上游从上游读取响应头时发送了太大的头

Question

我收到这些错误:

2014/05/24 11:49:06 [错误] 8376#0:*54031上游从上游读取响应头时发送过大头,客户端:107.21.193.210,服务器:aamjanata.com,请求:"GET/the-洗脑-编年史主办逐古吉拉特邦政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-赞助逐古吉拉特邦政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-古吉拉特邦政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government/ ,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https: /aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government/,%20https:/aamjanata.com/t 他-洗脑 - 编年史主办逐古吉拉特邦政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-编年史赞助逐古吉拉特邦政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-通过-古吉拉特邦政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government/,%20https://aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat - 政府/,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government/, %20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government /,%20https:/ aamjanata.com/the-brainwash-chronicles-sponsored-by-gujarat-government/,%20https:/aamjanata.com/the-brainwash-ch ronicles赞助逐古吉拉特邦政府/,%20ht

总是一样的.一个url一遍又一遍地用逗号分隔重复.无法弄清楚造成这种情况的原因.有人有想法吗？

更新:另一个错误:

http request count is zero while sending response to client

这是配置.还有其他不相关的东西,但这部分是添加/编辑的

fastcgi_cache_path /var/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;
    # Upstream to abstract backend connection(s) for PHP.
    upstream php {
            #this should match value of "listen" directive in php-fpm pool
            server unix:/var/run/php5-fpm.sock;
    }

然后在服务器块中:设置$ skip_cache 0;

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
            set $skip_cache 1;
    }
    if ($query_string != "") {
            set $skip_cache 1;
    }

    # Don't cache uris containing the following segments
    if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $skip_cache 1;
    }

    # Don't use the cache for logged in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $skip_cache 1;
    }

    location / {
            # This is cool because no php is touched for static content.
            # include the "?$args" part so non-default permalinks doesn't break when using query string
            try_files $uri $uri/ /index.php?$args;
    }


    location ~ \.php$ {
            try_files $uri /index.php;
            include fastcgi_params;
            fastcgi_pass php;
            fastcgi_read_timeout 3000;

            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;

            fastcgi_cache WORDPRESS;
            fastcgi_cache_valid  60m;
    }

    location ~ /purge(/.*) {
        fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
    }`

Answer 1

将以下内容添加到您的conf文件中

fastcgi_buffers 16 16k; 
fastcgi_buffer_size 32k;

Answer 2

如果nginx作为代理/反向代理运行

也就是说,对于用户来说 ngx_http_proxy_module

除此之外fastcgi,proxy模块还将请求标头保存在临时缓冲区中.

所以你可能还需要增加proxy_buffer_size和proxy_buffers完全禁用它(请阅读nginx文档).

代理缓冲配置示例

http {
  proxy_buffer_size   128k;
  proxy_buffers   4 256k;
  proxy_busy_buffers_size   256k;
}

禁用代理缓冲区的示例(建议用于长轮询服务器)

http {
  proxy_buffering off;
}

有关更多信息:Nginx代理模块文档

Answer 3

upstream sent too big header while reading response header from upstream 是nginx的通用方式,说"我不喜欢我所看到的"

1. 您的上游服务器线程崩溃了
2. 上游服务器发回了无效的头
3. 从STDERR发回的通知/警告溢出了它们的缓冲区,它和STDOUT都被关闭了

3:查看消息上方的错误日志,是否在消息之前使用记录的行进行流式处理？ PHP message: PHP Notice: Undefined index: 循环日志文件中的示例代码段:

2015/11/23 10:30:02 [error] 32451#0: *580927 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined index: Firstname in /srv/www/classes/data_convert.php on line 1090
PHP message: PHP Notice:  Undefined index: Lastname in /srv/www/classes/data_convert.php on line 1090
... // 20 lines of same
PHP message: PHP Notice:  Undefined index: Firstname in /srv/www/classes/data_convert.php on line 1090
PHP message: PHP Notice:  Undefined index: Lastname in /srv/www/classes/data_convert.php on line 1090
PHP message: PHP Notice:  Undef
2015/11/23 10:30:02 [error] 32451#0: *580927 FastCGI sent in stderr: "ta_convert.php on line 1090
PHP message: PHP Notice:  Undefined index: Firstname

你可以从底部的第3行看到缓冲区限制被击中,破坏,并且下一个线程写入了它.然后Nginx关闭连接并将502返回给客户端.

