Picking up and rejuvenating an old dormant project and seeing a persistent Nginx 502 bad gateway on my Apache/Nginx development and as this was originally developed by someone else I'm struggling to find the answer.
Trying to view example.com/test gives the error. Any ideas for what I can check please?
Nginx error.log:
2017/09/07 18:20:31 [error] 11911#0: *311 connect() failed (111: Connection refused) while connecting to upstream, client: xx.my.ip.xx, server: www.example.com, request: "GET /test HTTP/1.1", upstream: "http://127.0.0.1:8000/test", host: "www.example.com"
2017/09/07 18:20:42 [info] 11911#0: *312 client closed connection while SSL handshaking, client: xx.my.ip.xx, server: 0.0.0.0:443
Nginx config:
user nobody;
# no need for more workers in the proxy mode
worker_processes 4;
error_log /var/log/nginx/error.log info;
worker_rlimit_nofile 20480;
events {
worker_connections 5120; # increase for busier servers
use epoll; # you should use epoll here for Linux kernels 2.6.x
}
http {
# custom start
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# proxy_http_version appeared in nginx 1.1.4
proxy_http_version 1.1;
upstream thedevelopment {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name www.example.com domain.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/domain_com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.key;
keepalive_timeout 70;
server_name www.example.com;
location / {
proxy_pass http://xx.xx.xx.130:8080;
}
location /test {
proxy_pass http://thedevelopment;
}
}
# custom end
server_name_in_redirect off;
server_names_hash_max_size 10240;
server_names_hash_bucket_size 1024;
include mime.types;
default_type application/octet-stream;
server_tokens off;
# remove/commentout disable_symlinks if_not_owner;if you get Permission denied error
# disable_symlinks if_not_owner;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_http_version 1.1;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_buffers 16 8k;
# You can remove image/png image/x-icon image/gif image/jpeg if you have slow CPU
gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/javascript application/xml+rss text/javascript application/atom+xml;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
reset_timedout_connection on;
connection_pool_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
client_max_body_size 200M;
client_body_buffer_size 128k;
request_pool_size 32k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /tmp/nginx_proxy/;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:5m max_size=1000m;
client_body_in_file_only on;
log_format bytes_log "$msec $bytes_sent .";
log_format custom_microcache '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" nocache:$no_cache';
include "/etc/nginx/vhosts/*";
}
Related
Not sure where to start. I'm moving my wordpress/nginx from server 1 to server 2. Config was almost identical except the server 2 which is the new server using the latest PHP(8.2), php-fpm 8.2 and Nginx 1.14.1, Rocky 8. Server 1 was PHP7.4 PHP-fpm 7.4 Nginx and Centos 7. Nginx starts with no issue but then I'm getting hit with this error.
2022/10/01 22:11:04 [error] 154299#0: *6 connect() to
unix:/run/php-fpm/phpfm.sock failed (111: Connection refused) while
connecting to upstream, client: Ip Address, server:
subdomain.myserver.net, request: "GET /myinfo.php HTTP/1.1", upstream:
"fastcgi://unix:/run/php-fpm/phpfm.sock:", host:
"subdomain.myserver.net"
My Config file.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
#subdomain
server {
server_name subdomain.myserver.net;
root /var/www/wp;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass_header Set-Cookie;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/phpfm.sock;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
try_files $uri $uri/ /index.php?$query_string;
}
index index.php;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/subdomain.myserver.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.myserver.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
upstream php-fpm {
server unix:/run/php-fpm/phpfm.sock;
}
server {
if ($host = subdomain.myserver.net) {
return 301 https://$host$request_uri;
}
listen 80;
server_name subdomain.myserver.net;
return 404;
}
}
I changed the domain and IP address for privacy reasons. TBH, I'm not quite sure where to go from there. I think I've tried all the possible solutions I can search on the net and none of them is giving me any hope. Please help?
I have been consistently getting a "upstream sent too big header while reading response header from upstream" error in my nginx log.
To start with, this is the architecture I have:
This error is logged by the nginx server running on port 8080.
2018/07/06 11:17:29 [error] 18857#18857: *39687 upstream sent too big
header while reading response header from upstream, client: 127.0.0.1,
server: amr.com.au, request: "POST /wp-admin/admin-ajax.php HTTP/1.1",
upstream: "fastcgi://unix:/var/run/php/php7.1-fpm.sock:", host:
"amr.com.au", referrer: "https://amr.com.au/wp-admin/"
i have tried this Upstream too big - nginx + codeigniter but to no avail.
