Random rewrite/proxy_pass timeouts

[patweb99]

I'm seeing some strange behavior with nginx. I using it to proxy requests
from one domain to another. What I'm seeing is at times requests to
help.example.com start hanging. In order to fix it I need to either reload
or restart the nginx service, which makes me think it's a resource issue but
thought I'd check here first. Has anyone experienced anything like this
before?

Here are a few technical details:
- nginx version: nginx/1.10.1
- t2.small in AWS
- Fronted by a classic ELB

I've also attached my nginx.conf and site.conf for reference. I have a few
other sites in use that also use proxy_pass and it works just fine. So I'm
thinking it may have something to do with the rewrite, but not 100% sure. 

ngnix.conf
include /usr/share/nginx/modules/*;

# nginx Configuration File
# http://wiki.nginx.org/Configuration

# Run as a less privileged user for security reasons.
user www-data;

# How many worker threads to run;
# "auto" sets it to the number of CPU cores available in the system, and
# offers the best performance. Don't set it higher than the number of CPU
# cores if changing this parameter.

# The maximum number of connections for Nginx is calculated by:
# max_clients = worker_processes * worker_connections
worker_processes 1;

# Maximum open file descriptors per process;
# should be > worker_connections.
worker_rlimit_nofile 8192;

events {
  # When you need > 8000 * cpu_cores connections, you start optimizing your
OS,
  # and this is probably the point at which you hire people who are smarter
than
  # you, as this is *a lot* of requests.
  worker_connections 8000;
}

# Default error log file
# (this is only used when you don't override error_log on a server{} level)
# options are also notice and info
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

http {

  # Hide nginx version information.
  server_tokens off;

  # Define the MIME types for files.
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  # Update charset_types due to updated mime.types
  charset_types text/xml text/plain text/vnd.wap.wml
application/x-javascript application/rss+xml text/css application/javascript
application/json;

  # Format to use in log files
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  # Default log file
  # (this is only used when you don't override access_log on a server{}
level)
  access_log /var/log/nginx/access.log main;

  # How long to allow each connection to stay idle; longer values are
better
  # for each individual client, particularly for SSL, but means that worker
  # connections are tied up longer. (Default: 65)
  keepalive_timeout 35;

  # Speed up file transfers by using sendfile() to copy directly
  # between descriptors rather than using read()/write().
  sendfile        on;

  # Tell Nginx not to send out partial frames; this increases throughput
  # since TCP frames are filled up before being sent out. (adds TCP_CORK)
  tcp_nopush      on;

  # Compression
  # Enable Gzip compressed.
  gzip on;

  # Compression level (1-9).
  # 5 is a perfect compromise between size and cpu usage, offering about
  # 75% reduction for most ascii files (almost identical to level 9).
  gzip_comp_level    5;

  # Don't compress anything that's already small and unlikely to shrink
much
  # if at all (the default is 20 bytes, which is bad as that usually leads
to
  # larger files after gzipping).
  gzip_min_length    256;

  # Compress data even for clients that are connecting to us via proxies,
  # identified by the "Via" header (required for CloudFront).
  gzip_proxied       any;

  # Tell proxies to cache both the gzipped and regular version of a
resource
  # whenever the client's Accept-Encoding capabilities header varies;
  # Avoids the issue where a non-gzip capable client (which is extremely
rare
  # today) would display gibberish if their proxy gave them the gzipped
version.
  gzip_vary          on;

  # Compress all output labeled with one of the following MIME-types.
  gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rdf+xml
    application/rss+xml
    application/schema+json
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-javascript
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/eot
    font/opentype
    image/bmp
    image/svg+xml
    image/vnd.microsoft.icon
    image/x-icon
    text/cache-manifest
    text/css
    text/javascript
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy
    text/xml;
  # text/html is always compressed by HttpGzipModule

  # This should be turned on if you are going to have pre-compressed copies
(.gz) of
  # static files available. If not it should be left off as it will cause
extra I/O
  # for the check. It is best if you enable this in a location{} block for
  # a specific directory, or on an individual server{} level.
  # gzip_static on;

  # For behind a load balancer
  real_ip_header X-Forwarded-For;
  set_real_ip_from 0.0.0.0/0;

  client_max_body_size 100m;

  # default blank catch-all
  server {
    listen 80 default_server;
    root /var/www/html/default;
    index index.html;
  }

  # Include files in the sites-enabled folder. server{} configuration files
should be
  # placed in the sites-available folder, and then the configuration should
be enabled
  # by creating a symlink to it in the sites-available folder.
  # See doc/sites-enabled.md for more info.
  include /etc/nginx/sites-enabled/*;
}

site.conf
server {
      listen      80;

      server_name help.example.com;

      access_log  /var/log/nginx/access.log access;
      error_log   /var/log/nginx/error.log error;

      location /assets/ {
          proxy_pass                https://site.help/assets/;
          proxy_set_header          Host site.help;
          proxy_set_header          X-Real-IP $remote_addr;
          proxy_set_header          X-Forwarded-Proto https;
          proxy_set_header          X-Scheme https;
      }

      location /_api/ {
          proxy_pass                https://site.help/_api/;
          proxy_set_header          Host site.help;
          proxy_set_header          X-Real-IP $remote_addr;
          proxy_set_header          X-Forwarded-Proto https;
          proxy_set_header          X-Scheme https;
      }

      location / {
          rewrite                   ^/(.*)/$ /example/$1/ permanent;
          proxy_pass                https://site.help;
          proxy_set_header          Host help.site.com;
          proxy_set_header          X-Real-IP $remote_addr;
          proxy_set_header          X-Forwarded-Proto https;
      }

      # Deny config files
      location ~* \.(sh|lock|json)$ {
          deny all;
      }

      # Deny any hidden and old version of files
      location ~ /\.          { access_log off; log_not_found off; deny all;
}
      location ~ ~$           { access_log off; log_not_found off; deny all;
}
 }

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272887,272887#msg-272887