Forum Linux.général [Nginx load balancing] erreur 404

Posté par . Licence CC by-sa
1
17
fév.
2018

Salut tout monde,

J'essaye de load balancer un site .net sur 6 serveurs IIS avec nginx (CentOS7).
Lorsque j'attaque directement les IIS le site est OK (HTTP 200), mais lorsque je passe par nginx j'obtiens une erreur 404 à chaque fois.

Voici les headers du site quand je passe en direct

Request URL:http://www.mywebapp.fr/
Request Method:GET
Status Code:200 OK
Remote Address:10.236.10.23:80
Referrer Policy:no-referrer-when-downgrade
Cache-Control:public, max-age=7200, stale-while-revalidate=3600
Content-Type:text/html; charset=utf-8
Date:Sat, 17 Feb 2018 00:02:25 GMT
Server:Microsoft-IIS/10.0
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:3.0
X-hs:PROD - -mywebapp_3 - v3.0.1 - rev 0
X-Powered-By:UrlRewriter.NET 2.0.0
X-Powered-By:ASP.NET
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:gzip, deflate
Accept-Language:fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control:max-age=0
Connection:keep-alive
Cookie:xtvrn=$543488$; xtan=-; xtant=1; tc_PAGESVUES=YES; tc_cj_v2=%5Ecl_%5Dny%5B%5D%5D_mmZZZZZZKOKPQROQMQMNSZZZ%5D; TC_PAGES_VIEWED=2
DNT:1
Host:www.mywebapp.fr
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36

et voici ma config nginx avec laquelle j'obtiens que des 404

    upstream mywebapp {
        ip_hash;
        server 10.236.10.21:80;
        server 10.236.10.22:80;
        server 10.236.10.23:80;
        server 10.236.10.24:80;
        server 10.236.10.25:80;
        server 10.236.10.26:80;
        keepalive 16;
        }
        server {
        listen 443 ssl;
        server_name  test.mywebapp.fr;
        #client_max_body_size  10m;
        ssl  on;

       location / {
       proxy_pass  http://mywebapp;
       proxy_http_version 1.1;
       proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
       proxy_set_header        X-Forwarded-Host   $host:443;
       proxy_set_header        X-Forwarded-Server $host;
       proxy_set_header        X-Forwarded-Port   443;
       proxy_set_header        X-Forwarded-Proto  https;
       proxy_set_header       Connection "";
       proxy_set_header       Connection "";
       proxy_read_timeout   60m;
       proxy_pass_request_headers on;
      }
    }

Merci par avance de votre aide

  • # Salut

    Posté par . Évalué à 3.

    Je ne serais te dire exactement mais je ne demande qu’à apprendre à utiliser Nginx donc ta question m’intéresse :) Je chercherais du côté de SSL…

    En cherchant sur Google je tombe sur https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-upstreams/ par exemple…

    Est-ce que tu as testé sans SSL, pour voir ? Tes sites IIS sont utilisent pas SSL à la base donc tester le load-balancing en HTTP déjà ça peut être pas mal, afin d’isoler la cause du problème… si ça marche sans SSL alors tu sais que tu dois travailler la configuration à ce niveau là.

    Dans l’exemple officiel rien n’est indiqué en proxy_set_header. Pourquoi les as-tu ajoutés ? Tu as suivi un tuto particulier ?

    Que dise les logs du nginx et des IIS ? Les logs, ça sert à analyser le fonctionnement des programmes pour corriger les dysfonctionnements ;)

    • [^] # Re: Salut

      Posté par . Évalué à 2.

      Salut,
      Dans les deux cas j'ai une 404, que je fasse du HTTPS vers HTTP ou du HTTP de bout en bout.
      J'ai ajouté les proxy headers car lorsque j'attaque mes backends j'ai une réponse HTTP redirect vers HTTPS.
      En gros s'il ne recoit pas dans l'en tête X-FORWARDED-FOR que l'url d'origne était en HTTPS à ce moment la il fait un http redirect vers la même url en https.

