I am working on a project with a simple web server using Rust actix_web. I have set up an HTTP server, running on port 4000:
HttpServer::new(move || {
App::new()
.wrap(Logger::default())
.wrap(Cors::default().allow_any_header().supports_credentials())
.service(test_index)
})
.workers(4)
.bind(("0.0.0.0", 4000))?
.run()
.await
I am really just trying to nail down the basics here. I was able to hit the server using HTTP just fine.
I have this running in a docker-compose project with port 4000 mapped to port 4000 in the container. Now, I have added an nginx container, running on the same network as the actix container. It has configured a directive in the nginx config to handle SSL / TLS handshaking, and pass requests through to the actix container. The import pieces of the nginx config are here:
server {
listen 4000 ssl http2 default_server;
listen [::]:4000 ssl http2 default_server;
include /myserver/serverName.conf;
server_tokens off;
client_body_buffer_size 2048K;
client_max_body_size 2M;
location /myserver/ {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://myserver:4000/;
}
ssl_certificate /myserver/fullchain.pem;
ssl_certificate_key /myserver/privkey.pem;
ssl_dhparam /myserver/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
}
When I send a request (using either my browser or curl) over HTTPS, I am getting the following error in actix web:
2023-10-29T01:32:01.137392Z TRACE actix_http::h1::dispatcher: parse error invalid Header provided
2023-10-29T01:32:01.137888Z TRACE actix_http::h1::dispatcher: read half closed; start shutdown
2023-10-29T01:32:01.137907Z ERROR actix_http::h1::dispatcher: stream error: request parse error: invalid Header provided
Any idea what I am missing here? With HTTPS, do I need to have any additional configuration in actix if I already have nginx to do the heavy lifting?
I have tried messing with the configuration in nginx to remove the headers I pass through to the actix server, but that still didn't change anything.
I have also tried adding Cors configuration and allowing all headers.
I plan to try to write some middleware for actix to print out the headers I receive on a request. I realized there is a duplicate of this issue, but the guidance is not very helpful.
It is recommended by Actix to use built-in feature by setting up the feature flag
you can see the examples here : https://github.com/actix/examples/tree/master/https-tls/rustls
don't forget to set flag feature in cargo.toml