Strange issue after nginx update

Andrea Soracchi soracchi at
Wed Jun 28 22:21:07 UTC 2017


I have attached part of the ettercap log . 

I have posted a test file of 40MB. 

The delay is 29 second: 

from the last file's chunk at 23:56:06 
to the response of index2.php at 23:56:35 

The nginx's log show: - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" 200 37 "-" "Generic Client" 

Nothing retransmits, SElinux isn't installed and apparmor is stopped. 

Nothing in dmesg... 

Thanks a lot, 

+39 329 0512704 
System Engineer 

+39 0521 24 77 91 
soracchi at 

Da: "Payam Chychi" <pchychi at> 
A: "nginx" <nginx at> 
Inviato: Mercoledì, 28 giugno 2017 19:56:04 
Oggetto: Re: Strange issue after nginx update 

On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < soracchi at > wrote: 

could you please help me solve this issue? I'm getting crazy! 

Before the nginx update my client worked perfectly: it posted files to my website without any delay. 

How, after nginx update (ubuntu 16.04 LTS) I've got this issue: 

- the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. 

I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed 

The nginx server is: 

nginx/1.10.0 (Ubuntu) and its conf is: 

user www-data; 
worker_processes auto; 
pid /run/; 

events { 
worker_connections 768; 
# multi_accept on; 

http { 
sendfile on; 
tcp_nodelay on; 
keepalive_timeout 65; 
types_hash_max_size 2048; 
client_max_body_size 0; 
log_not_found off; 
server_name_in_redirect off; 
client_body_timeout 120s; 
autoindex off; 
include /etc/nginx/mime.types; 
default_type application/octet-stream; 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE 
ssl_prefer_server_ciphers on; 
access_log /var/log/nginx/access.log; 
error_log /var/log/nginx/error.log info; 
gzip on; 
gzip_disable "msie6"; 
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; 
include /etc/nginx/conf.d/*.conf; 
include /etc/nginx/sites-enabled/*; 

and website's php-fpm conf is: 

server { 
listen 80; 
server_name ; 
server_name_in_redirect off; 
autoindex off; 
client_max_body_size 500m; 
index index.html; 
root /home/test/test; 
location ~ \.(php|html|htm|php3)$ { 
try_files $uri 404; 
fastcgi_pass unix:/run/php/mdtest-fpm.sock; 
include fastcgi_params; 

fastcgi_params config: 

fastcgi_param QUERY_STRING $query_string; 
fastcgi_param REQUEST_METHOD $request_method; 
fastcgi_param CONTENT_TYPE $content_type; 
fastcgi_param CONTENT_LENGTH $content_length; 

fastcgi_param SCRIPT_NAME $fastcgi_script_name; 
fastcgi_param REQUEST_URI $request_uri; 
fastcgi_param DOCUMENT_URI $document_uri; 
fastcgi_param DOCUMENT_ROOT $document_root; 
fastcgi_param SERVER_PROTOCOL $server_protocol; 
fastcgi_param REQUEST_SCHEME $scheme; 
fastcgi_param HTTPS $https if_not_empty; 

fastcgi_param GATEWAY_INTERFACE CGI/1.1; 
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 

fastcgi_param REMOTE_ADDR $remote_addr; 
fastcgi_param REMOTE_PORT $remote_port; 
fastcgi_param SERVER_ADDR $server_addr; 
fastcgi_param SERVER_PORT $server_port; 
#fastcgi_param SERVER_NAME $server_name; 
fastcgi_param SERVER_NAME $http_host; 

# PHP only, required if PHP was built with --enable-force-cgi-redirect 
fastcgi_param REDIRECT_STATUS 200; 

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 

Thanks a lot, 

+39 329 0512704 
System Engineer 

+39 0521 24 77 91 
soracchi at 

nginx mailing list 
nginx at nginx 




can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? 

any SElinux security throtelling taking place? anything in dmesg? 



Payam Tarverdyan Chychi 
Network Security Specialist / Network Engineer 

nginx mailing list 
nginx at 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ettercap_dump.txt
URL: <>

More information about the nginx mailing list