Nginx proxy with content filtering

Question

Hello ))). I'll start with a smile, because my head hurts for the 3rd day. There is such a problem. 3 servers on all nginx, the first accepts requests from users and redirects them upstream to 2 others. Those two process requests (climb further into the Internet) and perform content filtering with the naxsi module and transfer it to the first one, the latter is returned to the user innginx, conf - the first

#user nobody;worker_processes 1;worker_rlimit_nofile 16384;#pid logs/nginx.pid;events { worker_connections 5000; use epoll;}http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; resolver 8.8.8.8;upstream blabla.net { server 172.16.168.2:80; server 172.16.168.3:80;}upstream www.blabla.net { server 172.16.168.2:80; server 172.16.168.3:80;} server { listen ip:80; server_name blabla.net; location / { proxy_pass $scheme://$host$uri$is_args$args; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }}

Setup 2nd and 3rd identical -

 #user nobody;worker_processes 1;worker_rlimit_nofile 16384;#pid logs/nginx.pid;events { worker_connections 2048;use epoll;}http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; tcp_nodelay on; #gzip on; resolver 8.8.8.8; include /etc/nginx/conf/naxsi_core.rules; server { listen 172.16.168.2:80; server_name localhost; access_log /etc/nginx/logs/access.log; location / { proxy_pass $scheme://$host$uri$is_args$args; #NAXSI CONF SecRulesEnabled; DeniedUrl "/403"; CheckRule "$ODNO >= 4" BLOCK; BasicRule wl:2; if ($arg_cmd = getLiveSearch) { return 403; } } location /uploadImage { proxy_pass $scheme://$host$uri$is_args$args; } location /403 { return 403; } }}

These settings, the problem in the errora logs is the following

upstream timed out (110: Connection timed out) while reading response header from upstream, client: ip

I can not understand what could be wrong !! The rules all work out, the content filtering works, the proxy works, but there are a lot of errors and they do not stop, who can tell you - thanks in advance!

Answer 1 · 2012-02-18T08:41:54

Probably timeouts are small, the answers do not fit into the time allotted for the delay.

 keepalive_timeout 65;

klarmir

31 2 bronze marks

I changed it to 120, it did not lead to anything. - Ruslan 1
To look in the logs where the packet is sent, it is possible to nowhere, and whether the packet is returned from the Internet to the gateway, if there are no packets to the same address, then there is definitely a problem in timeouts - klarmir

|

Nginx proxy with content filtering

1 answer 1

More articles: