Salut tout monde,
J'essaye de load balancer un site .net sur 6 serveurs IIS avec nginx (CentOS7).
Lorsque j'attaque directement les IIS le site est OK (HTTP 200), mais lorsque je passe par nginx j'obtiens une erreur 404 à chaque fois.
Voici les headers du site quand je passe en direct
Request URL:http://www.mywebapp.fr/
Request Method:GET
Status Code:200 OK
Remote Address:10.236.10.23:80
Referrer Policy:no-referrer-when-downgrade
Cache-Control:public, max-age=7200, stale-while-revalidate=3600
Content-Type:text/html; charset=utf-8
Date:Sat, 17 Feb 2018 00:02:25 GMT
Server:Microsoft-IIS/10.0
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:3.0
X-hs:PROD - -mywebapp_3 - v3.0.1 - rev 0
X-Powered-By:UrlRewriter.NET 2.0.0
X-Powered-By:ASP.NET
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:gzip, deflate
Accept-Language:fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control:max-age=0
Connection:keep-alive
Cookie:xtvrn=$543488$; xtan=-; xtant=1; tc_PAGESVUES=YES; tc_cj_v2=%5Ecl_%5Dny%5B%5D%5D_mmZZZZZZKOKPQROQMQMNSZZZ%5D; TC_PAGES_VIEWED=2
DNT:1
Host:www.mywebapp.fr
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36et voici ma config nginx avec laquelle j'obtiens que des 404
upstream mywebapp {
ip_hash;
server 10.236.10.21:80;
server 10.236.10.22:80;
server 10.236.10.23:80;
server 10.236.10.24:80;
server 10.236.10.25:80;
server 10.236.10.26:80;
keepalive 16;
}
server {
listen 443 ssl;
server_name test.mywebapp.fr;
#client_max_body_size 10m;
ssl on;
location / {
proxy_pass http://mywebapp;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:443;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Connection "";
proxy_set_header Connection "";
proxy_read_timeout 60m;
proxy_pass_request_headers on;
}
}Merci par avance de votre aide
# Salut
Posté par Marotte ⛧ . Évalué à 3.
Je ne serais te dire exactement mais je ne demande qu’à apprendre à utiliser Nginx donc ta question m’intéresse :) Je chercherais du côté de SSL…
En cherchant sur Google je tombe sur https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-upstreams/ par exemple…
Est-ce que tu as testé sans SSL, pour voir ? Tes sites IIS sont utilisent pas SSL à la base donc tester le load-balancing en HTTP déjà ça peut être pas mal, afin d’isoler la cause du problème… si ça marche sans SSL alors tu sais que tu dois travailler la configuration à ce niveau là.
Dans l’exemple officiel rien n’est indiqué en
proxy_set_header. Pourquoi les as-tu ajoutés ? Tu as suivi un tuto particulier ?Que dise les logs du nginx et des IIS ? Les logs, ça sert à analyser le fonctionnement des programmes pour corriger les dysfonctionnements ;)
[^] # Re: Salut
Posté par Orwell . Évalué à 2.
Salut,
Dans les deux cas j'ai une 404, que je fasse du HTTPS vers HTTP ou du HTTP de bout en bout.
J'ai ajouté les proxy headers car lorsque j'attaque mes backends j'ai une réponse HTTP redirect vers HTTPS.
En gros s'il ne recoit pas dans l'en tête X-FORWARDED-FOR que l'url d'origne était en HTTPS à ce moment la il fait un http redirect vers la même url en https.
