Opened 7 years ago

Closed 6 years ago

#549 closed defect (worksforme)

unexpected multiple 206 errors on transferring file

Reported by: Dmitry Batiyevskiy Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.4.x
Keywords: 206 Cc: monitoring@…
uname -a: Linux lb.xx.com 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.4.7
built by gcc 4.7.2 (Debian 4.7.2-5)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed' --with-ipv6

Description

Hello,
I have a following setup:
nginx + haproxy on LB server (nginx is performing SSL encryption to end user and proxies requests to haproxy, haproxy proxies to appropriate app server)
Nginx config here:

server {
        listen       my.ip:443;
        server_name  *.xx.com;

        ssl                     on;
        ssl_certificate         /etc/pki/tls/certs/xx.com.crt;
        ssl_certificate_key     /etc/pki/tls/private/xx.com.key;
        ssl_session_timeout     480m;
        ssl_protocols           SSLv2 SSLv3 TLSv1;
        ssl_ciphers             HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        access_log  /var/log/nginx/ssl.log  main;
        location / {
                proxy_pass            http://my.ip:81/;
                proxy_set_header      X-NginX-Proxy true;
                proxy_set_header      Host $http_host;
                proxy_set_header      X-Real-IP  $remote_addr;
                proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header      X-Forwarded-Proto https;

                proxy_redirect        default;
                proxy_redirect        http://$host/ https://$host/;
                proxy_redirect        http://hostname/ https://$host/;
                proxy_read_timeout    60s;
                proxy_connect_timeout 60s;
        }

        location ~ /\. { deny  all; }
}

Then I have 2 instances with nginx+tomcat, where nginx is used to serve static files like images, .js, fonts, etc and proxies other requests to tomcat
Nginx config here:

server {
        listen       my.ip:80;
        server_name *.xx.com;

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                rewrite ^/(.*) http://$host/myapp/ permanent;
        }
        location  /myapp/ {
                proxy_pass   http://127.0.0.1:8080/myapp/;
                proxy_redirect off;
                proxy_buffering off;
                proxy_set_header Host $http_host;
                proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
        }
        location /myapp/fonts {
                root /var/www/html/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        location /myapp/images {
                root /var/www/html;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

/var/www/html/myapp/ folder has subfolders images, fonts, etc and files inside them

Problem came out when I've updated nginx to 1.4.7 from official nginx debian repos (there was 1.4.4 before this):

grep nginx /etc/apt/ -R
Binary file /etc/apt/trusted.gpg~ matches
/etc/apt/sources.list.d/nginx.list:deb http://nginx.org/packages/debian/ wheezy nginx
/etc/apt/sources.list.d/nginx.list:deb-src http://nginx.org/packages/debian/ wheezy nginx

The problem is when transferring one font both nginx instances returns 206 partial content error on 60 sec timeout, like this:

wget https://xx.com/myapp/fonts/arial.ttf
--2014-04-25 19:22:50--  https://xx.com/myapp/fonts/arial.ttf
Resolving xx.com (myapp.com)... some.ip
Connecting to xx.com (myapp.com)|some.ip|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 778552 (760K) [application/octet-stream]
Saving to: ‘arial.ttf.8’

 6% [=====>                                                                                              ] 53,002      --.-K/s   in 65s

2014-04-25 19:23:55 (819 B/s) - Connection closed at byte 53002. Retrying.

--2014-04-25 19:23:56--  (try: 2)  https://xx.com/myapp/fonts/arial.ttf
Connecting to xx.com (myapp.com)|some.ip|:443... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 778552 (760K), 725550 (709K) remaining [application/octet-stream]
Saving to: ‘arial.ttf.8’
13% [++++++======>                                                                                       ] 101,875     --.-K/s  eta 3m 58s
13% [++++++======>                                                                                       ] 101,875     --.-K/s   in 65s

2014-04-25 19:25:01 (755 B/s) - Connection closed at byte 101875. Retrying.

--2014-04-25 19:25:03--  (try: 3)  https://xx.com/myapp/fonts/arial.ttf
Connecting to xx.com (myapp.com)|some.ip|:443... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 778552 (760K), 676677 (661K) remaining [application/octet-stream]
Saving to: ‘arial.ttf.8’

19% [+++++++++++++=====>                                                                                 ] 154,843     --.-K/s   in 65s

2014-04-25 19:26:09 (818 B/s) - Connection closed at byte 154843. Retrying.

--2014-04-25 19:26:12--  (try: 4)  https://xx.com/myapp/fonts/arial.ttf
Connecting to xx.com (myapp.com)|some.ip|:443... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 778552 (760K), 623709 (609K) remaining [application/octet-stream]
Saving to: ‘arial.ttf.8’

26% [+++++++++++++++++++======>                                                                          ] 207,811     --.-K/s  eta 7m 11str

Downgrading nginx on LB to 1.4.6 helped to solve this issue without any changes in configs

Change History (2)

comment:1 by Maxim Dounin, 7 years ago

From the data provided it looks like connections are closed for some reason after transfering of about 50k of data. The 206 responses are just a result of previous incomplete responses available to wget, and range-requests used by it.

There are no changes between nginx 1.4.6 and nginx 1.4.7 which may affect configurations shown (actually, there are only two bugfixes: one in fastcgi and another one in spdy), and if downgrade fixes things for you - it's likely coincidence. (In particular, it may worth looking into OpenSSL versions used.)

Looking into nginx logs should help to find out what goes on. See http://wiki.nginx.org/Debugging for some debugging hints. Please use mailing lists if you need help with debugging and/or interpreting result.

It may also make sense to upgrade to at least latest stable nginx, 1.6.0, before any further testing.

comment:2 by Maxim Dounin, 6 years ago

Resolution: worksforme
Status: newclosed

Feedback timeout.

Note: See TracTickets for help on using tickets.