Ok, I figured it out. Seems that several years ago someone at my day job did a custom errorfile in haproxy which returns a 503 error whenever haproxy intends to return a 403 error. It was forgotten and went unnoticed until now. Now we have to figure out if its a cut and paste error or if there was a legit reason for doing this. Either way its not an nginx (or haproxy) issue.
On Fri, Apr 15, 2016 at 4:49 PM, Валентин Бартенев <vb...@nginx.com> wrote: > On Thursday 14 April 2016 22:45:36 CJ Ess wrote: > > In my environment I have Nginx terminating connections, then sending them > > to an HAProxy upstream. We've noticed that whenever HAProxy emts a 403 > > error (Forbidden, in response to our ACL rules), NGINX reports a 503 > result > > (service unavailable) and I believe is logging an "upstream prematurely > > closed connection while reading response header from upstream" error > > message in the nginx error log. > > > > What I'd really like to do is pass the 403 code back to the user - what > do > > I need to do? > > That message suggests that haproxy closes connection before properly > returning > headers. So nginx can't pass 403 since it can't get it right from haproxy. > > You should check what is wrong with haproxy. > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
