nginx/1.26.1 as a reverse proxy strips the Content-Length field from response, no matter what I do

2024-08-11 Thread Tobias Damisch via nginx 

Hi everyone, first-time poster here.

I am trying to run nextcloud AIO behind a nginx/1.26.1 reverse proxy.
When I download a file from the nextcloud, in the answer there is no
Content-Length field coming out of nginx, while it was there when
nextcloud AIO sent it (I have sniffed the traffic with tcpdump on the
server before it enters nginx). This causes the file download in my
browser to not show download progress.

I have googled and experimented with all related settings that I could
find online for several days now, to no avail.

If anyone could tell me how to get nginx to hand over the
Content-Length, I'd be extremely grateful!


My current /etc/nginx/conf.d/default.conf:

server {
listen   80;
server_name  localhost;

location /.well-known/acme-challenge/ {
root /var/www/certbot;
}

location / {
root   /usr/share/nginx/html;
index  index.html index.htm;
}
}

server {
listen  443 ssl;

server_name url.net;
location / {
proxy_pass http://127.0.0.1:11000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# if we comment this out, uploads fail
client_max_body_size 0;

# I have tried the following options, but none work.

proxy_buffering off;

proxy_pass_request_headers on;
proxy_pass_header Content-Length;

proxy_set_header X-Forwarded-Proto $scheme;

gzip off;
proxy_request_buffering off;
chunked_transfer_encoding off;

# /options I have tried

# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/url.net/fullchain.pem; #
managed by Certbot
 # managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/url.net/privkey.pem;
 # managed by Certbot
}


My /etc/nginx/nginx.conf:


user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid/var/run/nginx.pid;


events {
worker_connections  1024;
}


http {
include   /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local]
"$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfileon;
#tcp_nopush on;

keepalive_timeout  65;

#gzip  on;


##
# Connection header for WebSocket reverse proxy
##
map $http_upgrade $connection_upgrade {
default upgrade;
''  close;
}

include /etc/nginx/conf.d/*.conf;
}

___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx/1.26.1 as a reverse proxy strips the Content-Length field from response, no matter what I do

2024-08-11 Thread Tobias Damisch via nginx 

I am awfully sorry for spamming this list.

I just found out nextcloud starts sending the file several times,
sometimes containing "Content-Length" and sometimes not. The one time it
actually serves the full download, this is the header:


HTTP/1.1 200 OK^M
Content-Disposition: attachment;
filename*=UTF-8''debian-12.6.0-amd64-netinst.iso;
filename="debian-12.6.0-amd64-netinst.iso"^M
Content-Security-Policy: default-src 'none';^M
Content-Type: application/octet-stream^M
Date: Thu, 08 Aug 2024 22:31:08 GMT^M
Etag: ""^M
Last-Modified: Sat, 20 Jul 2024 11:07:08 GMT^M
Oc-Etag: ""^M
Referrer-Policy: no-referrer^M
Strict-Transport-Security: max-age=31536000;^M
X-Accel-Buffering: no^M
X-Content-Type-Options: nosniff^M
X-Debug-Token: OsiAGB1U6or2N1uy10GN^M
X-Frame-Options: SAMEORIGIN^M
X-Permitted-Cross-Domain-Policies: none^M
X-Request-Id: ^M
X-Robots-Tag: noindex, nofollow^M
X-Xss-Protection: 1; mode=block^M
Connection: close^M
Transfer-Encoding: chunked^M
-

So I am back to the problem being in nextcloud aio /and not nginx/.

As far as I can see nginx serves Content-Length correctly /if it gets it
served itself/ *sigh*

Sorry again!

Tobias


Am 11.08.24 um 18:14 schrieb Tobias Damisch via nginx:

Hi everyone, first-time poster here.

___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx