Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress

Fabrice Triboix ftriboix at falcon-one.com
Mon Jun 26 11:37:46 UTC 2017 

Hello,

I am trying to use nginx to reverse-proxy a wordpress website. The 
wordpress website works fine when being accessed without nginx in the 
middle.

The problem I am having is that when accessing the home page (which is 
about 50k of html alone), nginx responds with "503 Service Temporarily 
Unavailable" responses. Using wireshark and tcpdump, it looks like what 
happens is that the browser starts requesting elements of the html home 
page (css, pictures, etc.) while the html home has not finished 
downloading yet.

I can see using tcpdump that while the html home page is downloading, 
nginx responds "503 Service Temporarily Unavailable" and does not 
forward the subsequent requests to wordpress. The last item to be 
requested by the browser is the favicon, which is served properly 
because it is requested through the same TCP connection once the home 
page has finished downloading. By contrast, the other elements are 
requested using other TCP connections.

So it looks like nginx decides to responds 503 instead of forwarding 
requests to wordpress because a request is being served.

I am using nginx 1.9.12, it is running in a docker container; the host 
is Ubuntu 16.04. Please find below the config files. I can provide the 
logs as well if necessary. I tried firefox and chrome with the same results.

Thanks a lot for any help!

   Fabrice



nginx.conf:

    user  nginx;
    worker_processes  auto;

    error_log  /var/log/nginx/error.log debug;
    pid        /var/run/nginx.pid;

    worker_rlimit_nofile 1024;

    events {
         worker_connections  1024;
    }


    http {
         include       /etc/nginx/mime.types;
         default_type  application/octet-stream;

         log_format  main  '$remote_addr - $remote_user [$time_local]
    "$request" '
                           '$status $body_bytes_sent "$http_referer" '
                           '"$http_user_agent" "$http_x_forwarded_for"';

         access_log  /var/log/nginx/access.log main;

         sendfile        on;
         #tcp_nopush     on;

         keepalive_timeout  65;

         gzip  off;

         include /etc/nginx/conf.d/*.conf;
    }
    daemon off;



There is only one file in "conf.d/", which is named "default.conf":

    # If we receive X-Forwarded-Proto, pass it through; otherwise, pass
    along the
    # scheme used to connect to this server
    map $http_x_forwarded_proto $proxy_x_forwarded_proto {
       default $http_x_forwarded_proto;
       ''      $scheme;
    }
    # If we receive X-Forwarded-Port, pass it through; otherwise, pass
    along the
    # server port the client connected to
    map $http_x_forwarded_port $proxy_x_forwarded_port {
       default $http_x_forwarded_port;
       ''      $server_port;
    }
    # If we receive Upgrade, set Connection to "upgrade"; otherwise,
    delete any
    # Connection header that may have been passed to this server
    map $http_upgrade $proxy_connection {
       default upgrade;
       '' close;
    }
    # Apply fix for very long server names
    server_names_hash_bucket_size 128;
    # Default dhparam
    ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
    # Set appropriate X-Forwarded-Ssl header
    map $scheme $proxy_x_forwarded_ssl {
       default off;
       https on;
    }
    gzip_types text/plain text/css application/javascript
    application/json application/x-javascript text/xml application/xml
    application/xml+rss text/javascript;
    log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                      '"$request" $status $body_bytes_sent '
                      '"$http_referer" "$http_user_agent"';
    access_log off;
    # HTTP 1.1 support
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Host $http_host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $proxy_connection;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
    proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
    proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
    # Mitigate httpoxy attack (see README for details)
    proxy_set_header Proxy "";
    server {
         server_name _; # This is just an invalid value which will never
    trigger on a real hostname.
         listen 80;
         access_log /var/log/nginx/access.log vhost;
         return 503;
    }
    # incise.co
    upstream incise.co {
                     ## Can be connect with "bridge" network
                 # wp
                 server 172.17.0.4:80;
    }
    server {
         server_name incise.co;
         listen 80 ;
         access_log /var/log/nginx/access.log vhost;
         location / {
             proxy_pass http://incise.co;
         }
    }


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170626/724a9462/attachment-0001.html>

More information about the nginx mailing list