Hi Francis, Yeah, there might be more going on here that meets the eye. But here are the curl commands that are producing different results. I am looking into the upstream server as well, but the difference would imply something about NGINX is not the same as running curl from command line.
Here are the details. 1. RETURNING THE REQUEST HEADERS FROM NGINX. OK ============================================================================= $ curl -i -H "x-api-key:APIKEY" -H "userAccount:USER1" https://localhost/api/ecfr/0.1.0?index=title48 --insecure HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 02 Jan 2019 16:41:57 GMT Content-Type: application/octet-stream Content-Length: 127 Connection: keep-alive userAccount: darren1 request: GET /api/ecfr/0.1.0?index=title48 HTTP/1.1; x-api-key: APIKEY; userAccount: USER1 2. RETURNING RESPONSE FROM UPSTREAM SERVER. NGINX ON LOCALHOST. BROKE ============================================================================= $ curl -i -H "x-api-key:APIKEY" -H "userAccount:USER1" https://localhost/api/ecfr/0.1.0?index=title48 --insecure HTTP/1.1 403 Forbidden Server: nginx/1.10.3 (Ubuntu) Date: Wed, 02 Jan 2019 16:48:20 GMT Content-Type: application/json Content-Length: 23 Connection: keep-alive x-amzn-RequestId: 35f52fc4-0eae-11e9-92be-9ba3ab4becfa x-amzn-ErrorType: ForbiddenException x-amz-apigw-id: xxxxxx {"message":"Forbidden"} 2a. NGINX PROXY LOCATION ============================= location /api/ecfr/0.1.0 { proxy_pass https://upstreamserver/0_1_0/ecfr; proxy_pass_request_headers on; } 3. CURL COMMAND DIRECT TO UPSTREAM SERVER. OK $ curl -i -H "x-api-key:APIKEY" -H "userAccount:USER1" https://upstreamserver/0_1_0/ecfr?index=title48 --insecure HTTP/1.1 200 OK Date: Wed, 02 Jan 2019 16:45:29 GMT Content-Type: application/json Content-Length: 247 Connection: keep-alive x-amzn-RequestId: d05fc938-0ead-11e9-a711-a1281316abd2 x-amz-apigw-id: xxxxxx X-Amzn-Trace-Id: Root=1-5c2ceaa9-496d7b8e0422a9c75132e018 PS. I do have a ticket open with the upstream server provider, but so far I don't think this problem should be happening based on how things should/do work. Francis Daly Wrote: ------------------------------------------------------- > On Tue, Jan 01, 2019 at 12:32:58PM -0500, Sesshomurai wrote: > > Hi there, > > > Actually, had the wrong variable name in location for x-api-key, so > now I > > get the correct request header printed back to me > > Ok, so the specific issue in the Subject: line is apparently no longer > a problem. > > > But the proxy still does not like what NGINX is sending vs. me > sending it > > directly with curl. > > What does your nginx do that you do not want it to do? Or, what does > it > not do that you want it to do? > > Can you show a curl command that goes direct to your upstream that > "works", and a similar curl command that goes to your nginx that > "fails"? > > Perhaps you can get your upstream server to show exactly what it gets > in both cases, and you can spot the difference between the two. > > f > -- > Francis Daly [email protected] > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282518,282533#msg-282533 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