I will put my php, nginx and varnish config here for reference.
varnish:
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
}
acl purger {
"localhost";
"127.0.0.1";
}
sub vcl_recv {
# Forward client's IP to the backend
if (req.restarts == 0) {
if (req.http.X-Real-IP) {
set req.http.X-Forwarded-For = req.http.X-Real-IP;
} else if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# pipe on weird http methods
if (req.method !~ "^GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE$") {
return(pipe);
}
if (req.method != "GET" && req.method != "HEAD") {
return(pass);
}
if (req.http.X-Requested-With == "XMLHttpRequest"){
return (pass);
}
if (client.ip != "127.0.0.1" && req.http.host ~ "amr.com.au") {
set req.http.x-redir = "https://amr.com.au" + req.url;
return(synth(850, ""));
}
if (req.method == "PURGE") {
if (!client.ip ~ purger) {
return(synth(405, "This IP is not allowed to send PURGE requests."));
}
return (purge);
}
# Pass through the WooCommerce dynamic pages
if (req.url ~ "^/(cart|my-account/*|checkout|wc-api/*|addons|logout|lost-password|product/*)") {
return (pass);
}
# Pass through the WooCommerce add to cart
if (req.url ~ "\?add-to-cart=" ) {
return (pass);
}
# Pass through the WooCommerce API
if (req.url ~ "\?wc-api=" ) {
return (pass);
}
}
sub vcl_synth {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 302;
return (deliver);
}
}
sub vcl_purge {
set req.method = "GET";
set req.http.X-Purger = "Purged";
return (restart);
}
sub vcl_backend_response {
if (beresp.status >= 300) {
if (beresp.status == 500) {
return (retry);
}
set beresp.uncacheable = true;
set beresp.ttl = 2s;
}
else
{
set beresp.ttl = 24h;
set beresp.grace = 1h;
}
if (bereq.url !~ "wp-admin|wp-login|product|cart|checkout|my-account|/?remove_item=|/?wc-ajax=") {
unset beresp.http.set-cookie;
}
}
sub vcl_deliver {
if (req.http.X-Purger) {
set resp.http.X-Purger = req.http.X-Purger;
}
}
sub vcl_pipe {
return (pipe);
}
sub vcl_pass {
return (fetch);
}
nginx.conf
user admin;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 50000;
events {
use epoll;
worker_connections 100000;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65s;
reset_timedout_connection on;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Gzip Settings
##
gzip on;
gzip_min_length 1000;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "msie6";
open_file_cache max=50000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
client_max_body_size 512m;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
nginx sites avaliable
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name amr.com.au;
port_in_redirect off;
server_tokens off;
more_clear_headers Server;
ssl on;
ssl_certificate_key /etc/letsencrypt/keys/0001_key-certbot.pem;
ssl_certificate /etc/letsencrypt/live/amr.com.au/fullchain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
# enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
# http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/amr.com.au/fullchain.pem;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
proxy_pass http://127.0.0.1:80;
proxy_http_version 1.1;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# proxy_read_timeout 300s;
# send_timeout 300s;
# proxy_set_header Connection "";
# proxy_set_header Host $http_host;
# proxy_set_header X-Forwarded-Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto https;
# proxy_set_header HTTPS "on";
# time out settings
proxy_connect_timeout 159s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
# proxy_buffer_size 256k;
# proxy_buffers 32 256k;
# proxy_busy_buffers_size 256k;
# proxy_temp_file_write_size 256k;
proxy_pass_header Set-Cookie;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/logs/ssl-access.log;
error_log /var/www/logs/ssl-error.log error;
}
}
server {
listen 8080;
listen [::]:8080;
server_name amr.com.au;
root /var/www/amr-prod;
index index.php;
port_in_redirect off;
client_header_buffer_size 2M;
large_client_header_buffers 16 2M;
client_body_buffer_size 100M;
client_max_body_size 100M;
fastcgi_buffers 256 200k;
access_log /var/www/logs/backend-access.log;
error_log /var/www/logs/backend-error.log warn;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri $document_root$fastcgi_script_name =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 240s;
}
}
also for reference:
awk '($9 ~ /200/) { i++;sum+=$10;max=$10>max?$10:max; } END { printf("Maximum: %d\nAverage: %d\n",max,i?sum/i:0); }' access.log
Maximum: 62833994
Average: 68531
Can someone help me work out why im getting that error? It doesnt seem to make any sense to me?? It looks like I have the configuration correct.
