All Questions
Tagged with http-headers nginx
217 questions
0
votes
1
answer
228
views
How does Nginx behind NAT know the original IP address of the client?
I have a virtualized router with public IP address assigned to it directly in proxmox.
When i send a request to port 443 from a different network(from a browser) the router correctly portforwards it ...
0
votes
2
answers
381
views
Nginx add header in http-section with variable value set in location-section
In my nginx setup, I'm adding some http-headers globally within the http-section. One specific header however depends on a value that I only know after mapping the location block.
When I add the ...
- 284
0
votes
0
answers
121
views
Allow both `'Access-Control-Allow-Origin' '*'` and `Content-Security-Policy "frame-ancestors *"`
I have the following conf.d/prod.conf.
It does not raise Refused to display 'https://v10.frontend.tech/' in a frame because it set 'X-Frame-Options' to 'sameorigin'. because of add_header Content-...
- 377
0
votes
0
answers
13
views
Config nginx proxy for tomcat app on Ubuntu [duplicate]
I have that config for nginx:
server {
listen 80;
server_name myDomain;
access_log /var/log/nginx/tomcat-access.log;
error_log /var/log/nginx/tomcat-error.log;
underscores_in_headers on;
if ($...
-1
votes
1
answer
966
views
Nginx error "upstream prematurely closed FastCGI request while reading upstream" with generated file download
I just spent the whole day trying to figure out this error.
We have a PHP script that generates a file for download. After upgrading nginx (1.16 -> 1.24), this script suddenly started randomly ...
0
votes
0
answers
356
views
Change server header on all endpoints (Flask + Nginx + Gunicorn)
I'm working on a Flask app that uses gunicorn and nginx and should hide its server header, so I managed to do it only for the homepage, like this:
gunicorn.conf.py
import gunicorn
gunicorn.SERVER = '.'...
- 113
0
votes
0
answers
1k
views
Why does nginx as a reverse proxy not send Referrer-Policy header?
A bit of context : I'm using nginx as a reverse-proxy for a bunch of apps running in Docker containers.
Among those apps there is Nextcloud (fpm), and the settings page complains about HTTP Referrer-...
- 43
0
votes
1
answer
106
views
Nginx add_header Link not parsed by Lighthouse
I'm trying to investigate why Google isn't indexing some pages (allegedly, because they redirect) and, when using Lighthouse to check an example page, I see the following:
Error parsing link header (...
- 141
0
votes
0
answers
270
views
Do ETags generated on upstream need If-None-Match check? (NGINX)
(Reposting my post deleted after a year of inactivity)
Let's assume I use etag off (and if_modified_since off with add_header Last-Modified "" to not make redundancy) in NGINX and I generate ...
1
vote
1
answer
3k
views
Nginx - No last-modified or Etag response header on HTML
I am facing a rather odd issue with my web server. The server is configured with Ubuntu 20.04, Nginx v1.22.1, PHP 8.0, and MariaDB to host my WordPress website.
The issue is, the server is not sending ...
0
votes
3
answers
7k
views
Nginx not working with domain/url that points to server IP
The configuration I have set (below) works for localhost but not for my domain. The goal is to access port 3000 externally with basic auth so only I can access it. When I go to localhost, it is ...
- 9
1
vote
1
answer
765
views
NGINX 302 redirect / proxy
I have an icecast server that runs on port 8000 however when I set up a proxy using NGINX I seem not to be able to make it look like it is the original server.
I am wondering is there anyway to kinda ...
- 185
1
vote
0
answers
5k
views
Nginx - remove HTTP Header from response
Hey guys.
I have the following question:
Is it possible to remove or change the value of a header that was added a few lines earlier?
Here is the whole scenario:
Setup
my-website.com.conf
...
server {
...
- 11
2
votes
1
answer
7k
views
Which static file types does Nginx generate ETags for by default?
In modern versions of Nginx, the ETag is automatically generated for static file types, even if you don't specifically enable the etag on in your location blocks or otherwise:
https://nginx.org/en/...
- 348
1
vote
1
answer
587
views
NGINX byte-range requests are enabled but Pocket Casts still reports invalid headers
My NGINX web server has byte ranges enabled via add_header Accept-Ranges bytes; and I can successfully get byte ranges of podcast episodes via curl:
$ curl -I -r 200-300 https://konradhoeffner.de/...
- 205
1
vote
0
answers
436
views
Set header for all except one location
I'd like to set a header on all page request except for one. I've tried the following:
location ~ ^\/(?!allow-iframes) {
add_header 'X-Frame-Options' 'DENY';
}
This has some unexpected behavior. ...
