Hello,
I have a location that proxies to a websocket server. Clients connect over
HTTPS (HTTP2, wss://). Sometimes clients generate the following alerts in
the error log when hitting the websocket location:
2017/10/11 21:03:23 [alert] 34381#34381: *1020125 epoll_ctl(1, 603) failed
(17: File exists) while proxying upgraded connection, client: x.158,
server: www.example.com, request: "GET /websocketpath HTTP/2.0", upstream:
"http://<websocketserver>/<url>", host: "www.example.com"
2017/10/11 21:44:15 [alert] 34374#34374: *1274194 epoll_ctl(1, 1131) failed
(17: File exists) while proxying upgraded connection, client: x.42, server:
www.example.com, request: "GET /websocketpath HTTP/2.0", upstream:
"http://<websocketserver>/<url>",
host: "www.example.com"
Here's the location excerpt:
location /websocketpath {
proxy_read_timeout 300;
proxy_next_upstream off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_pass http://<websocketserver>;
}
Config is otherwise pretty straightforward (static content, fastcgi
backends, no AIO).
nginx is from the nginx.org Debian repository.
nginx version: nginx/1.13.6
built by gcc 6.3.0 20170516 (Debian 6.3.0-18)
built with OpenSSL 1.1.0f 25 May 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-compat --with-file-aio --with-threads --with-http_addition_module
--with-http_auth_request_module --with-http_dav_module
--with-http_flv_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_mp4_module
--with-http_random_index_module --with-http_realip_module
--with-http_secure_link_module --with-http_slice_module
--with-http_ssl_module --with-http_stub_status_module
--with-http_sub_module --with-http_v2_module --with-mail
--with-mail_ssl_module --with-stream --with-stream_realip_module
--with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g
-O2
-fdebug-prefix-map=/data/builder/debuild/nginx-1.13.6/debian/debuild-base/nginx-1.13.6=.
-specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong
-Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC'
--with-ld-opt='-specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro
-Wl,-z,now -Wl,--as-needed -pie'
This seems to have started after upgrading to Debian 9 (which upgraded the
OpenSSL library, allowing ALPN and thus HTTP2 to be usable). Previously the
connections were mostly HTTP/1.1 and I didn't notice any such messages.
Despite the alerts, the access log shows the clients with a 101 status code.
Any idea if this is something on my end I should start looking at, or is
this a possible issue with http2 and websockets?
Thanks,
Rich.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
