Monthly Gateway Timeout

Marc Kramis nginx-forum at
Sat Mar 5 14:18:00 MSK 2011

Hi Maxim, Hi Piotr

nginx -V:

nginx version: nginx/0.8.54
built by Sun C 5.10 SunOS_sparc Patch 141861-06 2010/07/28
TLS SNI support disabled
configure arguments: --with-cc=/opt/sunstudio12.1/bin/cc
--with-cpp=/opt/sunstudio12.1/bin/cc --with-cc-opt='-xtarget=ultraT2plus
-xO5 -I /usr/sfw/include' --with-ld-opt='-R/usr/sfw/lib -L/usr/sfw/lib'
--prefix=/nginx --user=daemon --group=daemon --with-http_ssl_module
--with-pcre=../pcre-8.12 --with-zlib=../zlib-1.2.5

Note that the bug also appeared with optimization level O3.


# --- Basic Configuration

user                        daemon daemon;
error_log                   /nginx/logs/error.log warn;
ssl_engine                  pkcs11;
worker_processes            16;

events {
  worker_connections        256;

# --- HTTP Configuration

http {

  log_format                LOG '$remote_addr - $remote_user
[$time_local] "$request" $status $body_bytes_sent "$http_referer"
  access_log                /nginx/logs/$host.access.log LOG;

  server_tokens             off;

  gzip                      on;
  gzip_vary                 on;
  gzip_proxied              any;
  gzip_types                text/plain text/xml text/css text/javascript
image/svg+xml application/xhtml+xml application/xml application/rss+xml
application/atom+xml application/x-javascript application/json;

  client_body_buffer_size   128k;
  client_max_body_size      256m;
  client_body_temp_path     /nginx/client_body_temp 1 2;

  proxy_read_timeout        3600;
  proxy_redirect            off;
  proxy_pass_header         Set-Cookie;
  proxy_temp_path           /nginx/proxy_temp;

  # --- https://foo -------------------------------------------

  server {

    listen                  446;
    server_name             foo;

    ssl                     on;
    ssl_certificate         /nginx/ssl/foo.crt;
    ssl_certificate_key     /nginx/ssl/foo.key;
    ssl_session_cache       shared:SSL:8m;

    location /bar {
      rewrite               ^/(.*)$ https://foo/bar/ permanent;

    location /bar/ {
      proxy_pass  ;

    location / {
      rewrite               ^/(.*)$ https://foo permanent;


  server {

    listen                  80 default;
    server_name             _;
    server_name_in_redirect off;

    location / {
      rewrite               ^/(.*)$ http://foo permanent;



The error log is full of the following error (only during the
problematic hour):

2011/03/04 08:40:28 [error] 20062#0: *507995 upstream timed out (145:
Connection timed out) while reading response header from upstream,
client: ***IP***, server: ***SERVER***, request: "GET ***URL***
HTTP/1.1", upstream: "***UPSTREAM***", host: "***HOST***", referrer:

I just realized that only during this hour, the firewall lists blocked
outgoing traffic exactly to the client IPs of the error log at random
ports, i.e., I assume that during this hour, nginx mistakenly sends the
proxied request back to the client instead of the internal server.


Posted at Nginx Forum:,180289,180623#msg-180623

More information about the nginx mailing list