- 137
3
votes
2
answers
5k
views
How can I remove an accept-encoding request header in nginx?
The recent update to zlib due to a security hole appears to cause a major problem when serving PHP-FPM 8.0 via nginx on Ubuntu focal. Any requests with a gzip encoding fail right at the start of the ...
- 3,319
0
votes
0
answers
902
views
Nginx won't serve images with proper headers (example + conf provided)
Here is an example of an image that is being served incorrectly :
https://www.questionhosting.com/product/temp.jpg
here is my config
server {
listen 80;
listen 443 ssl;
listen [::]:...
- 101
0
votes
0
answers
594
views
HTTP_IF_NONE_MATCH Missing on Server Side with Chrome Requests to NGINX
I'm trying to add etag based cache verification to a web app I've developed that runs on Apache via an NGINX reverse proxy. The web app is written in Perl. In the Perl script, I check for the $ENV{'...
0
votes
1
answer
464
views
Setting Nginx expires epoch header selectively
I have a folder containing imagery on my server that is used to service both a mobile app, via a CDN, and to work with a backend webapp used to manage the content delivered to the app. For the latter ...
- 173
0
votes
1
answer
752
views
Remove "Via" response header from "ledge"
I have an Openresty web-server that is also working as caching server by using ledge. ledge is setting a "Via" response header that exposing the hostname of the server which is fqdn.
Via: 1....
- 177
0
votes
1
answer
735
views
CORS prevent js window.onerror from subdomain reporting informations
To log Javascript errors i have set up a function with window.onerror which trigger an ajax request and inform me about script errors. I load all my static files from a subdomain and if an error ...
- 103
0
votes
1
answer
6k
views
Nginx - Reverse proxy - add request header to each request
I have nginx as a reverse proxy. I am trying to add a request header for each request, so i tried:
location / {
proxy_pass some.host.com;
proxy_set_header MY_HEADER somename;
}
But the header is ...
- 11
1
vote
1
answer
4k
views
How to Avoid Crazy Caching with "Vary: Cookie" Header in NGINX
I know Vary: Cookie is not well liked, since it causes caching of every variation of cookies a user might report. On the other hand, without it, I've had to use Cache-Control: no-cache to tell my ...
2
votes
1
answer
2k
views
Disable nginx version in Server header on AWS Elastic Beanstalk
I want to disable the default nginx behaviour where it adds a Server header including the nginx version: nginx/1.18.0. I'm fine if it just says nginx.
From what I can find, I can do that by adding set ...
- 541
0
votes
1
answer
3k
views
How to send a HTTP header on all server blocks in nginx?
Let's say I have a running nginx instance with several server blocks (on a linux server), and that I would like to send an extra HTTP header like Permissions-Policy: interest-cohort=() on all ...
- 103
0
votes
0
answers
479
views
How to get nginx to strip cookies except for an allow list?
I'm trying to host sites that use things like WordPress, using nginx as a reverse proxy for PHP-FPM. Often these systems will set all kinds of annoying cookies that are unnecessary and/or the site ...
- 3,319
1
vote
1
answer
2k
views
Nginx removes post data with content-type header
I am making posts like this:
curl 'http://localhost/api.php' -H 'Content-Type: application/json' --data 'names=[{"name":"name"}]'
Which results in the post data being deleted.
If ...
- 171
0
votes
1
answer
289
views
Sending cache headers only for a single request [or for a request following a certain path string]
I have the proxy pass in nginx config defined as follows:
location / {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $...
- 145
0
votes
1
answer
715
views
NGINX: How to allow full access if a certain HTTP header is set, else trigger HTTP Basic Authentication
As the question implies I want to allow full access to my website if the X-Auth HTTP header is set and contains a specific string. If this is not the case, HTTP basic authentication should be ...
- 6,599
4
votes
0
answers
3k
views
List of all Permissions-Policy header keys and values?
Does someone have a list of all Permissions-Policy header keys and values?
What I have:
more_set_headers "Permissions-Policy: camera=(self), fullscreen=(*), geolocation=(self), payment=()";
...
- 624
0
votes
0
answers
445
views
Feature-Policy fullscreen not working as expected
I have NGINX running as a reverse proxy and set the Feature-Policy header with fullscreen to "self". The site itself contains the HTML5 video player, but unless I set fullscreen to "*&...
- 101
3
votes
1
answer
13k
views
My browser keeps showing cached page despite sending no-cache, no-store, must-revalidate from server in response header
The content on our pages keep changing and hence we do not want the browser to cache the page or show cached page or our users. But the browser keeps showing cached page despite sending no-cache, no-...
