试捕获数据包。谢谢你的建议!因此,nginx.conf非常简单,这不是原因。我会关注tomcat。也许你可以尝试清洁安装或升级当前的?