Fatal编程技术网
  • nginx/
  • https请求中超过5秒的Nginx代理ssl断开管道

https请求中超过5秒的Nginx代理ssl断开管道

nginx

https请求中超过5秒的Nginx代理ssl断开管道,nginx,reverse-proxy,Nginx,Reverse Proxy,我们让nginx作为反向代理出现在unicorn上的rails应用程序前面 我们没有覆盖任何超时默认值 我的问题是: 当通过http请求超过5秒的页面时,它工作正常 当通过httpS请求一个超过5秒的特定页面时,我得到一个324(服务器的空响应) 当请求系统上的任何其他页面时,它可以通过https正常工作 我可以确认这是一个时间问题,因为我去掉了模板,并放置了sleep6以使模板等待渲染为空 该请求有两个到js和css的子请求,单独调用时这些子请求可以正常工作 nginx错误日志显示url出现问

我们让nginx作为反向代理出现在unicorn上的rails应用程序前面

我们没有覆盖任何超时默认值

我的问题是:

当通过http请求超过5秒的页面时,它工作正常

当通过httpS请求一个超过5秒的特定页面时,我得到一个324(服务器的空响应) 当请求系统上的任何其他页面时,它可以通过https正常工作

我可以确认这是一个时间问题,因为我去掉了模板,并放置了sleep6以使模板等待渲染为空

该请求有两个到js和css的子请求,单独调用时这些子请求可以正常工作

nginx错误日志显示url出现问题时的套接字读取错误

在http中执行模板呈现和子请求时

在https上的失败url中,它向上游发送两次请求,但在那里终止,而不发送子请求。 (rails应用程序声称其呈现为ok)

奇怪的是,它向上游发送了两次原始请求, 然后就死了,

日志和配置文件如下:

NGINX错误日志(仅在读取需要很长时间才能呈现的特定url时在HTTPS上):

2012/11/06 15:05:00[信息]5717#0:*4012 SSL#u write()读取上游时失败(SSL:)(32:管道断裂),客户端:10.2.20.98,服务器:cloud.zia4buildings.com,请求:“GET/admin/datasets HTTP/1.1”,上游:http://127.0.0.1:3000/admin/datasets,主持人:“cloud.zia4buildings.com”,推荐人:"https://cloud.zia4buildings.com/admin/sage_categories"

2012/11/06 15:05:03[信息]5717#0:*4027 SSL#u write()读取上游时失败(SSL:)(32:管道断裂),客户端:10.2.20.98,服务器:cloud.zia4buildings.com,请求:“GET/admin/datasets HTTP/1.1”,上游:http://127.0.0.1:3000/admin/datasets,主持人:“cloud.zia4buildings.com”,推荐人:https://cloud.zia4buildings.com/admin/sage_categories"

[编辑] 问题是https代理通行证超时, 如果我在任何页面(即使是超轻页面)中抛出6秒睡眠,那么https请求将失败

**APPLICATION LOGS:**
(my comments in (-- --)
**HTTP:**

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:19:40 -0700
  Processing by Admin::DatasetsController#index as HTML
(--  lots of these ok --)
Rendered admin/datasets/_dataset.html.erb (0.0ms)
Rendered admin/datasets/_dataset_category.html.erb (5.4ms)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered layouts/_admin_links.html.erb (4.1ms)
Rendered admin/datasets/index.html.erb within layouts/admin (5694.0ms)
Completed 200 OK in 5704ms (Views: 5171.9ms | ActiveRecord: 531.4ms)


Started GET "/stylesheets/dyn_stylesheets/dynamic.css" for 127.0.0.1 at 2012-11-06 09:15:31 -0700
  Processing by DynStylesheetsController#index as CSS
  Parameters: {"id"=>"dynamic"}
Exist fragment? views/rating_system_css_colors (1.4ms)
Read fragment views/rating_system_css_colors (0.1ms)
Exist fragment? views/leed_category_css_colors (0.4ms)
Read fragment views/leed_category_css_colors (0.0ms)
Exist fragment? views/sage_category_css_colors (0.3ms)
Read fragment views/sage_category_css_colors (0.0ms)
Exist fragment? views/node_css_colors (3.3ms)
Read fragment views/node_css_colors (0.0ms)
Rendered dyn_stylesheets/dynamic.css.erb (9.8ms)
Completed 200 OK in 17ms (Views: 12.1ms | ActiveRecord: 4.0ms)
(-- EOF HTTP success request --)



**HTTPS:**

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:20:44 -0700
  Processing by Admin::DatasetsController#index as HTML
Rendered admin/datasets/_set_field.html.erb (15.8ms)
(--  lots of these ok --)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered layouts/_admin_links.html.erb (3.0ms)
Rendered admin/datasets/index.html.erb within layouts/admin (5973.3ms)
Completed 200 OK in 5982ms (Views: 5419.4ms | ActiveRecord: 561.5ms)

(-- (here starts a second, identical request without no apparent reason) --)

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:20:47 -0700
  Processing by Admin::DatasetsController#index as HTML
Rendered admin/datasets/_set_field.html.erb (15.9ms)
Rendered admin/datasets/_set_field.html.erb (0.5ms)
(--  lots of these ok --)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered admin/datasets/_dataset_category.html.erb (0.0ms)
Rendered layouts/_admin_links.html.erb (4.1ms)
Rendered admin/datasets/index.html.erb within layouts/admin (5944.9ms)
Completed 200 OK in 5955ms (Views: 5419.8ms | ActiveRecord: 549.8ms)

(-- here the browser gets the error 324, empty response --)
CONF:

这是经典配置:

upstream unicorn_server {
  # this socket is set up on the config/unicorn.rb file
  server unix:/home/sage/apps/sage/production/shared/.unicorn.sock;
}

server {
  listen       80; 

  root /home/sage/apps/sage/production/current/public;

  location / {
    proxy_set_header X-Forwarded-For $scheme;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (!-f $request_filename) {
      proxy_pass http://unicorn_server;
      break;
    }
  }

}

server {
  listen       localhost:443; 
  listen       10.2.20.84:443; 

  ssl                  on;
  ssl_certificate      /etc/ssl/certs/cert.chained.crt;
  ssl_certificate_key  /etc/ssl/certs/cert.com.key;

  root /home/sage/apps/sage/production/current/public;

  location / {
    proxy_set_header X-Forwarded-For $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (!-f $request_filename) {
      proxy_pass http://unicorn_server;
      break;
    }
  }
}
任何指向正确方向的指针都值得赞赏

谢谢!

没关系

罪魁祸首是haproxy,它坐在我们防火墙的整个堆栈前面。 因此发送这些超时