3
votes
2
answers
9k
views
nginx remove header from upstream
I have nginx with upstream.
The upstream sets headers:
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Because I want this page to be cached,...
- 902
0
votes
0
answers
226
views
Modify Cache-Control header based on condition over other header in Nginx
In a Nginx working as a proxy, I need to set the "Cache-Control" header on a response based on the size defined on their "content-length".
For example, if the response have "...
- 812
0
votes
1
answer
4k
views
nginx is not redirecting 302 redirect response to https
Hi I have nginx setup to redirect all port 80 requests to use https instead:
server {
listen 80;
...
return 301 https://$host$request_uri;
}
Then I have all https requests route to my ...
- 103
1
vote
2
answers
3k
views
How to prevent nginx reveals his private address?
I have nginx and a few web servers behind as you can see below:
server {
listen 80 default_server;
server_name _;
return 444;
access_log /var/log/nginx/adefault....
- 722
2
votes
1
answer
3k
views
Extracting HTTP Host Header from nginx Stream Proxy
I'm looking to use the stream module of nginx to proxy HTTP traffic. This works well for HTTPS, as the ngx_stream_ssl_preread module exists. This allows me to extract the requested server name from ...
- 129
0
votes
2
answers
3k
views
Nginx return changes http response header content type from application/pdf to text/html
I want to redirect from this url:
localhost:80/files/1.pdf
to this url:
localhost:80/viewer.html?pdf=/files/1.pdf
I am using nginx return to do that:
location ~* /files/(.+\.pdf)$ {
return ...
- 103
5
votes
2
answers
22k
views
Custom headers in nginx: log first, clean afterwards
I need to parse nginx access_log and associate records with user accounts. To do so, I decided to use a custom header:
App sends custom header (like x-userid)
Nginx stores that value in access_log ...
3
votes
3
answers
8k
views
editing nginx http headers
we are trying to migrate from apache to nginx, and we have a setup where the proxy server receives an http header, modifies it and forwards it to the backend. This can easily be done with apache in ...
- 46
2
votes
1
answer
4k
views
Is it safe to use proxy_ignore_headers Vary?
I use a Nginx server that acts like a cache/reverse proxy for my Apache origin server.
I was strugling to debug high rate of cache MISS when I found that it is because the response header Vary: ...
- 1,245
4
votes
1
answer
7k
views
Add header to every request for a sub directory
I've got a server configuration for a PHP application which has a general X-Frame-Options header set to "SAMEORIGIN".
Except part of the application should be allowed to be included into an Iframe. ...
- 195
0
votes
1
answer
4k
views
Alter Nginx reverse proxy cache header from Public to Private
I have an Nginx cache server getting content from an origin server, the origin server sets Cache-Control to Public so my Nginx cache server can cache the content and make less requests to origin. But ...
- 1,245
1
vote
1
answer
307
views
nginx http_push_preload and forwarding headers/cookies
I'm experimenting with pushing redirects using nginxs http2_push_preload on; directive.
In my application I detect redirects and add a Link: <location>; as=document; rel=preload header that ...
- 121
1
vote
0
answers
1k
views
Modify proxied server response headers with nginx
I am coding a github client for fun and a little bit programming experience. GitHub API requires secret token which I don't want to store in my app or input every time. So I would like to bring up ...
- 141
3
votes
1
answer
6k
views
nginx - proxy_pass on user_agent
I have a SPA site, where I need to load the appropriate <meta> tags for each subpage, but it is not that easy from the subpages themselves so I made a separate address where Facebook or Twitter ...
- 133
1
vote
1
answer
5k
views
nginx filtering headers with a dot in the header name, even after enabling ignore_invalid_headers
A client (developed by a third party) is sending a request with headers like foo.meta-digest (note the "dot" in the header name).
My nginx reverse proxy is removing these headers from the request even ...
- 2,801
1
vote
0
answers
1k
views
Nginx not setting Vary header via add_header directive in server block?
I have
gzip_vary on;
I also have (inside a server section):
add_header Vary Origin;
Yet when I inspect headers sent, the Vary header only includes Accept-Encoding; if I remove the gzip_vary on; ...
- 3,221
3
votes
0
answers
10k
views
How to configure Content-Security-Policy for Nginx and Drupal 8?
I have a Nginx server with Ubuntu 18.04 and a Drupal 8 site.
I have read on several articles that should not use 'unsafe-eval', 'unsafe-inline'
I added headers for security but the pages of the site ...
- 31