2:记录每个请求发送的所有标头,检查它们并确保它们符合标准(nginx不允许任何超过24小时的内容删除/过期cookie,发送无效内容长度,因为错误消息在内容计数之前被缓冲. ..).getallheaders函数调用通常可以帮助抽象代码情况下获取所有标题

例子包括:

<?php
//expire cookie
setcookie ( 'bookmark', '', strtotime('2012-01-01 00:00:00') );
// nginx will refuse this header response, too far past to accept
....
?>

还有这个:

<?php
header('Content-type: image/jpg');
?>

<?php   //a space was injected into the output above this line
header('Content-length: ' . filesize('image.jpg') );
echo file_get_contents('image.jpg');
// error! the response is now 1-byte longer than header!!
?>

1:验证或制作脚本日志,以确保您的线程到达正确的终点并且在完成之前不退出.

Answer 4

我有一个部署到 EBS 的 django 应用程序，并且我正在使用在 64 位 Amazon Linux 2 上运行的 Python 3.8。以下方法对我有用（请注意，如果您使用的是以前的 Linux 版本，文件夹结构可能会有所不同。有关更多信息，请参阅官方文档这里

制作.platform文件夹及其子目录如下图：

|-- .ebextensions          # Don't put nginx config here
|   |-- django.config        
|-- .platform              # Make ".platform" folder and its subfolders
    |-- nginx                
    |   -- conf.d
    |       -- proxy.conf

请注意，proxy.conf文件应放置在.platform文件夹中，而不是.ebextensions文件夹或.elasticbeanstalk文件夹中。扩展名应以.conf而不是.config结尾。

在proxy.conf文件中，直接复制并粘贴以下行：

client_max_body_size 50M;
large_client_header_buffers 4 32k;
fastcgi_buffers 16 32k;
fastcgi_buffer_size 32k;
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;

无需发出重新启动 nginx 的命令（对于 Amazon Linux 2）

再次将源代码部署到elastic beanstalk。

Answer 5

Plesk说明

在Plesk 12中,我将nginx作为反向代理运行(我认为是默认代理).因此,当前的最佳答案不起作用,因为nginx也作为代理运行.

我去了Subscriptions | [subscription domain] | Websites & Domains (tab) | [Virtual Host domain] | Web Server Settings.

然后在该页面的底部,您可以设置附加的nginx指令,我将其设置为前两个答案的组合:

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;

Answer 6

添加：

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
proxy_buffer_size   128k;
proxy_buffers   4 256k;
proxy_busy_buffers_size   256k;

到 nginx.conf 中的服务器{}

对我有用。

Answer 7

在 php-fpm 和 docker 容器中的 nginx 中运行 Symfony 应用程序时遇到同样的问题。

经过一番研究发现是php-fpm的stderr写入nginx日志导致的。即 php 警告（在 Symfony 调试模式下集中生成）在以下位置重复docker logs php-fpm：

[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: "NOTICE: PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\DisallowRobotsIndexingListener::onResponse"."
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: "NOTICE: PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse"."
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: "NOTICE: PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelFinishRequest"."
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: "NOTICE: PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelFinishRequest"."
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: "NOTICE: PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleAwareListener::onKernelFinishRequest"."
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: "NOTICE: PHP message: [debug] Notified event "kernel.terminate" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelTerminate"."
[09-Jul-2021 12:25:46] WARNING: [pool www] child 38 said into stderr: ""

和docker logs nginx：

2021/07/09 12:25:46 [error] 30#30: *2 FastCGI sent in stderr: "ller" to listener "OblgazAPI\API\Common\Infrastructure\EventSubscriber\LegalAuthenticationChecker::checkAuthentication".

PHP message: [debug] Notified event "kernel.controller_arguments" to listener "Symfony\Component\HttpKernel\EventListener\ErrorListener::onControllerArguments".

PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse".

PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\DataCollector\RequestDataCollector::onKernelResponse".

PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse".

PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse".

PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\DisallowRobotsIndexingListener::onResponse".

PHP message: [debug] Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse".

PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelFinishRequest".

PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelFinishRequest".

PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleAwareListener::onKernelFinishRequest".

