Error 502 with NGINX reverse proxy and BI > 5.3.1

VLITKOWSKI

Young grasshopper
Joined
May 9, 2019
Messages
75
Reaction score
7
Location
France
I haven't seen this similar behaviour, but it may be that the CF (cloud flare) UID cookie is actually just happening to take you over the 1024 byte limit. You would have to capture on the BI box to see what impact the cookie removal has to the request size (TCP Data) of the packets received. I've rolled back to 5.3.0.3 and all seems to be working again with no issues, but no I am behind in other features and updates.
CF cookie + clip crash issue fixed with 5.3.6.5
 
Joined
Dec 8, 2020
Messages
15
Reaction score
4
Location
Stevenage
Hi All

Yes... i can indeed confirm that 5.3.6.5 seems to fix the issue. Ill do some more testing tonight but the basic scenarios nw work so i assume the "limit" has been removed.

Andy
 
Joined
Oct 14, 2020
Messages
2
Reaction score
0
Location
Ireland
The update has changed the error I receive but not fixed it.

Prev I was getting the same 502 error as everyone but now I am getting a "HTTP ERROR 431"

Prev post:

Just registered to report the same issue.

My setup:
BlueIris 5.3.3.3 behind an Nginx reverse proxy at address: https://cctv.domain.com
I use OAuth2 Proxy to control access on all other subdomains other than https://cctv.domain.com


If start with a clean browser, I can visit https://cctv.domain.com successfully.
But if I visit and login on any of my other subdomains https://example.domain.com or even my main domain Sign In and then visit https://cctv.domain.com I get: "502 Bad Gateway" error from Nginx.

In order for it to work I must clear cookies again.

@geoffmyers Did you hear anything back from BlueIris support?
Now I am version 5.3.6.5 of BlueIris ans intead of 502 Errors, I am getting "HTTP ERROR 431 " errors.
I have cleared all cache and cookies, tried multiple browsers (Chrome & Firefox) and same issued.

I have BlueIris behind an nginx reverse proxy (been using this forever and never had issued prev)

site.conf:

Code:
#BlueIris Reverse Proxy
server {
    listen 443 ssl;

    root /config/www;
    index index.html index.htm index.php;

    server_name cam.* cctv.*;

    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;

    client_max_body_size 0;



 
location / {
            tcp_nodelay on;
            tcp_nopush off;
            proxy_buffering off;
            proxy_buffer_size 256k;
            proxy_buffers 4 512k;
            proxy_busy_buffers_size 512k;
            # Change this to the internal IP and port of your service
            proxy_pass http://XXX.XXX.XXX.XXX:XX;
            proxy_read_timeout 90;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            }

}

Any advice would be greatly appreciated.
 
Joined
Dec 8, 2020
Messages
15
Reaction score
4
Location
Stevenage
Interesting that this fixed it for some but not others. HTTP error 431 refers to header size too large... is there any way you can use wireshark and check the actual size of the headers coming through? Im going to do some more testing tomorrow and see if i can replicate these 431 errors.
 

AngryToast

Young grasshopper
Joined
Jan 20, 2020
Messages
57
Reaction score
14
Location
USA
Sorry to re-activate a year old thread, but hoping some of you can help me.

I set up A DuckDNS subdomain, Nginx Proxy Manager and have successfully got a Let's Encrypt cert. When I test outside my network, I can connect to my BI Server.

Now, I wanted to get a custom domain - and connect it to Cloudlflare to use their proxy. I got everything set up. I can connect to my BI server and login and see video etc.

BUT: When I turn on Cloudflare’s Proxy, all hell breaks loose. I get the attached error. I can’t figure out how to clear this up. Anyone have any ideas?


Thanks!
 

Attachments

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
That error is saying one of the requests to load a javascript file got redirected to the login page. That most likely means your browser cookies did not get passed along to Blue Iris.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
I've never used cloudflare before, but it seems like you should search your configuration there for anything related to cookies.
 

AngryToast

Young grasshopper
Joined
Jan 20, 2020
Messages
57
Reaction score
14
Location
USA
I sure have. Nothing is popping for me. I'll continue to dig
 
Top