1. 首页
  2. 问答
  3. Nginx代理服务器SSL请求超过5秒的https请求中的破管

Nginx代理服务器SSL请求超过5秒的https请求中的破管

2012-11-06 34 views
2

我们让nginx作为反向代理坐在独角兽的Rails应用前面。Nginx代理服务器SSL请求超过5秒的https请求中的破管

我们没有覆盖任何超时默认值。

我的问题是:

请求一个页面,通过HTTP花费超过5秒。当它工作正常。

当请求一个超过httpS超过5秒的特定页面时,我得到一个324(服务器的空响应) 在系统上请求任何其他页面时,它只能通过https工作。

我可以确认这是一个计时问题,因为我剥离了模板,并将睡眠模式设置为6,以使模板等待呈现空白。

该请求有几个subrequests js和css,这些单独调用时工作正常。

nginx错误日志在出现问题url时显示套接字读取错误。

当HTTP做模板渲染和子请求,

当在HTTPS失败的URL,它发送请求上游两次但死在那里,不发送子请求。 (导轨应用声称它呈现它确定)

奇怪的是,它发送的原始请求两次至上游, 然后死,

日志和配置文件如下,

NGINX错误日志(仅在HTTPS上读取需要很长时间渲染的特定网址时):

2012/11/06 15:05:00 [info] 5717#0:* 4012 SSL_write()failed(SSL :) (32:断管),同时读取上游,客户:10.2.20.98,ser ver:cloud.zia4buildings.com,请求:“GET/admin/datasets HTTP/1.1”,上游:“http://127.0.0.1:3000/admin/datasets”,主机:“cloud.zia4buildings.com”,引用者:“https://cloud.zia4buildings.com/admin/sage_categories”

2012/11/06 15:05:03 [info] 5717#0:* 4027 SSL_write()失败(SSL :)(32:当读取上游时,客户端:10.2.20.98,服务器:cloud.zia4buildings.com,请求:“GET/admin/datasets HTTP/1.1”,上游:“http://127.0.0.1:3000/admin/datasets ”主机 “cloud.zia4buildings.com”,引荐: “https://cloud.zia4buildings.com/admin/sage_categories”

[编辑] 问题是超时在https代理通, if我在任何页面(甚至是一个超轻的页面)中投入6秒睡眠,然后https请求失败。

**APPLICATION LOGS:** 
(my comments in (-- --) 
**HTTP:** 

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:19:40 -0700 
    Processing by Admin::DatasetsController#index as HTML 
(-- lots of these ok --) 
Rendered admin/datasets/_dataset.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (5.4ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered layouts/_admin_links.html.erb (4.1ms) 
Rendered admin/datasets/index.html.erb within layouts/admin (5694.0ms) 
Completed 200 OK in 5704ms (Views: 5171.9ms | ActiveRecord: 531.4ms) 


Started GET "/stylesheets/dyn_stylesheets/dynamic.css" for 127.0.0.1 at 2012-11-06 09:15:31 -0700 
    Processing by DynStylesheetsController#index as CSS 
    Parameters: {"id"=>"dynamic"} 
Exist fragment? views/rating_system_css_colors (1.4ms) 
Read fragment views/rating_system_css_colors (0.1ms) 
Exist fragment? views/leed_category_css_colors (0.4ms) 
Read fragment views/leed_category_css_colors (0.0ms) 
Exist fragment? views/sage_category_css_colors (0.3ms) 
Read fragment views/sage_category_css_colors (0.0ms) 
Exist fragment? views/node_css_colors (3.3ms) 
Read fragment views/node_css_colors (0.0ms) 
Rendered dyn_stylesheets/dynamic.css.erb (9.8ms) 
Completed 200 OK in 17ms (Views: 12.1ms | ActiveRecord: 4.0ms) 
(-- EOF HTTP success request --) 



**HTTPS:** 

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:20:44 -0700 
    Processing by Admin::DatasetsController#index as HTML 
Rendered admin/datasets/_set_field.html.erb (15.8ms) 
(-- lots of these ok --) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered layouts/_admin_links.html.erb (3.0ms) 
Rendered admin/datasets/index.html.erb within layouts/admin (5973.3ms) 
Completed 200 OK in 5982ms (Views: 5419.4ms | ActiveRecord: 561.5ms) 

(-- (here starts a second, identical request without no apparent reason) --) 

Started GET "/admin/datasets" for 127.0.0.1 at 2012-11-06 09:20:47 -0700 
    Processing by Admin::DatasetsController#index as HTML 
Rendered admin/datasets/_set_field.html.erb (15.9ms) 
Rendered admin/datasets/_set_field.html.erb (0.5ms) 
(-- lots of these ok --) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered admin/datasets/_dataset_category.html.erb (0.0ms) 
Rendered layouts/_admin_links.html.erb (4.1ms) 
Rendered admin/datasets/index.html.erb within layouts/admin (5944.9ms) 
Completed 200 OK in 5955ms (Views: 5419.8ms | ActiveRecord: 549.8ms) 

(-- here the browser gets the error 324, empty response --)

CONF:

这是典型的配置:

upstream unicorn_server { 
    # this socket is set up on the config/unicorn.rb file 
    server unix:/home/sage/apps/sage/production/shared/.unicorn.sock; 
} 

server { 
    listen  80; 

    root /home/sage/apps/sage/production/current/public; 

    location/{ 
    proxy_set_header X-Forwarded-For $scheme; 
    proxy_set_header Host $http_host; 
    proxy_redirect off; 

    if (!-f $request_filename) { 
     proxy_pass http://unicorn_server; 
     break; 
    } 
    } 

} 

server { 
    listen  localhost:443; 
    listen  10.2.20.84:443; 

    ssl     on; 
    ssl_certificate  /etc/ssl/certs/cert.chained.crt; 
    ssl_certificate_key /etc/ssl/certs/cert.com.key; 

    root /home/sage/apps/sage/production/current/public; 

    location/{ 
    proxy_set_header X-Forwarded-For $scheme; 
    proxy_set_header X-Forwarded-Proto https; 
    proxy_set_header Host $http_host; 
    proxy_redirect off; 

    if (!-f $request_filename) { 
     proxy_pass http://unicorn_server; 
     break; 
    } 
    } 
}

在正确的方向指针的任何大加赞赏,

谢谢!

来源

2012-11-06 user1419422

回答

0

没关系,

罪魁祸首是HAProxy的正趴在我们的防火墙整个堆栈的前面。 因此发送这些超时,

来源

2012-11-06 23:27:16 user1419422

相关问题

 相关问题