PHP message: [debug] Notified event "kernel.exception" to listener "Symfony\Component\HttpKernel\EventListener\ErrorListener::logKernelException".

PHP message: [debug] Notified event "kernel.exception" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelException".

然后 nginx 日志以

2021/07/09 12:25:46 [error] 30#30: *2 upstream sent too big header while reading response header from upstream ...

我收到 502 错误。

增加fastcgi_buffer_sizenginx 配置有所帮助，但看起来更像是抑制问题，而不是治疗。

更好的解决方案是禁用 php-fpm 通过 FastCGI 发送日志。发现可以通过fastcgi.logging=0php.ini中的设置来实现（默认是1）。php 文档.

将其更改为 0 后，问题消失了，nginx 日志看起来干净多了docker logs nginx：

172.18.0.1 - - [09/Jul/2021:12:36:02 +0300] "GET /my/symfony/app HTTP/1.1" 401 73 "-" "PostmanRuntime/7.26.8"
172.18.0.1 - - [09/Jul/2021:12:36:04 +0300] "GET /my/symfony/app HTTP/1.1" 401 73 "-" "PostmanRuntime/7.26.8"

所有 php-fpm 日志仍位于 php-fpm 日志中。

Answer 8

fastcgi_busy_buffers_size 512k;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 512k;

当我增加数量时它对我有用

Answer 9

如果您使用的是Symfony框架：在使用Nginx配置之前，请先尝试禁用ChromePHP。

1-打开app / config / config_dev.yml

2-评论这些行：

#chromephp:
    #type:   chromephp
    #level:  info

ChromePHP将调试信息以json编码打包在X-ChromePhp-Data标头中，对于使用fastcgi的nginx的默认配置而言，该信息太大。

来源：https : //github.com/symfony/symfony/issues/8413#issuecomment-20412848

Answer 10

我们最终意识到我们遇到这种情况的一台服务器已经破坏了 fpm 配置，导致通常会记录到磁盘的 php 错误/警告/通知通过 FCGI 套接字发送。当部分标头跨缓冲区块拆分时，似乎存在解析错误。

因此，设置php_admin_value[error_log]为实际可写的内容并重新启动 php-fpm 就足以解决问题。

我们可以用更小的脚本重现这个问题：

<?php
for ($i = 0; $i<$_GET['iterations']; $i++)
    error_log(str_pad("a", $_GET['size'], "a"));
echo "got here\n";

提高缓冲区使 502 更难被击中，但并非不可能，例如原生：

bash-4.1# for it in {30..200..3}; do for size in {100..250..3}; do echo "size=$size iterations=$it $(curl -sv "http://localhost/debug.php?size=$size&iterations=$it" 2>&1 | egrep '^< HTTP')"; done; done | grep 502 | head
size=121 iterations=30 < HTTP/1.1 502 Bad Gateway
size=109 iterations=33 < HTTP/1.1 502 Bad Gateway
size=232 iterations=33 < HTTP/1.1 502 Bad Gateway
size=241 iterations=48 < HTTP/1.1 502 Bad Gateway
size=145 iterations=51 < HTTP/1.1 502 Bad Gateway
size=226 iterations=51 < HTTP/1.1 502 Bad Gateway
size=190 iterations=60 < HTTP/1.1 502 Bad Gateway
size=115 iterations=63 < HTTP/1.1 502 Bad Gateway
size=109 iterations=66 < HTTP/1.1 502 Bad Gateway
size=163 iterations=69 < HTTP/1.1 502 Bad Gateway
[... there would be more here, but I piped through head ...]

fastcgi_buffers 16 16k; fastcgi_buffer_size 32k;：

bash-4.1# for it in {30..200..3}; do for size in {100..250..3}; do echo "size=$size iterations=$it $(curl -sv "http://localhost/debug.php?size=$size&iterations=$it" 2>&1 | egrep '^< HTTP')"; done; done | grep 502 | head
size=223 iterations=69 < HTTP/1.1 502 Bad Gateway
size=184 iterations=165 < HTTP/1.1 502 Bad Gateway
size=151 iterations=198 < HTTP/1.1 502 Bad Gateway

所以我相信正确的答案是：修复您的 fpm 配置，以便将错误记录到磁盘。