My full error is :
client sent invalid header line "\x20..." while reading client request headers, client: 542.31.127.149, server: _, request: "GET /xxx/ HTTP/1.1", host: "xxx.it"
My configuration is made by tree processes:
- Apache: to manage certificates and urls
- Nginx container
- Python containerBoth containers are part of an application
+-------------------+ | |+-------+ | +-----++------+ |--->|Apache +------>| |NGINX| |Python| |+-------+ | +-----++------+ | | |+-------------------+I tried to call directly the python container and is seems that everything about header is ok and working.Here the full header (obfuscated) it seemed no spaces (\x20) is specified anywhere.
Host: xxx.itConnection: closeSec-Ch-Ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9,it;q=0.8Cookie: _opensaml_req_ss%3Amem%3A00f3d32ce60ecc1d82ebf7125e13aa37cb0a0a22e7a807ea128bc7021b5dab32=_bc5de36ba0b7acda2732d12201583954; _opensaml_req_ss%3Amem%3A961d1126d8320afec8a04c3cbc26560feb701fe97ee6c8a7224f8d22835112fa=_64aa670ba3bfc99b2af2b6221f234c1a; _shibsession_7465737466756e7a696f6e616d656e746f68747470733a2f2f6574727572696170612e69742f7075622d61672d66756c6c2f54455354=_c110e18d8ef1549250bda543ef71570e; csrftoken=UPbd2urGTBgAnkr5i5IRxiL0LB9Bdmhcvv8vWwSDMkTuJxMMF7LBPlxRbmXjOa4R; ROUTEID=.1X-Forwarded-For: 192.256.299.347X-Forwarded-Host: xxx.itX-Forwarded-Server: xxx.itI got the error only if I call NGinx in any way.
Here is my NGinx configuration with ignore_invalid_headers off; and underscores_in_headers on;
server { listen 80; server_name _; access_log /dev/stdout main; error_log stderr debug; client_max_body_size 64M; ignore_invalid_headers off; underscores_in_headers on; location / { try_files $uri @proxy_to_app; } location @proxy_to_app { proxy_pass_request_headers on; proxy_set_header Host $host; proxy_buffering off; proxy_redirect off; proxy_pass http://${APPLICATION_CONTAINER_HOSTNAME}:8000; }}I am currently using a dummy Flask application to produce this output
@app.route('/')def home(): headers = pprint.pformat(dict(request.headers.items())) raw_headers = request.headers return f'Headers: <pre>{headers}</pre><br/>' \ f'Raw headers: <pre>{raw_headers}</pre><br/>'Is this NGinx config good?Is any kind of option missing?How can I