Opened 9 months ago
Closed 9 months ago
#2623 closed defect (invalid)
nginx is reporting a Status=000 on port 443 when sending large queries
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | documentation | Version: | 1.18.x |
Keywords: | Cc: | bunkiedc@… | |
uname -a: | Linux Myserver 5.4.0-173-generic #191-Ubuntu SMP Fri Feb 2 13:55:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: | nginx version: nginx/1.18.0 (Ubuntu) |
Description
We're having difficulties getting a large query though nginx setup as a load balancer. The packets are rejected on ingress, and nginx posts to the logfile:
Apr 2 14:43:54 Myserver Myserver nginx: RemoteAddr=xxx.xxx.xxx.xxx;HostPort=443;Status=000;User-Agent=-;error_log/var/log/nginx/error.logdebug
I can not find any documentation that states what a Status=000 is.
The frame with the large query we are sending is approximately 0x2a70 bytes. And it is to an HTTPs port.
We're able to simulate this using curl. Everything looks okay (using trace mode) up to the very last part, which is included below.
A few of our config settings that we are using:
worker_connections 1024;
client_max_body_size 10M;
large_client_header_buffers 10 64K
proxy_ignore_client_abort on;
proxy_buffering off;
We're tried to change the client_max_body_size and large_client_header_buffers to many different settings, but none work.
Last part of Curl trace:
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 4a ....J
<= Recv SSL data, 1 bytes (0x1)
0000: 16 .
Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 57 bytes (0x39)
0000: 04 00 00 35 00 00 01 2c 1f 96 2c 58 08 00 00 00 ...5...,..,X....
0010: 00 00 00 00 00 00 20 e7 66 7e 4e e2 f7 02 36 f8 ...... .f~N...6.
0020: f0 51 f4 02 88 90 74 d5 c4 92 0e ba a3 a6 0d 35 .Q....t........5
0030: e7 74 93 13 b5 3a fe 00 00 .t...:...
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 4a ....J
<= Recv SSL data, 1 bytes (0x1)
0000: 16 .
Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 57 bytes (0x39)
0000: 04 00 00 35 00 00 01 2c f3 f0 af e3 08 00 00 00 ...5...,........
0010: 00 00 00 00 01 00 20 9c 7b a9 d4 6a 73 fd 9c 69 ...... .{..js..i
0020: 01 5d d9 4a d8 38 0f 52 b9 2e c4 b5 34 9b fa c6 .].J.8.R....4...
0030: d0 dd 33 6a bc 80 79 00 00 ..3j..y..
Info: old SSL session ID is stale, removing
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 42 ....B
<= Recv SSL data, 1 bytes (0x1)
0000: 17 .
Info: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 1a .....
=> Send SSL data, 1 bytes (0x1)
0000: 17 .
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 22 ...."
<= Recv SSL data, 1 bytes (0x1)
0000: 17 .
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13 .....
<= Recv SSL data, 1 bytes (0x1)
0000: 15 .
Info: TLSv1.3 (IN), TLS alert, close notify (256):
<= Recv SSL data, 2 bytes (0x2)
0000: 01 00 ..
Info: Empty reply from server
Info: Closing connection 0
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13 .....
=> Send SSL data, 1 bytes (0x1)
0000: 15 .
Info: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 1a .....
=> Send SSL data, 1 bytes (0x1)
0000: 17 .
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 22 ...."
<= Recv SSL data, 1 bytes (0x1)
0000: 17 .
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13 .....
<= Recv SSL data, 1 bytes (0x1)
0000: 15 .
Info: TLSv1.3 (IN), TLS alert, close notify (256):
<= Recv SSL data, 2 bytes (0x2)
0000: 01 00 ..
Info: Empty reply from server
Info: Closing connection 0
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13 .....
=> Send SSL data, 1 bytes (0x1)
Change History (3)
comment:1 by , 9 months ago
comment:2 by , 9 months ago
I included everything that was in the debug log. I installed the version that is currently available in Ubuntu 20.04, and it, for some reason, doesn't include the nginx-debug image with this install.
However, since I didn't find anything to help and we were stuck, I bit the bullet and loaded the latest image from the nginx site; 1.24. This works fine with the same config! I am, however, hoping that there is a back-port for 20.04 of something other than 1.18, as I can't connect the production server directly to the nginx repo.
So I guess at this point, there isn't much that can be done with this ticket other than closing it.
comment:3 by , 9 months ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Debug log should give the answer why is this happening. Also more details about nginx configuration would help.