Score:0

nginx: Use of proxy_set_header results in failed upstream connections

in flag

I have a very basic nginx reverse proxy setup for openstreetmaps:

worker_processes  1;

error_log  logs/error.log  notice;
pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {

  postpone_output 0;
  
  log_format logresponsetime '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time';
  
  access_log logs/access.log logresponsetime;
  resolver 192.168.0.1 ipv6=off;

  #default proxy settings:
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  proxy_read_timeout 600;
  proxy_ssl_server_name on;

  upstream tile.openstreetmap.org {
    server tile.openstreetmap.org:443;
    keepalive 10;
    keepalive_time 5m;
  }
   
  server {
    listen 480;
    access_log logs/osm.http.access.log logresponsetime;
    server_name $hostname;

    location / {
      resolver 192.168.0.1 ipv6=off;
      
      proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36";

      proxy_pass https://tile.openstreetmap.org;
    }
  }
}

There is a line to set User-Agent header because OSM requires it and I need compatibility with a client that doesn't send a user agent string. However, when nginx sets this header, approximately 10% of requests fail (nginx returns 502 to client), and my nginx error log fills up with this:

2021/06/13 14:37:49 [error] 67240#87020: *71 connect() failed (10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) while connecting to upstream, client: 127.0.0.1, server: server, request: "GET /16/64153/41313.png HTTP/1.1", upstream: "https://151.101.166.217:443/16/64153/41313.png", host: "localhost:480"

Without the proxy_set_header, everything is fine. The requests in this case are all being made from chrome, so the User-Agent as seen by the OSM servers should be the same in both cases. nginx version is 1.19.10 (windows). What am I doing wrong?

Richard Smith avatar
jp flag
You need to place all of your `proxy_set_header` statements in the same block, if you want them all to apply. There are two `proxy_set_header` statements in your configuration and they are in different blocks.
in flag
thanks @RichardSmith, problem solved! much appreciated
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.