Moving SSL termination to the edge increased the instance of 502 errors
Maxim Dounin
mdounin at mdounin.ru
Wed Nov 29 12:42:56 UTC 2017
Hello!
On Wed, Nov 29, 2017 at 04:27:37AM +0000, Michael Ottoson wrote:
> Hi All,
>
> We installed nginx as load balancer/failover in front of two upstream web servers.
>
> At first SSL terminated at the web servers and nginx was configured as TCP passthrough on 443.
>
> We rarely experiences 502s and when it did it was likely due to tuning/tweaking.
>
> About a week ago we moved SSL termination to the edge. Since then we've been getting daily 502s. A small percentage - never reaching 1%. But with ½ million requests per day, we are starting to get complaints.
>
> Stranger: the percentage seems to be rising.
>
> I have more details and a pretty picture here:
>
> https://serverfault.com/questions/885638/moving-ssl-termination-to-the-edge-increased-the-instance-of-502-errors
>
>
> Any advice how to squash those 502s? Should I be worried nginx is leaking?
First of all, you have to find the reason for these 502 errors.
Looking into the error log is a good start.
As per provided serverfault question, you see "no live upstreams"
errors in logs. These errors mean that all configured upstream
servers were disabled due to previous errors (see
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails),
that is, these errors are just a result of previous errors. You
have to find out real errors, they should be in the error log too.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list