Voici le log nginx ful
2018/02/17 12:46:28 [debug] 15406#15406: 219 SSL_do_handshake: -1
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_get_error: 2
2018/02/17 12:46:28 [debug] 15406#15406: *219 reusable connection: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL handshake handler: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_do_handshake: 1
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD"
2018/02/17 12:46:28 [debug] 15406#15406: *219 reusable connection: 1
2018/02/17 12:46:28 [debug] 15406#15406: *219 http wait request handler
2018/02/17 12:46:28 [debug] 15406#15406: *219 malloc: 000055F8B85EC460:1024
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_read: -1
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_get_error: 2
2018/02/17 12:46:28 [debug] 15406#15406: *219 free: 000055F8B85EC460
2018/02/17 12:46:28 [debug] 15406#15406: *219 http wait request handler
2018/02/17 12:46:28 [debug] 15406#15406: *219 malloc: 000055F8B85EC460:1024
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_read: 399
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_read: -1
2018/02/17 12:46:28 [debug] 15406#15406: *219 SSL_get_error: 2
2018/02/17 12:46:28 [debug] 15406#15406: *219 reusable connection: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85149E0:4096 @16
2018/02/17 12:46:28 [debug] 15406#15406: *219 http process request line
2018/02/17 12:46:28 [debug] 15406#15406: *219 http request line: "GET / HTTP/1.1"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http uri: "/"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http args: ""
2018/02/17 12:46:28 [debug] 15406#15406: *219 http exten: ""
2018/02/17 12:46:28 [debug] 15406#15406: *219 http process request header line
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Host: www.mywebapp.fr"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85E8550:4096 @16
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Accept-Encoding: gzip, deflate, br"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Connection: keep-alive"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Upgrade-Insecure-Requests: 1"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Pragma: no-cache"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header: "Cache-Control: no-cache"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http header done
2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer del: 3: 1518868048380
2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 rewrite phase: 1
2018/02/17 12:46:28 [debug] 15406#15406: *219 test location: "/"
2018/02/17 12:46:28 [debug] 15406#15406: *219 using configuration "/"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http cl:-1 max:1048576
2018/02/17 12:46:28 [debug] 15406#15406: *219 rewrite phase: 3
2018/02/17 12:46:28 [debug] 15406#15406: *219 post rewrite phase: 4
2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 5
2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 6
2018/02/17 12:46:28 [debug] 15406#15406: *219 generic phase: 7
2018/02/17 12:46:28 [debug] 15406#15406: *219 access phase: 8
2018/02/17 12:46:28 [debug] 15406#15406: *219 access phase: 9
2018/02/17 12:46:28 [debug] 15406#15406: *219 access phase: 10
2018/02/17 12:46:28 [debug] 15406#15406: *219 post access phase: 11
2018/02/17 12:46:28 [debug] 15406#15406: *219 http init upstream, client timer: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 epoll add event: fd:3 op:3 ev:80002005
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-For: "
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "192.168.184.254"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Host: "
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "www.mywebapp.fr"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ":443"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Server: "
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "www.mywebapp.fr"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Port: 443
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "X-Forwarded-Proto: https
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "Host: "
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script var: "mywebappw"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: "Connection: close
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
2018/02/17 12:46:28 [debug] 15406#15406: *219 http script copy: ""
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Accept-Encoding: gzip, deflate, br"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Upgrade-Insecure-Requests: 1"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Pragma: no-cache"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Cache-Control: no-cache"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header:
"GET / HTTP/1.1
X-Forwarded-For: 192.168.184.254
X-Forwarded-Host: www.mywebapp.fr:443
X-Forwarded-Server: www.mywebapp.fr
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Host: mywebappw
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http cleanup add: 000055F8B85E8F48
2018/02/17 12:46:28 [debug] 15406#15406: *219 init keepalive peer
2018/02/17 12:46:28 [debug] 15406#15406: *219 get keepalive peer
2018/02/17 12:46:28 [debug] 15406#15406: *219 get ip hash peer, try: 6
2018/02/17 12:46:28 [debug] 15406#15406: *219 get ip hash peer, hash: 1 0002
2018/02/17 12:46:28 [debug] 15406#15406: *219 stream socket 14
2018/02/17 12:46:28 [debug] 15406#15406: *219 epoll add connection: fd:14 ev:80002005
