Strange behavior when using Pushpin as a proxy over all HTTP requests…

Hello !

I’m new to PushPin and discovered the tool only a few weeks ago. That’s an awesome tool and we were able to work with it easily inside our docker environment…

However, we wanted to make PushPin our default proxy in front of our whole application.

The setup is the following:

pushpin -> nginx -> php-fpm

The configuration is easy :

  • pushpin is open on port 7999
  • all requests are routed to the internal nginx container on port 8000, our route file is:
* web:8000
  • all requests are then answered by Nginx (assets, php proxying to php-fpm server etc.).

At the beginning I though I will be able to use Nginx as our frontend then proxying to pushpin only the SSE specific requests (all the URLs that starts with /sse). I haven’t found a way to make pushpin communicate with php-fpm.

Our setup is currently fine but pushpin is adding a number before and after the response served by Nginx. I don’t understand why and haven’t found anything in the docs nor the configuration file.

As someone already encountered such issue ?

An example request/response:

$ curl -v localhost:8006/api/users/me
* Host localhost:8006 was resolved.
* IPv6: ::1
* IPv4:
*   Trying [::1]:8006...
* Connected to localhost (::1) port 8006
> GET /api/users/me HTTP/1.1
> Host: localhost:8006
> User-Agent: curl/8.5.0
> Accept: */*
< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: application/json
< Vary: Accept-Encoding
< X-Powered-By: PHP/8.2.16
< Cache-Control: no-cache, private
< Date: Tue, 18 Jun 2024 09:45:44 GMT
< Content-Security-Policy: default-src localhost:8006 http://localhost:3000 ws://localhost:3000; img-src data: *; script-src localhost:8006 http://localhost:3000 ws://localhost:3000 'unsafe-inline' 'unsafe-eval'; font-src localhost:8006 http://localhost:3000 ws://localhost:3000; style-src localhost:8006 http://localhost:3000 ws://localhost:3000 'unsafe-inline'; base-uri 'self'; frame-src *; connect-src localhost:8006 http://localhost:3000 ws://localhost:3000;
< Referrer-Policy: same-origin
< Expect-CT: enforce,max-age=30
< Strict-Transport-Security: max-age=30
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Sherlock-Application-State: active
< X-Debug-Token: d15773
< X-Debug-Token-Link: http://localhost:8006/_profiler/d15773
< X-Robots-Tag: noindex
< X-Host: localhost
< Content-Length: 660
{"data":{"type":"user","id":"admin","attributes":{"fullName":"Jane Doe","email":"","avatar":"https:\/\/\/profile_images\/60\/admin.jpg","title":"Clinical Marketing Specialist - MRI","business_segment":"Healthcare Imaging","firstname":"Jane","policy_agreement":1,"notificationsCount":{"sherlockListsRequestsAccess":2,"searchesRequestsAccess":1,"claimedWorkstations":2,"suggestedTags":3,"total":8}},"relationships":{"modalities":{"data":[{"type":"modality","id":"CT","attributes":{"description":"Computed Tomography"}},{"type":"modality","id":"MR","attributes":{"description":"Magnetic Resonance"}}]}}}}

The 288 before the JSON and the 0 after are causing trouble when reading the reponse ^^

This is a bug in pushpin’s new outbound connection manager (specifically in the way it handles chunked responses). It will be fixed in the next release, but in the meantime you can enable “zurl” for outbound connections. This can be done by installing the zurl apt package and adding zurl to the services= line in pushpin.conf. If you’re using the official docker package, an easy way to achieve this is to switch to version 1.37.0.


Oh awesome, thank you for your answer, I’ll try with the 1.37.0 docker image !