NGINX Proxy Error

Hi everyone!

Running into a bit of an issue - when running the CWMP client natively inside docker it all runs just fine, but when placed behind a reverse proxy I keep getting a “No contact from device error”. When translated, that’s the result of an “Invalid Session” outgoing event in the debug log. The session ID matches, I’ve set keepalive_timeout to 0, I’ve enabled transparent proxying (although it is worth noting the remote address in the debug file still shows as the NGINX container) and nothing is working. Has anyone else had this issue before? Any help is massively appreciated, been bashing my head against this for hours now lol

Edit: Transparent doesn’t work at all - just times out all connections, not just GenieACS


Hi, search the forum, it’s been addressed many times for either nginx/apache/ha proxy … you must disable reuse of the connections for the “Invalid session” errors and set some “forwarded for” header for the “same IP” issue.

1 Like

Hi Lavira! Thanks for the reply - I’ve scoured the forum (which isn’t to say I didn’t miss something) and I’ve done everything that’s been suggested. keepalive_timeout is set to 0 to disable session reuse and X-Forwarded-For is set to the CPE’s WAN IP - as I understand it though X-Forwarded-For isn’t standard so it may be that it’s after the more standard “Forwarded = for, host” etc header. Luckily the NGINX team have a workaround to use it so I’ll give that a shot - also worth looking at the logs for the CPE I think. We’ve had issues with it before due to a slightly sensitive CWMP client implementation.

Other thing that’s just crossed my mind - keepalive_timeout is set in the route section but not in the upstream. I’ll harcode the keepalive_timeout in the upstream definition just for sanity’s sake

Alrighty I’ve tried everything - upstream keepalive disabled, downstream keepalive disabled, both disabled simultaneously and separately, forwarded: for=[$remote_address] set and present in debug log, X-Forward-For set, X-Real-IP set and I cannot make it function properly! It’s highly probable that I’m doing something innocuous and stupid but for the life of me I can’t work out what it is lol. I built from source with origin caching disabled to force the getRequestOrigin function to check for the “Forwarded” header every time and it’s still showing up as the IP of the NGINX instance in remoteAddress - if anyone else has faced a similar problem I’d be incredibly grateful for any and all insight :slight_smile: