我正在运行一个Nginx反向代理的网站https://telerandom.com (NodeJS服务器,端口9576)。 它通常工作,但有时它会开始拒绝来自某些用户的所有SSL连接(而对于其他人而言,这是完全正常的)。
这个拒绝SSL连接的时间通常会持续大约45分钟,然后事情恢复正常。 我注意到同一networking上的设备(例如我的笔记本电脑和同一WiFinetworking上的手机)同时遇到这些故障。 但是,如果我要断开手机与WiFi的连接并使用手机数据,则可以正常连接到网站。
端口80和443都在服务器上打开。 当连接被拒绝时,我在错误日志中得到这些消息:
2015/07/24 20:36:19 [debug] 1695#0: *92 post event 0000000002327BB0 2015/07/24 20:36:19 [debug] 1695#0: *92 post event 000000000233B3C0 2015/07/24 20:36:19 [debug] 1695#0: *92 delete posted event 000000000233B3C0 2015/07/24 20:36:19 [debug] 1695#0: *92 http run request: "/socket.io/?EIO=3&transport=websocket&sid=_32mgWR6o50vOl7pAAAC" 2015/07/24 20:36:19 [debug] 1695#0: *92 http upstream process upgraded, fu:1 2015/07/24 20:36:19 [debug] 1695#0: *92 event timer del: 20: 1437784644303 2015/07/24 20:36:19 [debug] 1695#0: *92 event timer add: 20: 90000:1437784669313 2015/07/24 20:36:19 [debug] 1695#0: *92 delete posted event 0000000002327BB0 2015/07/24 20:36:19 [debug] 1695#0: *92 http run request: "/socket.io/?EIO=3&transport=websocket&sid=_32mgWR6o50vOl7pAAAC" 2015/07/24 20:36:19 [debug] 1695#0: *92 http upstream process upgraded, fu:0 2015/07/24 20:36:19 [debug] 1695#0: *92 SSL_read: 7 2015/07/24 20:36:19 [debug] 1695#0: *92 SSL_read: -1 2015/07/24 20:36:19 [debug] 1695#0: *92 SSL_get_error: 2 2015/07/24 20:36:19 [debug] 1695#0: *92 send: fd:20 7 of 7 2015/07/24 20:36:19 [debug] 1695#0: *92 event timer: 20, old: 1437784669313, new: 1437784669313 2015/07/24 20:36:19 [debug] 1695#0: *92 post event 0000000002327AE0 2015/07/24 20:36:19 [debug] 1695#0: *92 post event 000000000233B2F0 2015/07/24 20:36:19 [debug] 1695#0: *92 delete posted event 000000000233B2F0 2015/07/24 20:36:19 [debug] 1695#0: *92 http upstream request: "/socket.io/?EIO=3&transport=websocket&sid=_32mgWR6o50vOl7pAAAC" 2015/07/24 20:36:19 [debug] 1695#0: *92 http upstream process upgraded, fu:0 2015/07/24 20:36:19 [debug] 1695#0: *92 event timer del: 20: 1437784669313 2015/07/24 20:36:19 [debug] 1695#0: *92 delete posted event 0000000002327AE0 2015/07/24 20:36:19 [debug] 1695#0: *92 http upstream request: "/socket.io/?EIO=3&transport=websocket&sid=_32mgWR6o50vOl7pAAAC" 2015/07/24 20:36:19 [debug] 1695#0: *92 http upstream process upgraded, fu:1 2015/07/24 20:36:19 [debug] 1695#0: *92 recv: fd:20 3 of 4096 2015/07/24 20:36:19 [debug] 1695#0: *92 SSL to write: 3 2015/07/24 20:36:19 [debug] 1695#0: *92 SSL_write: 3 2015/07/24 20:36:19 [debug] 1695#0: *92 recv: fd:20 -1 of 4096 2015/07/24 20:36:19 [debug] 1695#0: *92 recv() not ready (11: Resource temporarily unavailable) 2015/07/24 20:36:19 [debug] 1695#0: *92 event timer add: 20: 90000:1437784669313 这里是我的configuration文件
server { listen 80; server_name telerandom.com; return 301 https://$host$request_uri; } server { listen 443; server_name telerandom.com; ssl_certificate /etc/nginx/ssl/telerandom/cert.crt; ssl_certificate_key /etc/nginx/ssl/telerandom/cert.key; ssl on; access_log /var/log/nginx/telerandom.com.access.log; error_log /var/log/nginx/telerandom.com.error.log debug; location / { proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Fix the "It appears that your reverse proxy set up is broken" error. proxy_pass http://127.0.0.1:9576; proxy_read_timeout 90; proxy_redirect http://127.0.0.1:9576 https://telerandom.com; } }
重新启动Nginx并且服务器不能解决问题,也不会重新启动客户端设备。 另外,这种情况发生在多个networking上(有一次,它开始发生在我手机的蜂窝数据上),而且发生在我以外的人身上。 另外,在发生问题时,我还可以连接到nginx后面的类似configuration的SSL站点
服务器日志没有什么特别的地方在nginx的网站上显示出问题。 但是,你的描述清楚地表明客户networking中存在一个问题,
这可能只是客户端networking可靠性的问题。 由于您在谈论Wifi,可能会受到某些电子设备(微波炉,真空吸尘器等)的干扰,不仅影响与单台服务器的SSL连接,还影响其他连接,即至less使其变慢或不可靠。 当然,它也可能是networking中的攻击者,无线networking正在通过传输大量数据(备份工作?)等而饱和。但是我确信它与你的nginx设置无关。