Am Mittwoch, 3. Mai 2017, 19:32:04 CEST schrieb Luca Toscano: > Hi, > > 2017-05-02 19:18 GMT+02:00 chiasa.men <chiasa.men@xxxxxx>: > > Hi, > > my apache is behind a squid proxy which is configured like that: > > https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite= > > ww1.example.com > > vhost > > acl server20_domains dstdomain ww1.example.com ww2.example.com > > http_access allow server20_domains > > cache_peer server20 parent 443 0 no-query originserver name=server20 > > login=PASSTHRU ssl sslversion=6 > > cache_peer_access server20 allow server20_domains > > cache_peer_access server20 deny all > > > > The idea was to send ww1 and ww2 to server20 which is hosting an apache > > webservice for both sites. > > It works but each time I visit one of those sites the following messages > > appear in apache's logs: > > > > [00:00:39.641665] --- > > [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47122] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47120] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47118] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47124] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47118] AH02001: Connection closed to child 11 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47124] AH02001: Connection closed to child 6 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47120] AH02001: Connection closed to child 5 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47122] AH02001: Connection closed to child 8 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47116] AH01991: SSL input filter > > read > > failed. > > [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47116] AH02001: Connection closed to child 3 with standard shutdown > > (server > > ww1.example.com:443) > > > > The corresponding squid access.log entries would be: > > [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" > > TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 > > "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 > > "https://ww1.example.com/a/"; "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 > > "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 > > "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 > > "https://ww1.example.com/a/"; "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > > > > You can see that approximately after 5s the timeout happens. Is it a > > message > > to worry about? (it is just "info" labled) Why does it occur? > > > > I sent basically the same problem to squid's mailing list because I > > supposed > > squid was the problematic part here. But since they suggested apache could > > be > > the weirdo, I'm asking here > > Thanks for your help > > I'd need to ask you a couple of questions since I am not familiar with > Squid: > > 1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can > you describe a bit more your set up? That, so it seems, was the acutal reason. Thanks for that The default setting for squid is: server_persistent_connections on which means that squid keeps the connections - apache didn't > 2) Can you share your httpd configuration? Do you have any timeout set on > it that might explain this in httpd or Squid (check also default timeouts)? The timeout that happens seems to be the KeepAliveTimeout which is set to 5 (set to 15, the same messages occur simply after 15 seconds) > 3) Not super familiar with Squid but from the logs it seems that a 503 is > logged for https://ww1.example.com/a.. Is it normal? Yes this is intended since the page requested was under maintenance. It was even the only request which did not timeout :D > > Luca If fixed it by setting server_persistent_connections off in squid.conf Thanks for your hints --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|