Am Freitag, 12. Mai 2017, 12:23:49 CEST schrieb chiasa.men: > Am Mittwoch, 3. Mai 2017, 19:32:04 CEST schrieb Luca Toscano: > > Hi, > > > > 2017-05-02 19:18 GMT+02:00 chiasa.men <chiasa.men@xxxxxx>: > > > Hi, > > > my apache is behind a squid proxy which is configured like that: > > > https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite= > > > ww1.example.com > > > vhost > > > acl server20_domains dstdomain ww1.example.com ww2.example.com > > > http_access allow server20_domains > > > cache_peer server20 parent 443 0 no-query originserver name=server20 > > > login=PASSTHRU ssl sslversion=6 > > > cache_peer_access server20 allow server20_domains > > > cache_peer_access server20 deny all > > > > > > The idea was to send ww1 and ww2 to server20 which is hosting an apache > > > webservice for both sites. > > > It works but each time I visit one of those sites the following messages > > > appear in apache's logs: > > > > > > [00:00:39.641665] --- > > > [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47122] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47120] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47118] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47124] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47118] AH02001: Connection closed to child 11 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47124] AH02001: Connection closed to child 6 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47120] AH02001: Connection closed to child 5 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47122] AH02001: Connection closed to child 8 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47116] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47116] AH02001: Connection closed to child 3 with standard shutdown > > > (server > > > ww1.example.com:443) > > > > > > The corresponding squid access.log entries would be: > > > [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" > > > TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 > > > "https://ww1.example.com/a/"; "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 > > > "https://ww1.example.com/a/"; "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > > > > > > > You can see that approximately after 5s the timeout happens. Is it a > > > message > > > to worry about? (it is just "info" labled) Why does it occur? > > > > > > I sent basically the same problem to squid's mailing list because I > > > supposed > > > squid was the problematic part here. But since they suggested apache > > > could > > > be > > > the weirdo, I'm asking here > > > Thanks for your help > > > > I'd need to ask you a couple of questions since I am not familiar with > > Squid: > > > > 1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can > > you describe a bit more your set up? > > That, so it seems, was the acutal reason. Thanks for that > The default setting for squid is: > server_persistent_connections on > which means that squid keeps the connections - apache didn't > > > 2) Can you share your httpd configuration? Do you have any timeout set on > > it that might explain this in httpd or Squid (check also default > > timeouts)? > > The timeout that happens seems to be the KeepAliveTimeout which is set to 5 > (set to 15, the same messages occur simply after 15 seconds) > > > 3) Not super familiar with Squid but from the logs it seems that a 503 is > > logged for https://ww1.example.com/a.. Is it normal? > > Yes this is intended since the page requested was under maintenance. It was > even the only request which did not timeout :D > > > Luca > > If fixed it by setting > server_persistent_connections off in squid.conf The better fix would be to leave the server_persistent_connections on and increase apache's KeepAliveTimeout to squids persistent_request_timeout (of 2 minutes) That way squid can reuse the connections (I just didn't know about the timeout config) > > Thanks for your hints --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|