Question 97129 in Nginx Question posted in
The official documentation can be found here.

nginx istio url not resolved and return 426 status code

i have a service that name is image-api. the image-api is accessible in pod but nginx return 426 status code

after running this command return the expected data

curl image-api.gateways.svc.cluster.local:8000

but nginx return 426 status code.

if replace the native url of image-api by istio url then nginx return 200 status code.

the /etc/nginx.nginx.conf

worker_processes 8;

events {
    worker_connections 1024;
}

http {
    resolver kube-dns.kube-system valid=10s;

    server_tokens off;

    server {
        listen 8080;

        location ~ ^/(w+) {
            # ISTIO URL
        proxy_pass http://image-api.gateways.svc.cluster.local:8000$request_uri;
            # MAIN URL
#       proxy_pass http://image-api.main.svc.cluster.local:8000$request_uri;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thanks to @fariya-rahmat. his answer helps me to find the answer.

    add proxy_http_version 1.1 is necessary but it's not enough.

    the main problem is proxy_set_header Host $host; the envoy proxy detects the target service by hostname and it is wrong. if delete proxy_set_header the hostname is set automatically based on proxy_pass.


  2. 0

    As mentioned in the document:

    A 426 status code is caused when a client is attempting to upgrade a
    connection to a newer version of a protocol, but the server is
    refusing to do so.

    This can happen for several reasons, including:

    1. Incompatibility between the client and server versions of the protocol.

    2. The server may not support the requested version of the protocol.

    3. The server may be configured to only allow certain versions of the protocol to be used.

    4. The server may be experiencing technical issues or undergoing maintenance that prevents it from upgrading the connection.

    You need to upgrade your HTTP protocol version in NGINX config like there:

    This route is for a legacy API, which enabled NGINX cache for performance reason, but in this route’s proxy config, it missed a shared config proxy_http_version 1.1, which default to use HTTP 1.0 for all NGINX upstream.

    And Envoy will return HTTP 426 if the request is HTTP 1.0.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search