Sfoglia il codice sorgente

feat: protection against too long debug response

Nicolas Duchon 7 mesi fa
parent
commit
32ad9b7102
2 ha cambiato i file con 11 aggiunte e 1 eliminazioni
  1. 1 1
      docs/README.md
  2. 10 0
      nginx.tmpl

+ 1 - 1
docs/README.md

@@ -1094,7 +1094,7 @@ curl -s -H "Host: test.nginx-proxy.tld" localhost/nginx-proxy-debug | jq
 }
 ```
 
-:warning: please be aware that the debug endpoint work by rendering the response straight to the nginx configuration, which might result in an unparseable configuration if it exceeds nginx line character limit. Only activate it when needed.
+:warning: please be aware that the debug endpoint work by rendering the JSON response straight to the nginx configuration in plaintext. nginx has an upper limit on the size of the configuration files it can parse, so only activate it when needed, and preferably on a per container basis if your setup has a large number of virtual hosts.
 
 
 ⬆️ [back to table of contents](#table-of-contents)

+ 10 - 0
nginx.tmpl

@@ -383,6 +383,16 @@ upstream {{ $vpath.upstream }} {
         "vhost" $debug_vhost
     }}
 
+    {{- /*
+         * The maximum line length in an nginx config is 4096 characters.
+         * If we're nearing this limit (with headroom for the rest
+         * of the directive), strip vhost.paths from the response.
+         */}}
+    {{- if gt (toJson $debug_response | len) 4000 }}
+        {{- $_ := unset $debug_vhost "paths" }}
+        {{- $_ := set $debug_response "warning" "Virtual paths configuration for this hostname is too large and has been stripped from response." }}
+    {{- end }}
+
     location  /nginx-proxy-debug {
         default_type application/json;
         return 200 '{{ toJson $debug_response }}';