GKE:非常长的GET请求的URI无法命中nginx-ingress(没有日志)

huangapple go评论82阅读模式
英文:

GKE: Very large URI of GET request can not hit nginx-ingress (no logs)

问题

报告中,我的应用程序通过URI传输数据,在某些情况下,URI会变得非常长(GET请求)(例如:编码后约15,000个字符)。

在这种情况下,我使用以下不同的代理进行测试:

  • (1)使用GKE中的nginx-ingress:客户端未收到来自Web服务器的响应,nginx-ingress中也找不到任何日志(添加了注释:nginx.ingress.kubernetes.io/large-client-header-buffers: "4 16k"nginx.ingress.kubernetes.io/client-body-buffer-size: "5m"
  • (2)在虚拟机上运行的nginx:正常工作(在配置中添加了large_client_header_buffers 4 16k;

由于nginx-ingress服务中没有日志信息,我认为在连接到达nginx-ingress之前,可能是由于Google防火墙或其他原因导致连接被断开。

在这种情况下,我该如何调试以找到问题?GKE允许的URL长度有没有相关文档?

英文:

For reporting, my application transfer data via URI, in some cases, it'll make the URI very long (GET request) (example: ~15.000 characters encoded).

In this situation, I test with differences proxy as below:

  • (1) with nginx-ingress in GKE: the client is not receive response from web server, also no log found in nginx-ingress (added annotations: nginx.ingress.kubernetes.io/large-client-header-buffers: "4 16k" and nginx.ingress.kubernetes.io/client-body-buffer-size: "5m")
  • (2) with nginx run on VM: OK (added in config: large_client_header_buffers 4 16k;

Because there is no log info in nginx-ingress service, I think the connection may be dropped by Google firewall or something else before it can come to nginx-ingress.

How can I debug in this case to find the problem? Are there any documents about the URL length allowed in GKE?

答案1

得分: 0

您正在使用的字符数非常大,因此此GET请求无法命中日志。根据Google Cloud的官方文档,URL具有实际长度限制,通常在2k到8k之间。这是由某些浏览器和代理强制执行的。如果您的API使用的是超过长度限制的GET请求,这些请求可能会被浏览器拒绝。为了绕过这个限制,客户端代码应该使用Content-Type为application/x-www-form-urlencoded的POST请求,并带有HTTP头X-HTTP-Method-Override: GET。这种方法也适用于DELETE请求。

  • 因此,通常情况下使用POST请求而不是GET请求,POST请求可以接受更大的值。它允许您将数据发送到请求体而不是URI。请参考文档了解更多信息。

  • 或者尝试在Ingress控制器的yaml文件中添加以下代码片段,并检查是否有效:

nginx.ingress.kubernetes.io/server-snippet: |
  http2_max_header_size 256k;
  http2_max_field_size 256k;
  • 目前有一个关于增加此长度的功能请求,这将在不久的将来发生变化。您可以为该问题加星标以获取进一步的更新,并在评论中提供您的用例。
英文:

You are using 15000 characters which are highly larger due to this GET request cannot hit the logs.
As per Google Cloud official doc,

> The URL has a practical length limitation, typically between 2k to 8k.
> It's enforced by some browsers and proxies. If your API uses GET
> requests with URLs that exceed the length limitation, such requests
> may be rejected by browsers. To bypass the limitation, the client code
> should use a POST request with Content-Type of
> application/x-www-form-urlencoded along with HTTP header
> X-HTTP-Method-Override: GET
. This approach also works for DELETE
> requests.

  • So, by this use POST request instead of GET generally POST will take
    higher value. It allows you to send data to the request body instead of URI. Refer to doc for more information.

  • Or Try by adding the below snippet in the Ingress controller yaml and have a check this is one of the work around :

    > nginx.ingress.kubernetes.io/server-snippet: |
    > http2_max_header_size 256k;
    > http2_max_field_size 256k;

  • There is currently an existing feature request for increasing this
    length; this will change in the near future. You can 'star' the issue
    to get further updates and/or provide your use case in the comments.

huangapple
  • 本文由 发表于 2023年7月27日 16:06:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76777695.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定