第二个nginx auth_request超时

Question

我有以下nginx设置：

    location = /novnc-auth {
        internal;
        # calls the django view below
        proxy_pass http://127.0.0.1:8000/api/proxmox/novnc-connection-lookup/$cookie_novnc/;
        # set $pve $upstream_http_pve;
        # set $vmhhost $upstream_http_vmhhost;
    }

    location = /novnc/ {
        auth_request /novnc-auth;
        auth_request_set $vmhhost $upstream_http_vmhhost;
        auth_request_set $pve $upstream_http_pve;
        proxy_set_header Cookie 'PVEAuthCookie=$pve';
        proxy_pass https://$vmhhost;
    }
    
    location ~ /vncproxy/ {
        auth_request /novnc-auth;
        auth_request_set $vmhhost $upstream_http_vmhhost;
        auth_request_set $pve $upstream_http_pve;
        proxy_set_header Cookie 'PVEAuthCookie=$pve';
        proxy_pass https://$vmhhost;
    }

django视图

   def view(self, ...):
        data = json.loads(data_string)
        resp = HttpResponse(data_string)
        resp['Pve'] = data['pve']
        resp['Vmhhost'] = data['host']
        return resp

将在/novnc/处打开一个弹出的html窗口，随后将触发对/vncproxy/的ajax调用。

我遇到的问题是，第一次对/novnc/的调用正常地执行了auth_request，但是当对/vncproxy/的ajax调用挂起时，它挂在了auth_request部分上，给了我upstream timed out (110: Connection timed out) while reading response header from upstream，然后是auth request unexpected status: 504 while sending to client, client

​

​

Answer 1

我深入研究了它，并构建了一个Poc，它有类似的问题，直到我删除了not_modified头

    if_modified_since off;
    add_header Last-Modified "";

在我的auth_request后端模拟http://127.0.0.1:8080/;。这模拟了在端口8000上运行的身份验证应用程序。

server {
  listen 80;

    location = /novnc-auth {
        internal;
        # calls the django view below
        proxy_pass http://127.0.0.1:8080/;
        set $pve $upstream_http_pve;
        set $vmhhost $upstream_http_vmhhost;
    }

    location = /novnc/ {
        auth_request /novnc-auth;
        auth_request_set $vmhhost $upstream_http_vmhhost;
        proxy_pass http://$vmhhost;
    }

    location ~ /vncproxy/ {
        auth_request /novnc-auth;
        auth_request_set $pvmhhost $upstream_http_vmhhost;
        proxy_pass http://$pvmhhost;
    }

}

server {
  listen 9000;

  location / {
   root /usr/share/nginx/html;
   index index.html;
  }
}

server {
  listen 8080;

  location / {
    root /usr/share/nginx/html;
    index index.html;
    if_modified_since off;
    add_header Last-Modified "";
    add_header "vmhhost" "127.0.0.1:9000/";
    add_header "pve" "Somedata";
  }
}

加载的index.html文件包含一个XHR请求，该请求将在我加载页面时立即触发。

<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
    <script type="text/javascript">

var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
       // Typical action to be performed when the document is ready:
       document.getElementById("demo").innerHTML = xhttp.responseText;
    }
};
xhttp.open("GET", "http://localhost:55000/vncproxy/", true);
xhttp.send();

    </script>

    <div id="demo"></div>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

NGINX的调试日志显示auth_request被触发两次且调用成功。

您的错误表明它可以连接到上游，但无法接收http报头。您是否能够共享该请求的调试日志？你可以尝试的另一个测试是像我一样使用一些假的身份验证服务器，看看它是否在你的JavaScript前端上工作，以确定问题所在。

Answer 2

我通过遵循example来解决这个问题，问题是我需要设置以下内容，我刚刚意识到ajax调用是一个POST方法

location = /novnc-auth {
        internal;
        # calls the django view below
        proxy_pass http://127.0.0.1:8080/;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
    }