Hi, 2017-05-02 19:18 GMT+02:00 chiasa.men <chiasa....@web.de>:
> Hi, > my apache is behind a squid proxy which is configured like that: > https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite= > ww1.example.com > vhost > acl server20_domains dstdomain ww1.example.com ww2.example.com > http_access allow server20_domains > cache_peer server20 parent 443 0 no-query originserver name=server20 > login=PASSTHRU ssl sslversion=6 > cache_peer_access server20 allow server20_domains > cache_peer_access server20 deny all > > The idea was to send ww1 and ww2 to server20 which is hosting an apache > webservice for both sites. > It works but each time I visit one of those sites the following messages > appear in apache's logs: > > [00:00:39.641665] --- > [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47122] AH01991: SSL input filter > read > failed. > [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47120] AH01991: SSL input filter > read > failed. > [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47118] AH01991: SSL input filter > read > failed. > [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47124] AH01991: SSL input filter > read > failed. > [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47118] AH02001: Connection closed to child 11 with standard shutdown > (server > ww1.example.com:443) > [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47124] AH02001: Connection closed to child 6 with standard shutdown (server > ww1.example.com:443) > [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47120] AH02001: Connection closed to child 5 with standard shutdown (server > ww1.example.com:443) > [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47122] AH02001: Connection closed to child 8 with standard shutdown (server > ww1.example.com:443) > [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47116] AH01991: SSL input filter > read > failed. > [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47116] AH02001: Connection closed to child 3 with standard shutdown (server > ww1.example.com:443) > > The corresponding squid access.log entries would be: > [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" > TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 > "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 > "https://ww1.example.com/a/"; "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 > "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 > "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 > "https://ww1.example.com/a/"; "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > You can see that approximately after 5s the timeout happens. Is it a > message > to worry about? (it is just "info" labled) Why does it occur? > > I sent basically the same problem to squid's mailing list because I > supposed > squid was the problematic part here. But since they suggested apache could > be > the weirdo, I'm asking here > Thanks for your help > I'd need to ask you a couple of questions since I am not familiar with Squid: 1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can you describe a bit more your set up? 2) Can you share your httpd configuration? Do you have any timeout set on it that might explain this in httpd or Squid (check also default timeouts)? 3) Not super familiar with Squid but from the logs it seems that a 503 is logged for https://ww1.example.com/a.. Is it normal? Luca
