Backround of the issue:
1. When I try to upload a file (file.tar, 23 MB) over http, it takes 3-7 seconds, life is good. This was just for test to make sure backend works!
2. When I try to upload SAME FILE over https, it goes super slown (20% in 1 minute) and after 60 seconds it dies with a message,
Timeout sending the file:
perhaps your browser does not send files correctly,
your session has expired,
or there was a server error.
Please try again.
Architecture:
User <--> nginx <--> tomcat
What backend uploader we are using?
gwt file uploader
Environment:
Centos 6.x (2.6.32-358.11.1.el6.x86_64)
Tomcat:
7.x
What did i try so far in last 48-72 hours ? Why are we certain its nginx configuration issue?
1. httpd (Apache/2.4.4), another web server works perfect (just for upload) but we dont want to do it for obvious benefits of nginx
2. if we remove web server altogether, upload works flawlessly.
3. played with nearly all timeouts on nginx without luck
4. tried nginx v1.4.1, v1.5.1 without luck (same result)
5. multiple browsers same result - firefox/chrome windows, firefox/chrome linux
6. tcpdump and wireshark show data movements for first 60 seconds.
7. nginx log looks pretty innocent but its not revealing anything meaningful
Nginx:
nginx version: nginx/1.5.3
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-openssl=/apps/nginx153/openssl-1.0.1e --with-pcre=/apps/nginx153/pcre-8.33 --with-http_stub_status_module --with-http_perl_module --with-debug --add-module=/apps/nginx153/ngx_http_log_request_speed
-------------------------nginx.conf, START-------------------------
worker_processes 1;
worker_rlimit_nofile 200000;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
error_log logs/error.log;
sendfile on;
send_timeout 10;
keepalive_timeout 30;
keepalive_requests 100000;
reset_timedout_connection on;
client_body_timeout 10;
client_header_timeout 10;
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
upstream appcluster {
# least_conn;
server localhost:8080 fail_timeout=20s;
keepalive 8;
}
server {
listen 80;
server_name site.com;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 default ssl;
root /apps/nginx/html;
server_name site.com;
ssl on;
ssl_certificate /apps/nginx/conf/mycerts/site.crt;
ssl_certificate_key /apps/nginx/conf/mycerts/site.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://appcluster;
# proxy_pass https://localhost:8080;
}
}
}
-------------------------nginx.conf, END-------------------------
Thanks in advance for your suggestions/comments!
1. When I try to upload a file (file.tar, 23 MB) over http, it takes 3-7 seconds, life is good. This was just for test to make sure backend works!
2. When I try to upload SAME FILE over https, it goes super slown (20% in 1 minute) and after 60 seconds it dies with a message,
Timeout sending the file:
perhaps your browser does not send files correctly,
your session has expired,
or there was a server error.
Please try again.
Architecture:
User <--> nginx <--> tomcat
What backend uploader we are using?
gwt file uploader
Environment:
Centos 6.x (2.6.32-358.11.1.el6.x86_64)
Tomcat:
7.x
What did i try so far in last 48-72 hours ? Why are we certain its nginx configuration issue?
1. httpd (Apache/2.4.4), another web server works perfect (just for upload) but we dont want to do it for obvious benefits of nginx
2. if we remove web server altogether, upload works flawlessly.
3. played with nearly all timeouts on nginx without luck
4. tried nginx v1.4.1, v1.5.1 without luck (same result)
5. multiple browsers same result - firefox/chrome windows, firefox/chrome linux
6. tcpdump and wireshark show data movements for first 60 seconds.
7. nginx log looks pretty innocent but its not revealing anything meaningful
Nginx:
nginx version: nginx/1.5.3
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-openssl=/apps/nginx153/openssl-1.0.1e --with-pcre=/apps/nginx153/pcre-8.33 --with-http_stub_status_module --with-http_perl_module --with-debug --add-module=/apps/nginx153/ngx_http_log_request_speed
-------------------------nginx.conf, START-------------------------
worker_processes 1;
worker_rlimit_nofile 200000;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
error_log logs/error.log;
sendfile on;
send_timeout 10;
keepalive_timeout 30;
keepalive_requests 100000;
reset_timedout_connection on;
client_body_timeout 10;
client_header_timeout 10;
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
upstream appcluster {
# least_conn;
server localhost:8080 fail_timeout=20s;
keepalive 8;
}
server {
listen 80;
server_name site.com;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
server {
listen 443 default ssl;
root /apps/nginx/html;
server_name site.com;
ssl on;
ssl_certificate /apps/nginx/conf/mycerts/site.crt;
ssl_certificate_key /apps/nginx/conf/mycerts/site.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://appcluster;
# proxy_pass https://localhost:8080;
}
}
}
-------------------------nginx.conf, END-------------------------
Thanks in advance for your suggestions/comments!