Nginx proxy_intercept_errors

Kiril_Kalchev · March 6, 2013, 2:45pm

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

Kiril_Kalchev · March 6, 2013, 2:54pm

Hello!

On Wed, Mar 06, 2013 at 03:44:37PM +0200, Kiril Kalchev wrote:

I have noticed that when I set ‘proxy_intercept_errors on;’ in
my nginx config it kills tcp connection to the origin server if
it returns 4xx or 5xx?
This is my example config to reproduce the
situation(https://gist.github.com/kirilkalchev/5098882). I am
in a situation where my backend server returns only 403 and 404
(it is some kind of home made authentication system 403 means go
away 404 means continue) and I need to display different things
in this cases, but without keep alive connections to the backend
are exhausted pretty fast.

With proxy_intercept_errors nginx doesn’t read the response body
if a response returned is the error, and the upstream connection
can’t be kept alive due to this (unless there is no body and it’s
known after reading response headers).

–
Maxim D.
http://nginx.org/en/donation.html

Kiril_Kalchev · March 6, 2013, 3:03pm

Is there any way to force nginx to read request body? I really don’t
care about this overhead, I hit connection limit much more faster. Thank
you for the super fast answer.

Regards,
Kiril

Kiril_Kalchev · March 6, 2013, 3:32pm

Hello!

On Wed, Mar 06, 2013 at 04:02:30PM +0200, Kiril Kalchev wrote:

Is there any way to force nginx to read request body? I really
don’t care about this overhead, I hit connection limit much more
faster. Thank you for the super fast answer.

No, there is no way to force nginx to read response body - errors
interception happens right after reading response headers and
before the body is read. (Well, you may configure another proxy
layer without intercept errors, but this probably doesn’t counts
as a real solution to what you are trying to do.)

On the other hand, if you have only 403/404 responses you want to
intercept - you may force your backend to return only headers by
using

proxy_method HEAD;

in your config (see Module ngx_http_proxy_module).

–
Maxim D.
http://nginx.org/en/donation.html

Kiril_Kalchev · March 6, 2013, 3:46pm

Just for the record, I think I found a kind of solution. It looks good
if my backend returns http codes 3xx. I have tried with 333 and 334 and
it looks great. I know it is an ugly hack, but my findings may help to
other poor souls. I hope this behavior will not change in the next
versions.

Regards,
Kiril

Kiril_Kalchev · March 6, 2013, 4:44pm

Hello!

On Wed, Mar 06, 2013 at 04:45:33PM +0200, Kiril Kalchev wrote:

Just for the record, I think I found a kind of solution. It
looks good if my backend returns http codes 3xx. I have tried
with 333 and 334 and it looks great. I know it is an ugly hack,
but my findings may help to other poor souls. I hope this
behavior will not change in the next versions.

I would suppose it works as these responses are returned with
“Content-Length: 0” by your backend. As already mentioned in the
very first reply, connections are kept alive if it’s known from
response headers that there is no body.

–
Maxim D.
http://nginx.org/en/donation.html

Kiril_Kalchev · March 6, 2013, 4:55pm

Yes you are right. Thank you.