我在同一台服务器上有两个项目:
两者都在同一台服务器上,每个都有一个Nginxconfiguration文件。 两者都使用HTTPS,并且在我的服务器上运行良好:Angular显示其主页,我可以在api.example.com/doc中看到API的文档,所以问题是当我想从我的API调用API的端点时Web应用程序。
在Angular应用程序中,用户可以通过Google OAuthlogin,如果用户login成功,API会向Web应用程序提供一个承载令牌。
问题出在OAuth身份validation之后,对API的第一个请求失败,出现以下错误:
400 Bad Request Request Header Or Cookie Too Large 我的JWT令牌如下所示:
Bearer eyJhbGciOiJSUzI1NiJ9.eyJyb2xlcyI6WyJST0xFX1VTRVIiXSwidXNlcm5hbWUiOiIxMDU1MTc2OTEwNjQzODA2MDQ0NDgiLCJleHAiOjE1MTE1NzkyMDgsImlhdCI6MTUxMDkxMjU0Mn0.EQR-8za7LdvsdGmOrBrJnH5QZrkzObop7B_9_KsSjPAYTHV_3BwQEOgz-AJcbffNvBgGlVphsUgVzU2npp7AclrrZ1EScjjDmx7mKY4vBCRr__fL8WhMVjLEApavaGVTwG-AJBRzDOGA8DVpa9rC_Bd_ixtZtKMaZrJsqm5OjmqexbWd5GM9FJr8uO6bZnS4Xk2WnfNTIFWgkKdqMT0F4zkZMHFXJmV8BRb0JG1-ktx2Y7IK3Npk3MD02pMS2QdIikjPSUbfXaQzqVKhbpH_N-WyEgBjdRCKPMjBlYVm9uhM0rkaPDpZemawaqB0Wm_bWrDPUnlNz4xQ18xkXu-mWvXi0jNTP7ezMqDAZyxCY37S4wrUb-jBz_e_7klEsUfrUTPid63K6wBn00bQPyqyPHybQgurcKFDRPMgT0W2nfnxjssBmz_pBpCL5pJFPlAiAonq8DZxELWQW9oSLNbOxy3kF2macl2tNDY1sl88uftbIzD1hF2Hrh-xqRsgDUei-KdcxetJ_CwdYPlw48lUbeFUmYp1llX5YB3WBkMVMzDCh14fACiN0d0AHqRKiQb6dpAFcidS8NWdQb1B7ytM586r6NIjWcL9SboTemOIMu884IszccUowpd9R-eScmxQCbKKxKtkktIGxKkSz9BuGJU25oW0C1wNbzdkonlOYDQ
我没有任何关于这个问题的错误日志。 我想这是来自我的Nginxconfiguration,但我不知道它是来自web应用程序还是API Nginxconfiguration。
这是我的Webapp Nginxconfiguration文件:
server { listen 80; server_name www.example.com example.com; return 301 https://www.example.com$request_uri; } server { listen 443 ssl; server_name example.com; return 301 https://www.example.com$request_uri; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; } # Change this depending on environment upstream api { server api.example.com:443; } server { listen 443 ssl; server_name www.example.com; root /home/example/public_html/example-front-prod/dist; index index.html; location = /index.html { internal; add_header Cache-Control no-cache; error_page 404 = @ng-index; } location / { error_page 404 = @ng-index; } location @ng-index { internal; rewrite ^.*$ /index.html last; } location /assets { add_header X-Assets custom-header; } location ^~ /favicon.ico { log_not_found off; access_log off; } location ^~ /robots.txt { allow all; log_not_found off; access_log off; } location ^~ /.well-known/ { log_not_found off; } ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; large_client_header_buffers 4 512k; # /api will server your proxied API that is running on same machine different port # or another machine. So you can protect your API endpoint not get hit by public directly location /api { proxy_pass https://api; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; proxy_ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; } #Static File Caching. All static files with the following extension will be cached for 1 day location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 1d; } sendfile on; ## # Gzip Settings ## gzip on; gzip_http_version 1.1; gzip_disable "MSIE [1-6]\."; gzip_min_length 1100; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_comp_level 9; access_log /var/log/nginx/www.example.access.log; error_log /var/log/nginx/www.example.error.log; }
最后这里是Symfony API Nginxconfiguration文件:
server { server_name api.example.com; return 301 https://api.example.com$request_uri; } server { listen 443 ssl; server_name api.example.com; root /home/example/api/symfony/web; location / { # try to serve file directly, fallback to app.php try_files $uri /app.php$is_args$args; } # PROD location ~ ^/app\.php(/|$) { fastcgi_pass unix:/run/php/php7.1-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; # When you are using symlinks to link the document root to the # current version of your application, you should pass the real # application path instead of the path to the symlink to PHP # FPM. # Otherwise, PHP's OPcache may not properly detect changes to # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 # for more information). fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; # Prevents URIs that include the front controller. This will 404: # http://domain.tld/app.php/some-path # Remove the internal directive to allow URIs like this internal; } # return 404 for all other php files not matching the front controller # this prevents access to other php files you don't want to be accessible. location ~ \.php$ { return 404; } location ^~ /.well-known/ { log_not_found off; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ ^/(app|app_dev)\.php(/|$) { fastcgi_pass unix:/run/php/php7.1-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS true; } client_body_buffer_size 32k; client_header_buffer_size 8k; large_client_header_buffers 8 64k; ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; error_log /var/log/nginx/example-api.error.log; access_log /var/log/nginx/example-api.access.log; }
我希望large_client_header_buffers将帮助我解决我的问题,但它不会改变任何东西。
我怎样才能解决这个错误?