Error 502 with NGINX reverse proxy and BI > 5.3.1

[VLITKOWSKI]

I haven't seen this similar behaviour, but it may be that the CF (cloud flare) UID cookie is actually just happening to take you over the 1024 byte limit. You would have to capture on the BI box to see what impact the cookie removal has to the request size (TCP Data) of the packets received. I've rolled back to 5.3.0.3 and all seems to be working again with no issues, but no I am behind in other features and updates.

CF cookie + clip crash issue fixed with 5.3.6.5

 

[milosm]

I can confirm, also works for me.

 

[SwampdogMash]

Hi All

Yes... i can indeed confirm that 5.3.6.5 seems to fix the issue. Ill do some more testing tonight but the basic scenarios nw work so i assume the "limit" has been removed.

Andy

 

[johndball]

Working here as well. Thanks folks and much thanks to those that raised the issue with BI support.

 

[Capt.Insano]

The update has changed the error I receive but not fixed it.

Prev I was getting the same 502 error as everyone but now I am getting a "HTTP ERROR 431"

Prev post:

Just registered to report the same issue.

My setup:
BlueIris 5.3.3.3 behind an Nginx reverse proxy at address: https://cctv.domain.com
I use OAuth2 Proxy to control access on all other subdomains other than https://cctv.domain.com


If start with a clean browser, I can visit https://cctv.domain.com successfully.
But if I visit and login on any of my other subdomains https://example.domain.com or even my main domain Sign In and then visit https://cctv.domain.com I get: "502 Bad Gateway" error from Nginx.

In order for it to work I must clear cookies again.

@geoffmyers Did you hear anything back from BlueIris support?

Now I am version 5.3.6.5 of BlueIris ans intead of 502 Errors, I am getting "HTTP ERROR 431 " errors.
I have cleared all cache and cookies, tried multiple browsers (Chrome & Firefox) and same issued.

I have BlueIris behind an nginx reverse proxy (been using this forever and never had issued prev)

site.conf:

#BlueIris Reverse Proxy
server {
    listen 443 ssl;

    root /config/www;
    index index.html index.htm index.php;

    server_name cam.* cctv.*;

    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;

    client_max_body_size 0;



 
location / {
            tcp_nodelay on;
            tcp_nopush off;
            proxy_buffering off;
            proxy_buffer_size 256k;
            proxy_buffers 4 512k;
            proxy_busy_buffers_size 512k;
            # Change this to the internal IP and port of your service
            proxy_pass http://XXX.XXX.XXX.XXX:XX;
            proxy_read_timeout 90;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            }

}

Any advice would be greatly appreciated.

 

[SwampdogMash]

Interesting that this fixed it for some but not others. HTTP error 431 refers to header size too large... is there any way you can use wireshark and check the actual size of the headers coming through? Im going to do some more testing tomorrow and see if i can replicate these 431 errors.

 

[AngryToast]

Sorry to re-activate a year old thread, but hoping some of you can help me.

I set up A DuckDNS subdomain, Nginx Proxy Manager and have successfully got a Let's Encrypt cert. When I test outside my network, I can connect to my BI Server.

Now, I wanted to get a custom domain - and connect it to Cloudlflare to use their proxy. I got everything set up. I can connect to my BI server and login and see video etc.

BUT: When I turn on Cloudflare’s Proxy, all hell breaks loose. I get the attached error. I can’t figure out how to clear this up. Anyone have any ideas?


Thanks!

 

[bp2008]

That error is saying one of the requests to load a javascript file got redirected to the login page. That most likely means your browser cookies did not get passed along to Blue Iris.

 

[AngryToast]

Thanks @bp2008 - does anyone in (or out!) of this thread know how to solve this?

 

[bp2008]

I've never used cloudflare before, but it seems like you should search your configuration there for anything related to cookies.

 

[AngryToast]

I sure have. Nothing is popping for me. I'll continue to dig