0

I have a very odd problem, I have a server running nginx as a reverse proxy for PHP.

On the front end, I send ajax requests which expect json as response, when the request is made all works as expected most of the time, however sometimes for no apparent reason, the post parameters are printed just before the json response.

For instance I make a post request such as sample.com/request with post parameters [name:something,id:somethingelse] The server will respond most of the time like this

{"index":0,"part":false}

But sometimes like this

name=something&id=somethingelse{"index":0,"part":false}

Which is a completely broken json thus the request can't post process what has just been done.

I double/tripple checked and nowhere in the code I am printing the POST variables, I even tried using php outputbuffer and it helped cure the problem a bit, but it still happens.

Could nginx be adding this due to some configuration?

I have just made a test in the entry script, what I did was this

<?php
exit;

And it is doing the exact same, some responses are empty as they should, considering there is nothing printed and just exists, and some others have the response name=something&id=somethingelse so it is definitely not the script.

nginx conf

server {
    include                                 /www/nginx/conf/generic/base;
    include                                 /www/nginx/conf/domains_ssl/sample_com.conf;
    server_name                             sample.com;
    client_body_temp_path   /www/tmp/sample_com_client_body_temp;
    proxy_temp_path                 /www/tmp/sample_com_proxy_temp_path;
    fastcgi_temp_path               /www/tmp/sample_com_fastcgi_temp_path;
    root                                    /www/http/sample_com/public;
    location ~ \.php$ {
            include                 /www/nginx/conf/generic/php_config_dev;
            fastcgi_pass    _local;
    }
    include                         /www/nginx/conf/generic/location_base;
}

nginx base

access_log                                      off;
listen                                          443  ssl http2;
ssl                                                     on;
client_max_body_size            1000M;
ssl_protocols                           TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers       on;
ssl_ciphers                                     EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam                     /www/ssl/dhparam.pem;
index                                           index.php index.html index.htm;
client_body_buffer_size         128k;
proxy_buffering                         off;
add_header                                      Strict-Transport-Security "max-    age=31536000; includeSubDomains" always;
ssl_stapling                            on;
ssl_stapling_verify                     on;

nginx domains_ssl/sample_com.conf

ssl_certificate         /www/ssl/sample_com/fullchain.pem;
ssl_certificate_key     /www/ssl/sample_com/privkey.pem;

nginx /www/nginx/conf/generic/php_config_dev

proxy_set_header                        X-Forwarded-Proto  https;
proxy_set_header                        X-Forwarded-For     $proxy_add_x_forwarded_for;
proxy_set_header                        Host $http_host;
proxy_set_header                        X-Url-Scheme $scheme;
add_header                                      Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header                                      X-Content-Type-Options nosniff;
add_header                                      X-XSS-Protection "1; mode=block";
proxy_redirect                          off;
proxy_max_temp_file_size        0;
try_files                                       $uri /index.php =404;
fastcgi_split_path_info         ^(.+\.php)(/.+)$;
fastcgi_index                           index.php;
fastcgi_param                           SCRIPT_FILENAME     $document_root$fastcgi_script_name;
include                                         fastcgi_params;
fastcgi_read_timeout            9000;
autoindex                                       off;
Tlacaelel Ramon Luis
  • 111
  • 4
  • I ended up rebooting the server, for now the problem seems to be gone. – Tlacaelel Ramon Luis Feb 25 '21 at 18:44
  • Nothing seems out of place in the nginx configuration at first look. Is there something else in the path? Some other proxy server? – Michael Hampton Feb 25 '21 at 18:50
  • @MichaelHampton Nothing else, and the issue after the reboot is now back. – Tlacaelel Ramon Luis Feb 25 '21 at 19:31
  • I still see nothing in your nginx configuration that might cause this. Are you absolutely certain there is _nothing_ else in the path between the user-agent and your code? – Michael Hampton Feb 25 '21 at 19:33
  • @MichaelHampton Unless cloudflare is doing this, but on the server side there are two things running php-fpm and nginx, nginx is sending the default script index.php, however I just noticed that if I call sample.com/request/index.php instead of sample.com/request the error is gone, so it appears to be an issue with the selection of the default script – Tlacaelel Ramon Luis Feb 25 '21 at 19:45
  • Why didn't you mention CloudFlare when i asked the first time? That is something else and it is relevant. So before blaming CloudFlare, (it is possibly their fault!) what OTHER things do you have in your stack that you haven't mentioned? – Michael Hampton Feb 25 '21 at 22:17
  • I did not thing cloudflare was the issue sorry, in any case I made a test by modifying the hosts file so I am not using cloudflare to connect to the server and I am getting the same issue so cloudflare is not the problem. At this point I am thinking on rebuilding the server. And to answer your question no, I don't have anything else in the stack. – Tlacaelel Ramon Luis Feb 28 '21 at 01:14

0 Answers0