Solution to multiple 302 responses in nginx proxy (nginx Follow 302)

Solution to multiple 302 responses in nginx proxy (nginx Follow 302)

Proxying multiple 302s with proxy_intercept_errors and recursive_error_pages

302 is a frequently used status code in the HTTP protocol. It is one of multiple redirection methods, and its semantics is often interpreted as "Moved Temporarily". By the way, 302 is often used in reality due to misuse (mixed with 303 and 307). In HTTP/1.1, its semantics is "Found".

302 is sometimes very obvious and sometimes more hidden. The simplest case is when we enter a URL A in the browser, and the browser address bar automatically jumps to B, and then opens a web page. This situation is most likely 302.

More subtle situations often occur in players embedded in web pages. For example, when you open a Youku video playback page, you will often find the shadow of 302 by capturing the packet and observing it. However, since these URLs are not opened directly in the browser, no changes can be seen in the browser's address bar. Of course, if you specifically pick out these specific URLs and copy them into the browser address bar, you can still observe them.

Youku was mentioned in the previous paragraph. In fact, most online video websites now use 302. The reason is very simple. Video websites generally have large traffic and will use CDN. The only difference is whether to use self-built CDN or commercial CDN. And because of the redirect semantics of 302 (I repeat, the semantics of 302 is widely misused. When using 302, we should probably use 303 or 307, but we will not dwell on this later), it can be well combined with the scheduling in CDN.

Let's take a look at an example. Open a NetEase video playback page, grab the package, and find the URL with a 302 status. For example:

http://flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4

If we copy it into the browser address bar, we will find that the address bar quickly changes to another URL. This URL is uncertain and may be:

http://14.18.140.83/f6c00af500000000-1408987545-236096587/data6/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4

Using the curl tool will show the whole process more clearly:

curl -I "http://flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L
HTTP/1.1 302 Moved Temporarily 
Server: nginx 
Date: Mon, 25 Aug 2014 14:49:43 GMT 
Content-Type: text/html 
Content-Length: 154 
Connection: keep-alive 
NG: CCN-SW-1-5L2 
X-Mod-Name: GSLB/3.1.0 
Location: http://119.134.254.9/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 

HTTP/1.1 302 Moved Temporarily 
Server: nginx 
Date: Mon, 25 Aug 2014 14:49:41 GMT 
Content-Type: text/html 
Content-Length: 154 
Connection: keep-alive 
X-Mod-Name: Mvod-Server/4.3.3 
Location: http://119.134.254.7/cc89fdac00000000-1408983581-2095617481/data4/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 
NG: CHN-SW-1-3Y1 

HTTP/1.1 200 OK 
Server: nginx 
Date: Mon, 25 Aug 2014 14:49:41 GMT 
Content-Type: video/mp4 
Content-Length: 3706468 
Last-Modified: Mon, 25 Aug 2014 00:23:50 GMT 
Connection: keep-alive 
Cache-Control: no-cache 
ETag: "53fa8216-388e64" 
NG: CHN-SW-1-3g6 
X-Mod-Name: Mvod-Server/4.3.3 
Accept-Ranges: bytes

As you can see, there were two 302 errors in the process.

Let's put this example aside for now and talk about another important term: proxy. We often jokingly say that some leaders are 302 type and some leaders are proxy type. A 302 type leader will quickly pass on a task to others once it passes through his hands, while a proxy type leader will participate in the task and even complete it all.

Back to the example above, if there are multiple 302s when accessing a URL, what should we do if we need to design a proxy with Nginx to hide all these 302s in the middle?

1. Original Proxy

We know that Nginx itself is an excellent proxy server. Therefore, first let's set up an Nginx forward proxy with a server IP of 192.168.109.128 (one of my test virtual machines).

The initial configuration is simplified as follows:

server {
    listen 80;
    location / {
        rewrite_by_lua '
            ngx.exec("/proxy-to" .. ngx.var.request_uri)
        ';
    }

    location ~ /proxy-to/([^/]+)(.*) {
        proxy_pass http://$1$2$is_args$query_string;

    }
}

The function achieved is that when using

http://192.168.109.128/xxxxxx

When accessing the proxy, you will be proxied to the real server represented by xxxxxx.

