Opened 7 years ago

Closed 7 years ago

#1295 closed defect (invalid)

proxy_pass to websocket server

Reported by: nknighter@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.12.x
Keywords: Cc:
uname -a: Linux 4.11.4-1.el7.elrepo.x86_64 #1 SMP Wed Jun 7 12:18:44 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.12.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

Hello, I have nginx config as a proxy server to local websocket server.
As the guide was used http://nginx.org/ru/docs/http/websocket.html.

Problem in the current configuration are lines in the error.log (hundreds per second) with number of clients ~5k:

2017/06/10 05:48:37 [error] 1134#0: *28355 recv() failed (104: Connection reset by peer) while proxying upgraded connection, client: 178.62.128.67, server: example.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8005/", host: "example.com"
2017/06/10 05:48:37 [error] 1138#0: *27997 recv() failed (104: Connection reset by peer) while proxying upgraded connection, client: 36.234.135.45, server: example.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8005/", host: "example.com"
2017/06/10 05:48:37 [error] 1134#0: *27922 recv() failed (104: Connection reset by peer) while proxying upgraded connection, client: 5.18.206.115, server: example.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8005/", host: "example.com"

Part of config:
upstream ws_server {

server 127.0.0.1:8005;

}

server {

listen 443 ssl;
ssl keys
server_name example.com;
error_log /var/log/nginx/error.log notice;
location / {

proxy_pass http://ws_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;

}

}
As a backend websocket server was used "gorilla-weboscket" written in golang and an implementation on node.js with "ws" library. Errors occur in both situations.

Change History (3)

comment:1 by Maxim Dounin, 7 years ago

The log messages suggest that the connection is reset by your backend for some reason. This may happen either because of how your backend is written, or because of some network problems between nginx and the backend.

Note that in theory, WebSocket's close handshake is expected to prevent connection resets in case of well-behaving clients. They might still appear though if a client misbehaves and tries to send additional data after a Close frame. It would be interesting to look into a tcpdump of traffic between nginx and the backend.

comment:2 by nknighter@…, 7 years ago

Sorry for the late reply. You are right, problem was in backend and with the kernel configuration.

comment:3 by Maxim Dounin, 7 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.