From 32ad9b7102cb9a953da7927ec54e56e03494e078 Mon Sep 17 00:00:00 2001 From: Nicolas Duchon Date: Thu, 17 Oct 2024 09:08:27 +0200 Subject: [PATCH] feat: protection against too long debug response --- docs/README.md | 2 +- nginx.tmpl | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index fbfe1e2..06e6b23 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1094,7 +1094,7 @@ curl -s -H "Host: test.nginx-proxy.tld" localhost/nginx-proxy-debug | jq } ``` -:warning: please be aware that the debug endpoint work by rendering the response straight to the nginx configuration, which might result in an unparseable configuration if it exceeds nginx line character limit. Only activate it when needed. +:warning: please be aware that the debug endpoint work by rendering the JSON response straight to the nginx configuration in plaintext. nginx has an upper limit on the size of the configuration files it can parse, so only activate it when needed, and preferably on a per container basis if your setup has a large number of virtual hosts. ⬆️ [back to table of contents](#table-of-contents) diff --git a/nginx.tmpl b/nginx.tmpl index 6b2a99e..2021e7b 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -383,6 +383,16 @@ upstream {{ $vpath.upstream }} { "vhost" $debug_vhost }} + {{- /* + * The maximum line length in an nginx config is 4096 characters. + * If we're nearing this limit (with headroom for the rest + * of the directive), strip vhost.paths from the response. + */}} + {{- if gt (toJson $debug_response | len) 4000 }} + {{- $_ := unset $debug_vhost "paths" }} + {{- $_ := set $debug_response "warning" "Virtual paths configuration for this hostname is too large and has been stripped from response." }} + {{- end }} + location /nginx-proxy-debug { default_type application/json; return 200 '{{ toJson $debug_response }}';