2018/02/17 12:46:28 [debug] 15406#15406: *219 connect to 10.236.10.22:80, fd:14 #220
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream connect: -2
2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85E6E40:128 @16
2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer add: 14: 60000:1518868048564
2018/02/17 12:46:28 [debug] 15406#15406: *219 http finalize request: -4, "/?" a:1, c:2
2018/02/17 12:46:28 [debug] 15406#15406: *219 http request count:2 blk:0
2018/02/17 12:46:28 [debug] 15406#15406: *219 http run request: "/?"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream check client, write event:1, "/"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream request: "/?"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream send request handler
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream send request
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream send request body
2018/02/17 12:46:28 [debug] 15406#15406: *219 chain writer buf fl:1 s:551
2018/02/17 12:46:28 [debug] 15406#15406: *219 chain writer in: 000055F8B85E8FE8
2018/02/17 12:46:28 [debug] 15406#15406: *219 writev: 551 of 551
2018/02/17 12:46:28 [debug] 15406#15406: *219 chain writer out: 0000000000000000
2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer del: 14: 1518868048564
2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer add: 14: 3600000:1518871588564
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream request: "/?"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream process header
2018/02/17 12:46:28 [debug] 15406#15406: *219 malloc: 000055F8B85E9560:4096
2018/02/17 12:46:28 [debug] 15406#15406: *219 recv: eof:0, avail:1
2018/02/17 12:46:28 [debug] 15406#15406: *219 recv: fd:14 492 of 4096
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy status 404 "404 Not Found"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Content-Type: text/html; charset=us-ascii"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Server: Microsoft-HTTPAPI/2.0"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Date: Sat, 17 Feb 2018 11:51:15 GMT"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Connection: close"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Content-Length: 315"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header done
2018/02/17 12:46:28 [debug] 15406#15406: *219 HTTP/1.1 404 Not Found
Server: nginx/1.13.1
Date: Sat, 17 Feb 2018 11:46:28 GMT
Content-Type: text/html; charset=us-ascii
Content-Length: 315
Connection: keep-alive
2018/02/17 12:46:28 [debug] 15406#15406: *219 write new buf t:1 f:0 000055F8B85E92A0, pos 000055F8B85E92A0, size: 173 file: 0, size: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 http write filter: l:0 f:0 s:173
2018/02/17 12:46:28 [debug] 15406#15406: *219 http cacheable: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy filter init s:404 h:0 c:0 l:315
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream process upstream
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe read upstream: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe preread: 315
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe buf free s:0 t:1 f:0 000055F8B85E9560, pos 000055F8B85E9611, size: 315 file: 0, size: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe length: 315
2018/02/17 12:46:28 [debug] 15406#15406: *219 input buf #0
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe write downstream: 1
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe write downstream flush in
2018/02/17 12:46:28 [debug] 15406#15406: *219 http output filter "/?"
2018/02/17 12:46:28 [debug] 15406#15406: *219 http copy filter: "/?"
2018/02/17 12:46:28 [debug] 15406#15406: *219 posix_memalign: 000055F8B85EA570:4096 @16
2018/02/17 12:46:28 [debug] 15406#15406: *219 http postpone filter "/?" 000055F8B85E9488
2018/02/17 12:46:28 [debug] 15406#15406: *219 write old buf t:1 f:0 000055F8B85E92A0, pos 000055F8B85E92A0, size: 173 file: 0, size: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 write new buf t:1 f:0 000055F8B85E9560, pos 000055F8B85E9611, size: 315 file: 0, size: 0
2018/02/17 12:46:28 [debug] 15406#15406: *219 http write filter: l:0 f:0 s:488
2018/02/17 12:46:28 [debug] 15406#15406: *219 http copy filter: 0 "/?"
2018/02/17 12:46:28 [debug] 15406#15406: *219 pipe write downstream done
2018/02/17 12:46:28 [debug] 15406#15406: *219 event timer: 14, old: 1518871588564, new: 1518871588565
[^] # Re: Salut
Posté par Matthieu . Évalué à 1.
Quand tu lances une requête directement, IIS reçoit le header suivant :
Host:www.mywebapp.fr
Par contre tu n'indiques pas explicitement à Nginx quelle valeur utiliser pour Host, et dans ton log j'observe ceci:
Il me semble qu'ajouter
proxy_set_header Host www.mywebapp.fr;
Pourrait peut-être aider. Si IIS ne connaît pas le host "mywebappw" il est peut-être légitime qu'il renvoie une erreur 404.
[^] # Re: Salut
Posté par Orwell . Évalué à 2. Dernière modification le 22 février 2018 à 23:58.
Salut,
Oui merci c'était presque ça sauf qu'en fait je transmettais le host header sur le port 443, or mes IIS écoutent sur le port 80, nginx s'occupe de l'offloading SSL et forward sur le port 80.
Or dans ma config j'avais mis ceci
au lieu de ceci
Merci beaucoup pour votre aide à tous.
Suivre le flux des commentaires
Note : les commentaires appartiennent à celles et ceux qui les ont postés. Nous n’en sommes pas responsables.