Answer the question
In order to leave comments, you need to log in
Nginx + Apache2 + Mod_dav + SSL = Could not send request body: SSL socket write failed. How to overcome it?
Available:
Frontend on Nginx on port 443 with SSL, which proxies requests to the backend on Apache2 + mod_dav.
If you upload small files, then everything is fine, but if you take a large file (from 1GB), then it is only partially uploaded, and Could not send request body: SSL socket write failed
. If you upload the same file bypassing the frontend, then everything fine. Those. it loads successfully
. I rummaged through the entire Nginx config, unscrewed all the timeouts to seven-digit values, but the error still remained.
I have no idea what else can be done. Who can faced similar?
Nginx config
user www-data;
worker_processes auto;
worker_rlimit_nofile 8192;
worker_priority -5;
pid /run/nginx.pid;
events {
worker_connections 2048;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
client_body_buffer_size 10K;
client_header_buffer_size 2k;
client_max_body_size 100k;
large_client_header_buffers 4 16k;
limit_conn_zone $binary_remote_addr zone=limits:5m;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 30;
keepalive_requests 100;
send_timeout 2;
reset_timedout_connection on;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
open_file_cache max=1024 inactive=600s;
open_file_cache_valid 2000s;
open_file_cache_min_uses 1;
open_file_cache_errors on;
gzip on;
gzip_min_length 1024;
gzip_buffers 64 8k;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/ssl/session_ticket.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/trusted.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!eNULL:!aNULL:!DSS;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_ecdh_curve secp384r1;
map $http_host $pkp {
hostnames;
example.com "SP8WsiC7PTvn6Bkw6LS/bnrGCZFF/gk0PVOPV5XwOX4=";
www.example.com "SP8WsiC7PTvn6Bkw6LS/bnrGCZFF/gk0PVOPV5XwOX4=";
api.example.com "gTJrhw+cdA8kSCiIlqfXxKzSoK9XGxpS7U5XHVPdfbQ=";
webdav.example.com "vPmf2EqKUmrPzaitZCt00fQ8Xod3fp9chfEy5LW1Xkw=";
report.example.com "r6eRs3tLLfeUfwqRGiojC8ym6YEM6YV9JEnoK1qP4F4=";
}
add_header Public-Key-Pins "pin-sha256=$pkp; max-age=2592000; report-uri=https://report.example.com/pkp";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block; report=https://report.example.com/xss";
add_header Content-Security-Policy "default-src 'self' example.com *.example.com";
add_header X-Content-Security-Policy "default-src 'self' example.com *.example.com";
}
server {
listen 80;
server_name webdav.example.com;
limit_conn limits 5;
rewrite ^ https://webdav.example.com$request_uri? last;
}
server {
listen 443 ssl spdy;
server_name webdav.example.com;
root /var/www/webdav;
index /index;
limit_conn limits 5;
if ($host !~ ^webdav.example.com) { rewrite ^ https://webdav.example.com$request_uri? last; }
try_files $uri $uri/ = @40x;
ssl on;
ssl_certificate /etc/nginx/ssl/webdav.ssl.crt;
ssl_certificate_key /etc/nginx/ssl/webdav.ssl.key;
location ^~ / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/webdav.htpasswd;
rewrite ^([^.]*[^/])$ $1/ permanent;
client_max_body_size 100G;
client_body_buffer_size 2M;
set $destination $http_destination;
if ( $http_destination ~* ^https(.*)$ ) { set $destination http$1; }
proxy_set_header Destination $destination;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 120;
proxy_send_timeout 120;
proxy_read_timeout 180;
}
error_page 502 503 504 @50x;
location @50x {
access_log off;
root /var/www;
rewrite ^(.*)$ /static/error/50x.html break;
}
error_page 403 404 405 @40x;
location @40x {
access_log off;
root /var/www;
rewrite ^(.*)$ /static/error/40x.html break;
}
}
Answer the question
In order to leave comments, you need to log in
Found a solution. It turns out that there is such a parameter in nginx as lingering_time.
It sets the maximum time during which nginx will process data coming from the client. After this time, the connection will be closed, even if there is more data. By default, it is set to 30 seconds.
In the location section, I wrote lingering_time 86400;, i.e. day, no matter what. The problem is gone
dobi don’t fit into nginx, increase the max body size you need to
easily see the error in the nginx logs
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question