nginx protocol_error ai_generated partial

upstream sent HTTP/1.0 response while reading response header from upstream

ID: nginx/upstream-sent-http-1-0-response-while-reading-response-header-from-upstream

Also available as: JSON · Markdown · 中文
80%Fix Rate
85%Confidence
1Evidence
2023-05-20First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
nginx 1.18.0 active
nginx 1.20.0 active
nginx 1.22.0 active
nginx 1.24.0 active

Root Cause

Upstream server responded with HTTP/1.0 instead of HTTP/1.1, causing nginx to reject or handle headers differently.

generic

中文

上游服务器以HTTP/1.0而非HTTP/1.1响应,导致nginx拒绝或以不同方式处理头部。

Official Documentation

https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version

Workarounds

  1. 80% success Configure the upstream server to use HTTP/1.1. For example, in Apache HTTPD as upstream, set: <IfModule mod_remoteip.c> RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 10.0.0.0/8 </IfModule> And ensure mod_proxy_http uses HTTP/1.1 by default. 
    Configure the upstream server to use HTTP/1.1. For example, in Apache HTTPD as upstream, set:

<IfModule mod_remoteip.c>
    RemoteIPHeader X-Forwarded-For
    RemoteIPInternalProxy 10.0.0.0/8
</IfModule>

And ensure mod_proxy_http uses HTTP/1.1 by default.
  2. 75% success Add proxy_http_version 1.1; and proxy_set_header Connection ""; to nginx location block: location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://upstream; } 
    Add proxy_http_version 1.1; and proxy_set_header Connection ""; to nginx location block:

location / {
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_pass http://upstream;
}
  3. 70% success If upstream cannot be changed, use nginx as a reverse proxy with proxy_pass http://upstream; and set proxy_http_version 1.0; to match upstream behavior: location / { proxy_http_version 1.0; proxy_set_header Connection close; proxy_pass http://upstream; } 
    If upstream cannot be changed, use nginx as a reverse proxy with proxy_pass http://upstream; and set proxy_http_version 1.0; to match upstream behavior:

location / {
    proxy_http_version 1.0;
    proxy_set_header Connection close;
    proxy_pass http://upstream;
}

中文步骤

  1. Configure the upstream server to use HTTP/1.1. For example, in Apache HTTPD as upstream, set:

<IfModule mod_remoteip.c>
    RemoteIPHeader X-Forwarded-For
    RemoteIPInternalProxy 10.0.0.0/8
</IfModule>

And ensure mod_proxy_http uses HTTP/1.1 by default.
  2. Add proxy_http_version 1.1; and proxy_set_header Connection ""; to nginx location block:

location / {
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_pass http://upstream;
}
  3. If upstream cannot be changed, use nginx as a reverse proxy with proxy_pass http://upstream; and set proxy_http_version 1.0; to match upstream behavior:

location / {
    proxy_http_version 1.0;
    proxy_set_header Connection close;
    proxy_pass http://upstream;
}

Dead Ends

Common approaches that don't work:

  1. 70% fail

    This forces nginx to use HTTP/1.0 to upstream, but the upstream might still send HTTP/1.0 responses, and nginx may still reject them if it expects HTTP/1.1.

  2. 90% fail

    The issue is not buffer size but protocol version mismatch; buffer size does not change the response version.

  3. 80% fail

    Keepalive settings affect connection reuse, not the HTTP version of responses.