The test results are as follows:

curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L
HTTP/1.1 302 Moved Temporarily 
Server: nginx/1.4.6 
Date: Mon, 25 Aug 2014 14:50:54 GMT 
Content-Type: text/html 
Content-Length: 154 
Connection: keep-alive 
NG: CCN-SW-1-5L2 
X-Mod-Name: GSLB/3.1.0 
Location: http://183.61.140.24/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 

HTTP/1.1 302 Moved Temporarily 
Server: nginx 
Date: Mon, 25 Aug 2014 14:50:55 GMT 
Content-Type: text/html 
Content-Length: 154 
Connection: keep-alive 
X-Mod-Name: Mvod-Server/4.3.3 
Location: http://183.61.140.20/540966e500000000-1408983655-236096587/data1/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 
NG: CHN-ZJ-4-3M4 

HTTP/1.1 200 OK 
Server: nginx 
Date: Mon, 25 Aug 2014 14:50:55 GMT 
Content-Type: video/mp4 
Content-Length: 3706468 
Last-Modified: Mon, 25 Aug 2014 00:31:03 GMT 
Connection: keep-alive 
Cache-Control: no-cache 
ETag: "53fa83c7-388e64" 
NG: CHN-ZJ-4-3M4 
X-Mod-Name: Mvod-Server/4.3.3 
Accept-Ranges: bytes

It can be seen that although a proxy is used, the process is no different from the original access. The access process is as follows:

http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4

When Nginx proxies the request to

http://flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4

The latter will immediately return a 302, so Nginx, as a proxy, will pass the 302 back to the client, and the client will re-initiate the request, and then repeat the previous 302. This illustrates a problem. Once the backend of Nginx's proxy returns 302, the client is disconnected from the Nginx proxy, and Nginx cannot play the role of a complete proxy.

2. First revision

Modify the configuration file to:

server {
    listen 80;
    location / {
        rewrite_by_lua '
            ngx.exec("/proxy-to" .. ngx.var.request_uri)
        ';
    }

    location ~ /proxy-to/([^/]+)(.*) {
        proxy_pass http://$1$2$is_args$query_string;
        error_page 302 = @error_page_302;

    }
    location @error_page_302 {
        rewrite_by_lua '
            local _, _, upstream_http_location = string.find(ngx.var.upstream_http_location, "^http:/(.*)$")
            ngx.header["zzzz"] = "/proxy-to" .. upstream_http_location
            ngx.exec("/proxy-to" .. upstream_http_location);
        ';

    }
}

The difference from the above is that an error_page is used. The purpose is that when it is found that the proxy backend returns 302, the destination location of this 302 will continue to proxy, instead of returning it directly to the client. And this logic contains the meaning of recursion, tracking 302 all the way until it finally returns to the address of 200. The test results are as follows:

curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L
HTTP/1.1 302 Moved Temporarily 
Server: nginx/1.4.6 
Date: Mon, 25 Aug 2014 15:01:17 GMT 
Content-Type: text/html 
Content-Length: 154 
Connection: keep-alive 
NG: CCN-SW-1-5L2 
X-Mod-Name: GSLB/3.1.0 
Location: http://183.61.140.24/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 

HTTP/1.1 302 Moved Temporarily 
Server: nginx 
Date: Mon, 25 Aug 2014 15:01:17 GMT 
Content-Type: text/html 
Content-Length: 154 
Connection: keep-alive 
X-Mod-Name: Mvod-Server/4.3.3 
Location: http://183.61.140.20/a90a952900000000-1408984277-236096587/data1/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 
NG: CHN-ZJ-4-3M4 

HTTP/1.1 200 OK 
Server: nginx 
Date: Mon, 25 Aug 2014 15:01:17 GMT 
Content-Type: video/mp4 
Content-Length: 3706468 
Last-Modified: Mon, 25 Aug 2014 00:31:03 GMT 
Connection: keep-alive 
Cache-Control: no-cache 
ETag: "53fa83c7-388e64" 
NG: CHN-ZJ-4-3M4 
X-Mod-Name: Mvod-Server/4.3.3 
Accept-Ranges: bytes

It can be seen that this modification is still unsuccessful!

Why? After analyzing, we have added a header print statement in the @error_page_302 location, but in the test, the header is not printed out, which shows that the process has not entered the @error_page_302 location.

The reason is

error_page 302 = @error_page_302;

By default, error_page is the return code of this process. As a proxy, in this processing, as long as the response of the upstream server is forwarded successfully, the status code should be 200. That is, what we really need to check is the status code returned by the proxy's backend server, not the status code returned by the proxy itself. Looking at the Nginx wiki, the proxy_intercept_errors directive does exactly this:

Syntax: proxy_intercept_errors on | off;
Default:  
proxy_intercept_errors off;
Context: http, server, location
Determines whether proxied responses with codes greater than or equal to 300 should be passed to a client or be redirected to nginx for processing with the error_page directive.

3. Second revision

server {
    listen 80;
    proxy_intercept_errors on;
    location / {
        rewrite_by_lua '
            ngx.exec("/proxy-to" .. ngx.var.request_uri)
        ';
    }
    location ~ /proxy-to/([^/]+)(.*) {
        proxy_pass http://$1$2$is_args$query_string;
        error_page 302 = @error_page_302;

    }
    location @error_page_302 {
        rewrite_by_lua '
            local _, _, upstream_http_location = string.find(ngx.var.upstream_http_location, "^http:/(.*)$")
            ngx.header["zzzz"] = "/proxy-to" .. upstream_http_location
            ngx.exec("/proxy-to" .. upstream_http_location);
        ';
    }
}

Compared with the previous modification, the only difference is the addition of a proxy_intercept_errors directive. The test results are as follows:

curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L 
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.6
Date: Mon, 25 Aug 2014 15:05:54 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
zzzz: /proxy-to/183.61.140.24/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4

This time it's even more magical. It directly returns a 302 status and doesn't jump any further.

