I am getting Invalid HTTP_HOST header error on my server. I don't understand why it's happening and how to fix it. Everytime it happens backend stops working and I have to restart the server.
Any help will be appreciated.
Thanks in advance!
FYI : Server is aws ec2; frontend is angular and backend is django/drf with gunicorn. Angular and DRF are both deployed on the same server.
Error 0. If I don't set the Host variable in nginx.conf, I get below error many times. Invalid HTTP_HOST header: '/run/gunicorn.sock:'. The domain name provided is not valid according to RFC 1034/1035.
If I set the Host variable in nginx.conf, I get below errors.
Error 1. proxy_set_header Host $http_host;
Invalid HTTP_HOST header: '127.0.0.1:8000,127.0.0.1:8000'. The domain name provided is not valid according to RFC 1034/1035.
Error 2. proxy_set_header Host $host;
Invalid HTTP_HOST header: '127.0.0.1:8000,127.0.0.1'. The domain name provided is not valid according to RFC 1034/1035.
Error 3. proxy_set_header Host $server_name;
Invalid HTTP_HOST header: '13.234.187.18,13.234.187.18:8000'. The domain name provided is not valid according to RFC 1034/1035.
nginx.conf is as below.
server {
listen 8000;
server_name 13.234.187.18;
location / {
proxy_set_header Host $host;
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
I found below code on the nginx website. Will it solve this problem? http://nginx.org/en/docs/http/request_processing.html
server {
listen 80;
server_name "";
return 444;
}
The problem is that you have caused the Host header to be included twice.
Looking at the
proxy_params
file will show you that it was already set there. Setting it again causes the two values to be joined with a comma.Inside that file you will find preset headers that will be used when you include that file. You do not need to repeat any of those lines in your own configuration.
You can remove your own additional
proxy_set_header Host $host;
from the configuration.I had a similar issue, however, I didn't have
proxy_set_header
in my Nginx config file and it was simplyinclude proxy_params;
.What happens here is according to Django documentation when your site is behind a proxy server, Django will reject the requests coming from the proxy thinking they are not secure even though the connection between the client and the proxy might be secure. So the solution is to update your Django
settings.py
file and add the following:You can read further here about this issue here: https://docs.djangoproject.com/en/3.1/ref/settings/#secure-proxy-ssl-header