Opened 11 years ago
Closed 10 years ago
#549 closed defect (worksforme)
unexpected multiple 206 errors on transferring file
Reported by: | Dmitry Batiyevskiy | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | 1.4.x |
Keywords: | 206 | Cc: | monitoring@… |
uname -a: | Linux lb.xx.com 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.4.7
built by gcc 4.7.2 (Debian 4.7.2-5) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed' --with-ipv6 |
Description
Hello,
I have a following setup:
nginx + haproxy on LB server (nginx is performing SSL encryption to end user and proxies requests to haproxy, haproxy proxies to appropriate app server)
Nginx config here:
server { listen my.ip:443; server_name *.xx.com; ssl on; ssl_certificate /etc/pki/tls/certs/xx.com.crt; ssl_certificate_key /etc/pki/tls/private/xx.com.key; ssl_session_timeout 480m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; access_log /var/log/nginx/ssl.log main; location / { proxy_pass http://my.ip:81/; proxy_set_header X-NginX-Proxy true; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect default; proxy_redirect http://$host/ https://$host/; proxy_redirect http://hostname/ https://$host/; proxy_read_timeout 60s; proxy_connect_timeout 60s; } location ~ /\. { deny all; } }
Then I have 2 instances with nginx+tomcat, where nginx is used to serve static files like images, .js, fonts, etc and proxies other requests to tomcat
Nginx config here:
server { listen my.ip:80; server_name *.xx.com; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; rewrite ^/(.*) http://$host/myapp/ permanent; } location /myapp/ { proxy_pass http://127.0.0.1:8080/myapp/; proxy_redirect off; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for; } location /myapp/fonts { root /var/www/html/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /myapp/images { root /var/www/html; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
/var/www/html/myapp/ folder has subfolders images, fonts, etc and files inside them
Problem came out when I've updated nginx to 1.4.7 from official nginx debian repos (there was 1.4.4 before this):
grep nginx /etc/apt/ -R Binary file /etc/apt/trusted.gpg~ matches /etc/apt/sources.list.d/nginx.list:deb http://nginx.org/packages/debian/ wheezy nginx /etc/apt/sources.list.d/nginx.list:deb-src http://nginx.org/packages/debian/ wheezy nginx
The problem is when transferring one font both nginx instances returns 206 partial content error on 60 sec timeout, like this:
wget https://xx.com/myapp/fonts/arial.ttf --2014-04-25 19:22:50-- https://xx.com/myapp/fonts/arial.ttf Resolving xx.com (myapp.com)... some.ip Connecting to xx.com (myapp.com)|some.ip|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 778552 (760K) [application/octet-stream] Saving to: ‘arial.ttf.8’ 6% [=====> ] 53,002 --.-K/s in 65s 2014-04-25 19:23:55 (819 B/s) - Connection closed at byte 53002. Retrying. --2014-04-25 19:23:56-- (try: 2) https://xx.com/myapp/fonts/arial.ttf Connecting to xx.com (myapp.com)|some.ip|:443... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 778552 (760K), 725550 (709K) remaining [application/octet-stream] Saving to: ‘arial.ttf.8’ 13% [++++++======> ] 101,875 --.-K/s eta 3m 58s 13% [++++++======> ] 101,875 --.-K/s in 65s 2014-04-25 19:25:01 (755 B/s) - Connection closed at byte 101875. Retrying. --2014-04-25 19:25:03-- (try: 3) https://xx.com/myapp/fonts/arial.ttf Connecting to xx.com (myapp.com)|some.ip|:443... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 778552 (760K), 676677 (661K) remaining [application/octet-stream] Saving to: ‘arial.ttf.8’ 19% [+++++++++++++=====> ] 154,843 --.-K/s in 65s 2014-04-25 19:26:09 (818 B/s) - Connection closed at byte 154843. Retrying. --2014-04-25 19:26:12-- (try: 4) https://xx.com/myapp/fonts/arial.ttf Connecting to xx.com (myapp.com)|some.ip|:443... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 778552 (760K), 623709 (609K) remaining [application/octet-stream] Saving to: ‘arial.ttf.8’ 26% [+++++++++++++++++++======> ] 207,811 --.-K/s eta 7m 11str
Downgrading nginx on LB to 1.4.6 helped to solve this issue without any changes in configs
From the data provided it looks like connections are closed for some reason after transfering of about 50k of data. The 206 responses are just a result of previous incomplete responses available to wget, and range-requests used by it.
There are no changes between nginx 1.4.6 and nginx 1.4.7 which may affect configurations shown (actually, there are only two bugfixes: one in fastcgi and another one in spdy), and if downgrade fixes things for you - it's likely coincidence. (In particular, it may worth looking into OpenSSL versions used.)
Looking into nginx logs should help to find out what goes on. See http://wiki.nginx.org/Debugging for some debugging hints. Please use mailing lists if you need help with debugging and/or interpreting result.
It may also make sense to upgrade to at least latest stable nginx, 1.6.0, before any further testing.