The problem is that although the first 302 request successfully enters @error_page_302, the subsequent error_page instructions do not work. That is to say, error_page only checks the status code returned by the backend for the first time, and does not continue to check subsequent backend status codes.

Check the information, at this time, another command recursive_error_pages comes in handy.

4. Third revision

server {
    listen 80;
    proxy_intercept_errors on;
    recursive_error_pages on;
    location / {
        rewrite_by_lua '
            ngx.exec("/proxy-to" .. ngx.var.request_uri)
        ';
    }
    location ~ /proxy-to/([^/]+)(.*) {
        proxy_pass http://$1$2$is_args$query_string;
        error_page 302 = @error_page_302;

    }
    location @error_page_302 {
        rewrite_by_lua '
            local _, _, upstream_http_location = string.find(ngx.var.upstream_http_location, "^http:/(.*)$")
            ngx.header["zzzz"] = "/proxy-to" .. upstream_http_location
            ngx.exec("/proxy-to" .. upstream_http_location);
        ';
    }
}

Compared with the last time, only the recursive_error_pages on instruction was added. The test results are as follows:

curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L 
HTTP/1.1 200 OK 
Server: nginx/1.4.6 
Date: Mon, 25 Aug 2014 15:09:04 GMT 
Content-Type: video/mp4 
Content-Length: 3706468 
Connection: keep-alive 
zzzz: /proxy-to/14.18.140.83/f48bad0100000000-1408984745-236096587/data6/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 
Last-Modified: Mon, 25 Aug 2014 00:21:07 GMT 
Cache-Control: no-cache 
ETag: "53fa8173-388e64" 
NG: CHN-MM-4-3FE 
X-Mod-Name: Mvod-Server/4.3.3 
Accept-Ranges: bytes

It can be seen that Nginx finally successfully returned 200. At this point, Nginx truly plays the role of a Proxy, hiding the multiple 302 links of a request and returning only one final result to the client.

5. Summary

In summary, by using the proxy_pass, error_page, proxy_intercept_errors, and recursive_error_pages instructions together, you can hide the redirect details of a request from the client and directly return a final result with a status code of 200 to the user.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:
  • Detailed explanation of the problem of obtaining real IP based on Nginx reverse proxy
  • Python implementation example of obtaining nginx server IP and traffic statistics
  • Detailed explanation of how to configure Nginx to obtain user IP when using CDN acceleration
  • Detailed explanation of three ways to configure Nginx virtual hosts (based on IP)
  • How to deploy multiple Vue projects under the same domain name using nginx and use reverse proxy
  • The nginx reverse proxy service causes a 404 error when accessing resources due to an error in the configuration file
  • Detailed explanation of the process of nginx obtaining the real source IP after passing through multiple layers of proxy

<<:  Detailed explanation of common for loop in JavaScript statements

>>:  How to quickly log in to MySQL database without password under Shell

Recommend

Web Design Tips: Simple Rules for Page Layout

Repetition: Repeat certain page design styles thr...

Detailed explanation of count without filter conditions in MySQL

count(*) accomplish 1. MyISAM: Stores the total n...

Java programming to write a JavaScript super practical table plug-in

Table of contents Effects Documentation first ste...

Introduction to building a DNS server under centos7

Table of contents 1. Project environment: 2: DNS ...

Vue implements page caching function

This article example shares the specific code of ...

Summary of four ways to introduce CSS (sharing)

1. Inline reference: used directly on the label, ...

MySQL optimization strategy (recommended)

In summary: 1. Consider performance when designin...

Detailed explanation of MySQL event modification events (ALTER EVENT), disabling events (DISABLE), enabling events (ENABLE), event renaming and database event migration operations

This article uses examples to describe the operat...

Alibaba Cloud applies for a free SSL certificate (https) from Cloud Shield

Because the project needs to use https service, I...

How to install Elasticsearch7.6 cluster in docker and set password

Table of contents Some basic configuration About ...

Detailed explanation of Nginx timeout configuration

I recently used nginx in a project, and used Java...

SQL implementation of LeetCode (177. Nth highest salary)

[LeetCode] 177.Nth Highest Salary Write a SQL que...

How to change apt-get source in Ubuntu 18.04

When using apt-get to install, it will be very sl...

Solve the margin: top collapse problem in CCS

The HTML structure is as follows: The CCS structu...

Detailed explanation of basic data types in mysql8.0.19

mysql basic data types Overview of common MySQL d...