      Voici le log nginx ful

      2018/02/17 12:46:28 [debug] 15406#15406: 219 SSL_do_handshake: -1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_get_error: 2
      2018/02/17 12:46:28 [debug] 15406#15406: *219 reusable connection: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL handshake handler: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_do_handshake: 1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 reusable connection: 1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http wait request handler
      2018/02/17 12:46:28 [debug] 15406#15406: *219 malloc: 000055F8B85EC460:1024
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_read: -1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_get_error: 2
      2018/02/17 12:46:28 [debug] 15406#15406: *219 free: 000055F8B85EC460
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http wait request handler
      2018/02/17 12:46:28 [debug] 15406#15406: *219 malloc: 000055F8B85EC460:1024
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_read: 399
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_read: -1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_get_error: 2
      2018/02/17 12:46:28 [debug] 15406#15406: *219 reusable connection: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85149E0:4096 @16
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http process request line
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http request line: "GET / HTTP/1.1"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http uri: "/"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http args: ""
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http exten: ""
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http process request header line
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Host: www.mywebapp.fr"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85E8550:4096 @16
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,
      /;q=0.8"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Accept-Encoding: gzip, deflate, br"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Connection: keep-alive"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Upgrade-Insecure-Requests: 1"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Pragma: no-cache"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Cache-Control: no-cache"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http header done
      2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer del: 3: 1518868048380
      2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 rewrite phase: 1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 test location: "/"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 using configuration "/"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http cl:-1 max:1048576
      2018/02/17 12:46:28 [debug] 15406#15406: *219 rewrite phase: 3
      2018/02/17 12:46:28 [debug] 15406#15406: *219 post rewrite phase: 4
      2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 5
      2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 6
      2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 7
      2018/02/17 12:46:28 [debug] 15406#15406: *219 access phase: 8
      2018/02/17 12:46:28 [debug] 15406#15406: *219 access phase: 9
      2018/02/17 12:46:28 [debug] 15406#15406: *219 access phase: 10
      2018/02/17 12:46:28 [debug] 15406#15406: *219 post access phase: 11
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http init upstream, client timer: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 epoll add event: fd:3 op:3 ev:80002005
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-For: "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "192.168.184.254"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Host: "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "www.mywebapp.fr"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ":443"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Server: "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "www.mywebapp.fr"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Port: 443
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Proto: https
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "Host: "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "mywebappw"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "Connection: close
      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,
      /;q=0.8"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Accept-Encoding: gzip, deflate, br"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Upgrade-Insecure-Requests: 1"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Pragma: no-cache"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Cache-Control: no-cache"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header:
      "GET / HTTP/1.1
      X-Forwarded-For: 192.168.184.254
      X-Forwarded-Host: www.mywebapp.fr:443
      X-Forwarded-Server: www.mywebapp.fr
      X-Forwarded-Port: 443
      X-Forwarded-Proto: https
      Host: mywebappw
      Connection: close
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,
      /*;q=0.8
      Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
      Accept-Encoding: gzip, deflate, br
      Upgrade-Insecure-Requests: 1
      Pragma: no-cache
      Cache-Control: no-cache

