amazon-web-services - AWS ALB 截断 HTTP 响应

Question

我有一个带有目标组的 ALB 和运行 PHP API 的 ECS 集群。

我正在尝试查询 API 以获得 CSV 响应，但如果请求来自 ALB，我得到的结果会被截断。

当我通过 SSH 进入运行集群的 EC2 实例并尝试手动运行 curl(通过负载均衡器)时，响应被截断:

curl -sSL -D - 'https://my.domain.com/api/export?token=foobar&start_date=01-01-2015&end_date=01-01-2019' \
  -H 'Content-Type: application/json' \
  -H 'cache-control: no-cache' -o /dev/null

我得到这些 header :

HTTP/2 200 
date: Wed, 21 Nov 2018 20:25:27 GMT
content-type: text/csv; charset=utf-8
content-length: 173019
server: nginx
content-transfer-encoding: binary
content-description: File Transfer
content-disposition: attachment;filename=export.csv
cache-control: private, must-revalidate
etag: "b90d0da7b482da96e1a478d59eedd0d16552fbfd"
strict-transport-security: max-age=2592000; includeSubDomains; preload
content-security-policy-report-only: default-src 'self';
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: origin

curl: (92) HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)

如果我尝试对容器运行相同的 curl(在本地运行 - 而不是通过 ALB)

curl -sSL -D - 'http://localhost:32776/api/export?token=foobar&start_date=01-01-2015&end_date=01-01-2019' \
  -H 'Content-Type: application/json' \
  -H 'cache-control: no-cache' -o /dev/null

响应:

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/csv; charset=utf-8
Content-Length: 173019
Connection: keep-alive
Content-Transfer-Encoding: binary
Content-Description: File Transfer
content-disposition: attachment;filename=export.csv
Cache-Control: private, must-revalidate
Date: Wed, 21 Nov 2018 20:36:55 GMT
ETag: "b90d0da7b482da96e1a478d59eedd0d16552fbfd"
Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'self;
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: origin

当我比较它们时，HTTP 版本有所不同。我尝试在 ALB 中切换到 HTTP1，但仍然遇到相同(或类似)的问题:curl: (18) transfer closed with 130451 bytes remaining to read。

另一个区别是 Keep-Alive 选项。我不确定这是否是我可以在 ALB 上启用的属性。

当我尝试返回不同的响应(复杂网页/非常长)时，响应通过 ALB 没有问题(未被截断)。根据 ALB 启用 HTTP/1.1 时的错误消息，响应每次都会在 42568 字节后被截断。

有什么想法吗？

更新

如果我在响应中省略 Content-Type header ，它不会被截断。

return new Response($content, Response::HTTP_OK, [
    # Works without this:
    # 'Content-Type' => 'text/csv; charset=utf-8',
    'Content-Transfer-Encoding' => 'binary',
    'Content-Description' => 'File Transfer',
    'Content-Disposition' => "attachment;filename=export.csv",
    'Content-Length' => strlen($content),  
]);

更新 2

将响应 Content-Type 更改为 text/html 会正确返回响应。

Answer 1

经过愉快的调试，我在容器的 Nginx 日志中发现了这个:

nginx stderr | 2018/11/22 01:03:59 [warn] 39#39: *65 an upstream response is 
buffered to a temporary file /var/tmp/nginx/fastcgi/4/01/0000000014 while reading 
upstream, client: 10.1.1.163, server: _, request: "GET /api/export?
token=foobar&start_date=01-01-2015&end_date=01-01-2019 HTTP/1.1", upstream: 
"fastcgi://unix:/var/run/php-fpm.sock:", host: "my.domain.com"

这基本上可以通过将这两行烘焙到我的 nginx 配置中来解决:

client_body_temp_path /tmp 1 2;
fastcgi_temp_path /tmp 1 2;

为什么这种情况只发生在 csv 输出中仍然是个谜。

感谢您的帮助!