Hey Guys -
I recently moved my hosting to a new and up to date (1.15.8) version of NGINX (for Windows) with PHP 7.3.0 on a new system running Windows Server 2016. I mostly use the installation to host an internal page (Organizrv2), reverse proxy of internal sites, and to apply SSL using a 3rd party signed cert.
When performance seemed slower than before, I started looking through NGINX's error.log and found 3 different issues. I wanted to post details about them in hopes someone could help me find a solution. Below are the errors followed by a snippet from my nginx.conf...
This error was listed every 1-3 seconds when it seemed someone was actively browsing. To note, 192.168.0.35 is the IP NGINX is hosted upon:
2019/01/13 17:38:10 [crit] 6288#3576: *129415 SSL_write() failed (SSL:) (10053: An established connection was aborted by the software in your host machine) while sending to client, client: 192.168.0.35, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"
This error appears a good amount too, but not nearly as often as the above one:
2019/01/13 17:21:57 [error] 6288#3576: *127342 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading response header from upstream, client: 192.168.0.35, server: mydomain, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"
Finally, I had a couple of "10060: A connection attempt failed because the connected party did not properly respond after a period of time" entries, but understand this as the site it references can be slow to respond.
nginx.conf Snippet
Below is the first part of my nginx.conf. The last part I left out as it only defines RP locations, is repetitive, and I didn't think was needed:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#Redirect requests from 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}
# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;
# Configures NGINX to listen on 443 for SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;
# The below section configures reverse proxy for locally hosted services
# CrushFTP HTTP Configuration
location /crush {
proxy_pass http://192.168.0.25:8686/crush;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
client_max_body_size 10000M;
proxy_request_buffering off;
}
... and so on...
php.ini
My php.ini is all defaults except for the below uncommented lines (if needed):
extension_dir = "ext"
extension=php_openssl.dll
extension=php_pdo_sqlite.dll
extension=php_curl.dll
extension=php_sqlite3.dll
sqlite3.extension_dir = ext
Any suggestions? Thanks!!
I recently moved my hosting to a new and up to date (1.15.8) version of NGINX (for Windows) with PHP 7.3.0 on a new system running Windows Server 2016. I mostly use the installation to host an internal page (Organizrv2), reverse proxy of internal sites, and to apply SSL using a 3rd party signed cert.
When performance seemed slower than before, I started looking through NGINX's error.log and found 3 different issues. I wanted to post details about them in hopes someone could help me find a solution. Below are the errors followed by a snippet from my nginx.conf...
This error was listed every 1-3 seconds when it seemed someone was actively browsing. To note, 192.168.0.35 is the IP NGINX is hosted upon:
2019/01/13 17:38:10 [crit] 6288#3576: *129415 SSL_write() failed (SSL:) (10053: An established connection was aborted by the software in your host machine) while sending to client, client: 192.168.0.35, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"
This error appears a good amount too, but not nearly as often as the above one:
2019/01/13 17:21:57 [error] 6288#3576: *127342 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading response header from upstream, client: 192.168.0.35, server: mydomain, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"
Finally, I had a couple of "10060: A connection attempt failed because the connected party did not properly respond after a period of time" entries, but understand this as the site it references can be slow to respond.
nginx.conf Snippet
Below is the first part of my nginx.conf. The last part I left out as it only defines RP locations, is repetitive, and I didn't think was needed:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#Redirect requests from 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}
# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;
# Configures NGINX to listen on 443 for SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;
# The below section configures reverse proxy for locally hosted services
# CrushFTP HTTP Configuration
location /crush {
proxy_pass http://192.168.0.25:8686/crush;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
client_max_body_size 10000M;
proxy_request_buffering off;
}
... and so on...
php.ini
My php.ini is all defaults except for the below uncommented lines (if needed):
extension_dir = "ext"
extension=php_openssl.dll
extension=php_pdo_sqlite.dll
extension=php_curl.dll
extension=php_sqlite3.dll
sqlite3.extension_dir = ext
Any suggestions? Thanks!!