Thanks in advance,
Mike
EDIT:
So, I made a replica server, and turned off Varnish, and hey presto, it works.. So theres something going on in Varnish. I havent had time to investigate it yet, but I will try to this week and update if I can work it out.
Have you combed through your PHP error logs around the same time as the nginx error? The nginx error upstream sent too big header while reading response header from upstream is a pretty generic message, and could be related to any number of things going wrong. A likely culprit is a buggy PHP script. Other possibilities include a thread crash, or any other number header problems.
Check out answer 33878041 for some additional points to investigate when debugging this upstream error. This includes verifying that Content-Length does not exceed the actual content length of the POST transaction.
You may want to uncomment:
proxy_buffer_size 256k;
proxy_buffers 32 256k;
And play around with both fastcgi_buffer* and proxy_buffer* set of values if things still do not work following that. (likely have to increase).
nginx must be able to accomodate the HTTP headers within memory, and apparently your app sets too lengthy ones (Set-Cookie, etc.).
Long story here explains how to find proper value for proxy_buffer_size.
So the answer isnt the best, but it seems to have settled it down.
I bypassed Varnish and setup nginx cache. With little to no impact on page speed.
The base configurations were correct, and without Varnish the errors went away.
Not the best, but, it works.
I'm Getting 502 bad gateway error in one of my magento2 site.
Here are my configuration files.
nginx.conf configuration file
user nginx;
worker_processes 4;
worker_rlimit_nofile 100000;
pid /var/run/nginx.pid;
events {
use epoll;
# worker_connections 1024;
worker_connections 10240;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log warn;
rewrite_log on;
access_log /var/log/nginx/access.log main buffer=32k flush=300;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
autoindex off;
server_tokens off;
port_in_redirect off;
open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
types_hash_max_size 4096;
client_header_buffer_size 16k;
large_client_header_buffers 4 32k;
fastcgi_send_timeout 3600;
fastcgi_read_timeout 3600;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 256k;
fastcgi_connect_timeout 3600;
############
client_max_body_size 1024M;
client_body_buffer_size 128k;
server_names_hash_max_size 1024;
client_body_timeout 300;
client_header_timeout 300;
keepalive_timeout 600;
keepalive_requests 100000;
send_timeout 60;
server_names_hash_bucket_size 128;
gzip on;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_types any;
gzip_types text/plain text/css application/octet-stream application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript text/x-javascript font/ttf application/font-woff font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_disable “msie6”;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
}
php-fpm configure file
[domain.com.com]
listen = /var/run/php/domain.com-fpm.sock
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
user = domain_live
group = domain_live
; Choose how the process manager will control the number of child processes.
pm = dynamic
pm.max_children = 150
pm.start_servers = 60
pm.min_spare_servers = 50
pm.max_spare_servers = 90
pm.max_requests = 500
pm.status_path = /status
slowlog = /var/www/www.domain.com.com/logs/php-fpm-www-slow.log
rlimit_core = unlimited
php_admin_value[error_log] = /var/www/www.domain.com.com/logs/php-fpm-www-error.log
php_admin_flag[log_errors] = on
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/www/www.domain.com.com/application/var/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
Getting below error logs
php-fpm error logs
WARNING: [pool domain.com] child 4314 exited on signal 11 (SIGSEGV - core dumped) after 4556.304032 seconds from start
NOTICE: [pool domain.com] child 6422 started
nginx error logs
2018/05/18 13:28:02 [error] 4247#4247: *1460 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 1.2.3.4, server: www.domain.com, request: "GET /checkout/cart/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/domain.com-fpm.sock:", host: "www.domain.com.com", referrer: "https://www.domain.com.com/customer/account/login/"
Please help to resolve this issue. As i'm already tried multiple ways to resolve issue but didn't get the success.
Since a couple of days ago, I'm getting some errors on my server. I use CentOS 6.5 with Parallels 12.0.18, Apache server to serve dynamic content and Nginx as proxy to serve static content.
At first, I was getting the following error:
[error] 29951#0: *5138862 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 89.7.24.108, server: , request: "GET /page/2/ HTTP/1.1", upstream: "http://ip:7080/page/2/", host: "domain.es", referrer: "http://domain.es/"
Then, I changed some configuration, like increasing MaxClients on my "httpd.conf" file and this lines to my /etc/nginx/conf.d/timeout.conf file:
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
It all seemed to be working fine until I got the same errors again, along with a new one:
[error] 15228#0: *130292 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 89.130.25.154, server: domain.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:7080/", host: "domain.com"
I have two different websites on the same server. That's why you see two different hosts in there.
