Webapp file upload fails for large files, but works from localhost or for small files
by phssthpok from LinuxQuestions.org on (#5J5MN)
I have an HTTPS web application which fails when uploading files over a certain size. Everything else works fine. I haven't worked out the exact boundary yet, but files of about 50k are OK but files of 250k fail. On the larger files, the error reported is "Early EOF".
The server listens on port 8443, and I have an iptables nat prerouting rule which redirects requests from port 443 to port 8443:
iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
The internal IP address on the local net is 10.0.0.200. If I log in to the server machine and use a browser to connect to localhost, files of whatever size upload without problems. I have done various experiments, and this is what I find:
On an external machine on the local net,
https://mydomain : upload fails
https://mydomain:8443 : upload fails
https://10.0.0.200:8443 : upload fails
On the server machine,
https://mydomain : upload fails
https://mydomain:8443 : upload fails
https://10.0.0.200:8443 : upload OK
https://localhost:8443 : upload OK
I added an iptables rule to log relevant requests/responses, and I see that the failing packets have the DF bit set, which may or may not be relevant, but this is getting way beyond my level of networking expertise. (Which is why I'm here!) For example:
LOGGING::IN= OUT=enp1s0 SRC=10.0.0.200 DST=10.0.0.138 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=8443 DPT=63862 WINDOW=0 RES=0x00 RST URGP=0
(10.0.0.138 is the router.)
Does anyone have any idea what might be going on here?
The server listens on port 8443, and I have an iptables nat prerouting rule which redirects requests from port 443 to port 8443:
iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
The internal IP address on the local net is 10.0.0.200. If I log in to the server machine and use a browser to connect to localhost, files of whatever size upload without problems. I have done various experiments, and this is what I find:
On an external machine on the local net,
https://mydomain : upload fails
https://mydomain:8443 : upload fails
https://10.0.0.200:8443 : upload fails
On the server machine,
https://mydomain : upload fails
https://mydomain:8443 : upload fails
https://10.0.0.200:8443 : upload OK
https://localhost:8443 : upload OK
I added an iptables rule to log relevant requests/responses, and I see that the failing packets have the DF bit set, which may or may not be relevant, but this is getting way beyond my level of networking expertise. (Which is why I'm here!) For example:
LOGGING::IN= OUT=enp1s0 SRC=10.0.0.200 DST=10.0.0.138 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=8443 DPT=63862 WINDOW=0 RES=0x00 RST URGP=0
(10.0.0.138 is the router.)
Does anyone have any idea what might be going on here?