NGNIX Troubleshooting
Validating Upstream Parameters
To validate parameters passed to upstream services, the request should be dumped by the service or intercepted by another service temporarily. This will dump the received headers from both http and https communication to the upstream service.
http-echo:
image: mendhak/http-https-echo
location / {
proxy_pass http://http-echo/;
}
Note
Headers will be dumped directly to the page.
Debug NGINX configs
There is no existing logging functionality in NGINX to write directly to logs from configuration files. Work around by directly injecting debugging headers in configuration files to dump information to logs. NGINX variables may be used as well.
add_header X-debug-message "some message to write $ssl_client_s_dn" always;
Headers are found in the page response.
If is Evil
If operates as a rewrite and is inherently misunderstood.
Within a location block the only safe operations are:
return
.rewrite
.
All if operations must be explicitly tested for appropriate behavior. Other references for other “evil” examples.
Dump Loaded NGINX Configuration
Dump the currently loaded configuration in config file formatting. Useful to inspect current nginx state.
nginx -T
NGINX Queries Originate from Wrong Gateway
NGINX express this bug by forwarding/proxying any traffic over the default gateway for the first lexical named network that appears. This results in non-deterministic source IP routing.
Set an appropriate default gateway in the networking config.
Forward Traffic via Specific Interfaces
NGINX can forward traffic via specific interfaces for location definitions.
Use IPv4 address in proxy_bind
command for specific locations.
location / {
proxy_bind {NGINX NETWORK IP};
proxy_pass ...
}