Hi,
I have been experimenting with setting up nginx as a reverse proxy using SPDY SSL.
I'm using a self signed wildcard 2048 certificate in my test setup with an nginx 1.6 front end webserver and as backend webservers simple nginx setups serving plain http over port 80.
I use two nginx configurations, one for the HTML pages and one for the assets
https://test.site.com
https://assets.site.com
Everything seems to work fine until after a couple of reloads all assets from the asset server start returning empty responses. Loading these items in a separate tab always works fine. When I hit reload a couple of times, it returns to normal operation and this cycle continues.
When the assets are not being loaded successfully, cpu load on Firefox also goes through the roof. Seems some kind of infinite loop occurs.
I'm not sure if this could be configuration related or how I can avoid this. Any suggestions?
My configuration is basically:
server{
listen 443 ssl spdy;
server_name assets.site.com;
charset utf-8;
server_name_in_redirect off;
root /var/lib/tomcat7/webapps/site;
add_header Cache-Control public;
ssl_certificate /etc/ssl/site_com.crt;
ssl_certificate_key /etc/ssl/site_com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_buffer_size 8k;
location / {
expires max;
try_files $uri @proxy;
}
location @proxy {
proxy_buffering on;
proxy_pass http://static;
proxy_cache STATIC;
proxy_cache_valid 200 90d;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_cache_key $host$request_uri;
proxy_hide_header Set_Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 30;
}
}
The spdy configuration for the other webserver is basically identical
Kind regards,
Marc
I have been experimenting with setting up nginx as a reverse proxy using SPDY SSL.
I'm using a self signed wildcard 2048 certificate in my test setup with an nginx 1.6 front end webserver and as backend webservers simple nginx setups serving plain http over port 80.
I use two nginx configurations, one for the HTML pages and one for the assets
https://test.site.com
https://assets.site.com
Everything seems to work fine until after a couple of reloads all assets from the asset server start returning empty responses. Loading these items in a separate tab always works fine. When I hit reload a couple of times, it returns to normal operation and this cycle continues.
When the assets are not being loaded successfully, cpu load on Firefox also goes through the roof. Seems some kind of infinite loop occurs.
I'm not sure if this could be configuration related or how I can avoid this. Any suggestions?
My configuration is basically:
server{
listen 443 ssl spdy;
server_name assets.site.com;
charset utf-8;
server_name_in_redirect off;
root /var/lib/tomcat7/webapps/site;
add_header Cache-Control public;
ssl_certificate /etc/ssl/site_com.crt;
ssl_certificate_key /etc/ssl/site_com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_buffer_size 8k;
location / {
expires max;
try_files $uri @proxy;
}
location @proxy {
proxy_buffering on;
proxy_pass http://static;
proxy_cache STATIC;
proxy_cache_valid 200 90d;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_cache_key $host$request_uri;
proxy_hide_header Set_Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 30;
}
}
The spdy configuration for the other webserver is basically identical
Kind regards,
Marc