nginx : add_header directive not working

nginx http-headers font

7,098

Solved!

This was not the config after all. The nginx config was fine.

My buildings networking is to blame, somehow and for reasons unknown they are stripping some headers.

When accessed from outside this network, all is well, response headers are in place for fonts.

7,098

mconlin

I build software and software teams.

Updated on September 18, 2022

Comments

mconlin almost 2 years

My Issue:
nginx add_header directive doesn't appear to be working

What I have tried:
In my nginx conf I have this:

location ~* \.(ttf|woff|eot|otf|woff2|svg|svgz)$ {
        access_log /var/log/nginx/fonts.access.log;
        add_header Access-Control-Allow-Origin *; expires 1M;
}

When I request a font resource like so:

curl -i -s -D -  -XGET http://my.server.com/assets/my_font-f748f9b5f469637888371ef2a5a81765.eot -o /dev/null
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/octet-stream
Date: Tue, 08 Sep 2015 16:42:55 GMT
ETag: "55eee9fb-d980"
Expires: Thu, 08 Oct 2015 16:42:55 GMT
Last-Modified: Tue, 08 Sep 2015 14:00:27 GMT
Server: nginx/1.4.6 (Ubuntu)
Content-Length: 55680
Connection: keep-alive

Notice I do not get back the Access-Control-Allow-Origin * header. To confirm my nginx is returning from that location block I added location block logging. I do see the request for fonts being made in my font.access.log.

$ tail -1 fonts.access.log
172.31.27.203 - - [08/Sep/2015:16:42:55 +0000] "GET /assets/my_font-f748f9b5f469637888371ef2a5a81765.eot HTTP/1.1" 200 55680 "-" "curl/7.30.0"

Other Information:
Nginx version and compilitation flags:

$ nginx -V
nginx version: nginx/1.4.6 (Ubuntu)
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
TLS SNI support enabled
configure arguments: 
--with-cc-opt='-g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' 
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
--prefix=/usr/share/nginx 
--conf-path=/etc/nginx/nginx.conf 
--http-log-path=/var/log/nginx/access.log 
--error-log-path=/var/log/nginx/error.log 
--lock-path=/var/lock/nginx.lock 
--pid-path=/run/nginx.pid 
--http-client-body-temp-path=/var/lib/nginx/body 
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
--http-proxy-temp-path=/var/lib/nginx/proxy 
--http-scgi-temp-path=/var/lib/nginx/scgi 
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi 
--with-debug 
--with-pcre-jit 
--with-ipv6 
--with-http_ssl_module 
--with-http_stub_status_module 
--with-http_realip_module 
--with-http_addition_module 
--with-http_dav_module 
--with-http_geoip_module 
--with-http_gzip_static_module 
--with-http_image_filter_module 
--with-http_spdy_module 
--with-http_sub_module 
--with-http_xslt_module 
--with-mail 
--with-mail_ssl_module

My conf is good:

sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

My sites conf:

real_ip_header X-Forwarded-For;
log_format mysite_log_fmt '[$time_local][$status][$request] from="$remote_addr" host="$host" ua="$http_user_agent"';

upstream unicorn_mysite {
 server unix:/srv/www/mysite/shared/sockets/unicorn.sock fail_timeout=0;
}

server {
  listen 80;
  server_name
  <ip>
  <other ip>
  <domain name>
  <elb domain name>

  access_log /var/log/nginx/mysites.access.log mysite_log_fmt;

  keepalive_timeout 5;

  root /srv/www/mysite/current/public/;

  location ~* \.(ttf|woff|eot|otf|woff2|svg|svgz)$ {
        access_log /var/log/nginx/fonts.access.log;
        add_header Access-Control-Allow-Origin "*";
  }

  location / {
    try_files $uri/index.html $uri/index.htm @unicorn;
    access_log /var/log/nginx/slash.access.log;
  }

  location @unicorn {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    access_log /var/log/nginx/unicorn.access.log;

    proxy_read_timeout 60;
    proxy_send_timeout 60;

    # If you don't find the filename in the static files
    # Then request it from the unicorn server
    if (!-f $request_filename) {
      proxy_pass http://unicorn_mysite;
      break;
    }
  }

  location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
  }

  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /srv/www/mysite/current/public/;
  }
}

mconlin almost 9 years

yeah, thats what is so maddening. I have spun up a blank vagrant ubuntu to match my problem host and a simple font location block with add_header worked fine.
mconlin almost 9 years

full nginx.conf added above in orig question
Enzo Wang almost 9 years

I think it's because of the if-inside-location pitfall, which is stated here link. You can replace "if" with "try_files", let's see. Sorry for not commenting your post since I've no enough "credits" :-(