      "
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http cleanup add: 000055F8B85E8F48
      2018/02/17 12:46:28 [debug] 15406#15406: *219 init keepalive peer
      2018/02/17 12:46:28 [debug] 15406#15406: *219 get keepalive peer
      2018/02/17 12:46:28 [debug] 15406#15406: *219 get ip hash peer, try: 6
      2018/02/17 12:46:28 [debug] 15406#15406: *219 get ip hash peer, hash: 1 0002
      2018/02/17 12:46:28 [debug] 15406#15406: *219 stream socket 14
      2018/02/17 12:46:28 [debug] 15406#15406: *219 epoll add connection: fd:14 ev:80002005
      2018/02/17 12:46:28 [debug] 15406#15406: *219 connect to 10.236.10.22:80, fd:14 #220
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream connect: -2
      2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85E6E40:128 @16
      2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer add: 14: 60000:1518868048564
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http finalize request: -4, "/?" a:1, c:2
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http request count:2 blk:0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http run request: "/?"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream check client, write event:1, "/"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream request: "/?"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream send request handler
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream send request
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream send request body
      2018/02/17 12:46:28 [debug] 15406#15406: *219 chain writer buf fl:1 s:551
      2018/02/17 12:46:28 [debug] 15406#15406: *219 chain writer in: 000055F8B85E8FE8
      2018/02/17 12:46:28 [debug] 15406#15406: *219 writev: 551 of 551
      2018/02/17 12:46:28 [debug] 15406#15406: *219 chain writer out: 0000000000000000
      2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer del: 14: 1518868048564
      2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer add: 14: 3600000:1518871588564
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream request: "/?"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream process header
      2018/02/17 12:46:28 [debug] 15406#15406: *219 malloc: 000055F8B85E9560:4096
      2018/02/17 12:46:28 [debug] 15406#15406: *219 recv: eof:0, avail:1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 recv: fd:14 492 of 4096
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy status 404 "404 Not Found"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Content-Type: text/html; charset=us-ascii"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Server: Microsoft-HTTPAPI/2.0"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Date: Sat, 17 Feb 2018 11:51:15 GMT"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Connection: close"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Content-Length: 315"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header done
      2018/02/17 12:46:28 [debug] 15406#15406: *219 HTTP/1.1 404 Not Found
      Server: nginx/1.13.1
      Date: Sat, 17 Feb 2018 11:46:28 GMT
      Content-Type: text/html; charset=us-ascii
      Content-Length: 315
      Connection: keep-alive

      2018/02/17 12:46:28 [debug] 15406#15406: *219 write new buf t:1 f:0 000055F8B85E92A0, pos 000055F8B85E92A0, size: 173 file: 0, size: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http write filter: l:0 f:0 s:173
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http cacheable: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy filter init s:404 h:0 c:0 l:315
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream process upstream
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe read upstream: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe preread: 315
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe buf free s:0 t:1 f:0 000055F8B85E9560, pos 000055F8B85E9611, size: 315 file: 0, size: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe length: 315
      2018/02/17 12:46:28 [debug] 15406#15406: *219 input buf #0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe write downstream: 1
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe write downstream flush in
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http output filter "/?"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http copy filter: "/?"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85EA570:4096 @16
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http postpone filter "/?" 000055F8B85E9488
      2018/02/17 12:46:28 [debug] 15406#15406: *219 write old buf t:1 f:0 000055F8B85E92A0, pos 000055F8B85E92A0, size: 173 file: 0, size: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 write new buf t:1 f:0 000055F8B85E9560, pos 000055F8B85E9611, size: 315 file: 0, size: 0
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http write filter: l:0 f:0 s:488
      2018/02/17 12:46:28 [debug] 15406#15406: *219 http copy filter: 0 "/?"
      2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe write downstream done
      2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer: 14, old: 1518871588564, new: 1518871588565

      • [^] # Re: Salut

        Posté par . Évalué à 1.

        Quand tu lances une requête directement, IIS reçoit le header suivant :

        Host:www.mywebapp.fr

        Par contre tu n'indiques pas explicitement à Nginx quelle valeur utiliser pour Host, et dans ton log j'observe ceci:

        2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "Host: "
        2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "mywebappw"
        

        Il me semble qu'ajouter

        proxy_set_header Host www.mywebapp.fr;

        Pourrait peut-être aider. Si IIS ne connaît pas le host "mywebappw" il est peut-être légitime qu'il renvoie une erreur 404.

        • [^] # Re: Salut

          Posté par . Évalué à 2. Dernière modification le 22/02/18 à 23:58.

          Salut,

          Oui merci c'était presque ça sauf qu'en fait je transmettais le host header sur le port 443, or mes IIS écoutent sur le port 80, nginx s'occupe de l'offloading SSL et forward sur le port 80.
          Or dans ma config j'avais mis ceci

               proxy_set_header        X-Forwarded-Host   $host:443;
          

          au lieu de ceci

               proxy_set_header        X-Forwarded-Host   $host:80;
          

          Merci beaucoup pour votre aide à tous.

Suivre le flux des commentaires

Note : les commentaires appartiennent à ceux qui les ont postés. Nous n'en sommes pas responsables.