Here's the problem: when I got these errors, I got a "502 Bad Gateway" and the server becomes so slow that I can't even log in using the SSH terminal. I can only fix it temporally by resetting the httpd service.
I know there are other topics similar to this one, but all I found were problems with PHP-FPM, which I don't use.
Here's my Nginx configuration file:
user nginx;
worker_processes 16;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
# Gzip on
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_buffers 4 32k;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
gzip_disable "MSIE [1-6]\.";
# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
#send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# virtual hosts includes
include "/etc/nginx/conf.d/*.conf";
}
Here's my Nginx vhost file:
server {
listen ip:80 default_server;
server_name domain.es;
server_name www.domain.es;
server_name ipv4.domain.es;
client_max_body_size 128m;
root "/var/www/vhosts/domain.es/httpdocs";
access_log "/var/www/vhosts/system/domain.es/logs/proxy_access_log";
error_log "/var/www/vhosts/system/domain.es/logs/proxy_error_log";
if ($host ~* ^www.domain.es$) {
rewrite ^(.*)$ http://domain.es$1 permanent;
}
location / {
proxy_pass http://82.194.74.41:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location #fallback {
proxy_pass http://ip:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/plesk-stat/ {
proxy_pass http://ip:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|swf|tar|tgz|txt|wav|xls|xlsx|zip))$ {
access_log off;
expires 7d;
add_header Cache-Control public;
try_files $uri #fallback;
}
include "/var/www/vhosts/system/domain.es/conf/vhost_nginx.conf";
}
And some of the configuration vars I use with Apache (httpd.conf):
<IfModule prefork.c>
StartServers 14
MinSpareServers 8
MaxSpareServers 14
ServerLimit 1000
MaxClients 1000
MaxRequestsPerChild 2000
</IfModule>
Thank you very much in advance!
In my case, a php extension is missing, after I turned it off, it recovered! Check /var/log/messages to see if there is any segfault.
It seems your Apache is more busy than your Nginx. When Nginx get some requests but Apache can't handle, you get '502 Bad Gateway', which meas Apache refused to work for Nginx.
Try decrease 'worker_connections' and 'worker_processes' in Nginx and increase 'MaxClients', 'ServerLimit'
Make sure
worker_connections * worker_processes < MaxClients < ServerLimit
In a case I saw recently this error was being logged for 95% of requests but both the web server and the apps server were almost idle with only a few connections open. The other 5% were successful.
It turned out that our friendly networking colleagues had configured an IPS device between the web and apps server and it started clawing back and dropping connections when traffic increased because it thought there was a brute force attack happening. A false-positive. So nothing to do with Nginx or Apache, but reconfiguring the IPS fixed the issue.
Trace your code to detect if you have any calls like "opendir" without "closedir".
I am trying to setup nginx as a caching reverse proxy, however it would appear that every request is been sent to the backend server, and nothing is been cached. i.e. the server logs on the backend show all the same file accesses.
Most of the files are either php with arguments passed on the url or images, all of which are been fetched all the time from the backend and never cached. Everything on this site can be cached.
My conf.d/default.conf
upstream xxxx {
server xxxx.com;
}
#
# The default server
#
server {
listen 80 default_server;
server_name _;
access_log /var/log/nginx/log/access.log main;
error_log /var/log/nginx/log/error.log;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
## send request back to xxxx ##
proxy_pass http://xxxx;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# expires 24h;
# add_header Cache-Control public;
proxy_ignore_headers Cache-Control Expires;
proxy_redirect off;
proxy_buffering off;
proxy_cache one;
proxy_cache_key backend$request_uri;
proxy_cache_valid 200 301 302 1440m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1440m;
proxy_cache_use_stale error timeout invalid_header updating;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and my nginx.conf file
user nginx;
worker_processes 8;
worker_rlimit_nofile 8192;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 64;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_comp_level 9;
gzip_proxied any;
proxy_buffering on;
proxy_cache_path /usr/local/nginx/proxy levels=1:2 keys_zone=one:1024m inactive=7d max_size=700g;
proxy_temp_path /tmp/nginx/proxy;
proxy_buffer_size 4k;
proxy_buffers 100 8k;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
include /etc/nginx/conf.d/*.conf;
}
Can anybody tell me what I've got wrong??
I ran into this problem as well, and I found
proxy_buffering off;
Will cause nginx to bypass cache and not save the file to disk.
Remove that line and then it works.
Your upstream server responses must be settings Cookies, please see
https://stackoverflow.com/a/10995522/482926