504 Gateway Time-out when calling curl_exec() in PHP with SSL peer verification (CURLOPT_SSL_VERIFYPEER) off

Maxim Dounin mdounin at mdounin.ru
Fri Aug 23 19:23:00 UTC 2013 

Hello!

On Fri, Aug 23, 2013 at 02:41:43PM -0400, Ben Johnson wrote:

> 
> 
> On 8/23/2013 2:05 PM, Maxim Dounin wrote:
> > Hello!
> > 
> > On Fri, Aug 23, 2013 at 12:46:44PM -0400, Ben Johnson wrote:
> > 
> >> Hello,
> >>
> >> I'm seeing a strange problem with nginx (1.5.2 on Windows) and PHP
> >> (5.4.8 on Windows).
> >>
> >> Whenever I make a cURL request with PHP's curl_exec() function to a
> >> secure URL (https protocol), and I disable peer verification, like this
> >>
> >> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
> >>
> >> nginx responds with a "504 Gateway Time-out".
> >>
> >> If I set CURLOPT_SSL_VERIFYPEER to TRUE, nginx responds with a "200 OK",
> >> although curl_exec() returns false, which is expected due to the
> >> verification failure (I'm using a self-signed certificate in nginx).
> >>
> >> I have tried executing the same script under Apache and it functions as
> >> expected with peer verification disabled.
> > 
> > What URL is requested by your script?  Symptoms described suggest 
> > you are requesting some php script from the same server, and 504 
> > is likely due to only one php backend process.
> > 
> 
> Thank you for the quick reply, Maxim! I appreciate it.
> 
> You are exactly right; my script requests another URL on the same server
> (which happens to be localhost in this case).
> 
> Just so I understand the problem, are you saying that the script that
> contains the cURL call (via PHP's curl_exec() function) essentially
> ties-up the only available PHP backend process, which causes curl_exec()
> to time-out when it requests another URL on the same server?
> 
> Is there a solution to this problem?
> 
> My setup is essentially the same as what is described at
> http://wiki.nginx.org/PHPFastCGIOnWindows .

If you are using php-cgi, configuring PHP_FCGI_CHILDREN 
environment variable before starting php-cgi should help.

-- 
Maxim Dounin
http://nginx.org/en/donation.html

More information about the nginx mailing list