nginx error (connect() failed, 61 "Connection refused", but everything works)

Gerben Wierda gerben.wierda at rna.nl
Wed Aug 15 10:02:27 UTC 2018 

I have a set of minio (S3-compatoble block storage) servers running behind nginx on macOS High Sierra. While everything seems to work OK, I have noticed an unexplained error in the nginx logs.
For instance, when I use minio’s mc to ls a file:
   mc ls nginx/gerbentest/duplicati-ifdb6b7ac174b4e5094b04e7321d10c6b.dindex.zip.aes
mc reports (as expected):
   [2017-12-21 20:36:41 CET]  36KiB duplicati-ifdb6b7ac174b4e5094b04e7321d10c6b.dindex.zip.aes

So, everything works. So does duplicati (the backup solution that uses those mini backends). I can also connect direct to the servers and it works fine.

But nginx reports (apparently once per session):
   2018/08/15 11:34:48 [error] 242#0: *881 kevent() reported that connect() failed (61: Connection refused) while connecting to upstream, client: 192.168.2.67, server: MYHOST, request: “GET /gerbentest/?delimiter=%2F&max-keys=1000&prefix=duplicati-ifdb6b7ac174b4e5094b04e7321d10c6b.dindex.zip.aes HTTP/1.1”, upstream: “http://[::1]:9003/gerbentest/?delimiter=%2F&max-keys=1000&prefix=duplicati-ifdb6b7ac174b4e5094b04e7321d10c6b.dindex.zip.aes”, host: “MYHOST:9000”

I’d like to find out why this happens. Can someone help me find the cause of these errors? The config for the minio servers is:

server {
    listen              9000 ssl;
    server_name         MYHOST;
    ssl_certificate     minio_certificate_chained.crt;
    ssl_certificate_key minio_certificate.key;
    ssl_protocols       TLSv1.2;
    proxy_buffering     off;
    client_max_body_size 1000m;
    location / {
        proxy_set_header Host $http_host;
        if ($http_authorization ~* "^AWS4-HMAC-SHA256 Credential=REMOVED") {
            proxy_pass http://localhost:9001;
        }
        if ($http_authorization ~* "^AWS4-HMAC-SHA256 Credential=REMOVED") {
            proxy_pass http://localhost:9002;
        }
        if ($http_authorization ~* "^AWS4-HMAC-SHA256 Credential=REMOVED") {
            proxy_pass http://localhost:9003;
        }
        if ($http_authorization ~* "^AWS4-HMAC-SHA256 Credential=REMOVED") {
            proxy_pass http://localhost:9004;
        }
    }
}


Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180815/b5e12b0d/attachment-0001.html>

More information about the nginx mailing list