Problems with Tomcat + NGINX

Giacomo Arru - BETA Technologies giacomo at beta.srl
Wed Jul 4 14:17:18 UTC 2018 


Tomcat: 9.0.8 nginx: 1.12.2 




I have this configuration: 




Vaadin 8 application, served via Tomcat 9. 




The application has manual push with websocket transport. 







If I use the app directly from Tomcat, 





-the Websocket connection works correctly. 




-the upload within the app of 10mb files works. 







If I use the application through nginx proxy, 




the upload works for very small files only (max 61440 bytes) and the websocket initially works, but after 30 seconds the application hangs (I think the websocket gets closed). 







This is the nginx configuration: 













nginx.conf 






user nginx; 
worker_processes auto; 
error_log /var/log/nginx/error.log; 
pid /run/nginx.pid; 

# Load dynamic modules. See /usr/share/nginx/README.dynamic. 
include /usr/share/nginx/modules/*.conf; 

events { 
worker_connections 1024; 
} 


http { 
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
'$status $body_bytes_sent "$http_referer" ' 
'"$http_user_agent" "$http_x_forwarded_for"'; 

log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 
'$status $body_bytes_sent "$http_referer" ' 
'"$http_user_agent" "$http_x_forwarded_for" ' 
'"$host" sn="$server_name" ' 
'rt=$request_time ' 
'ua="$upstream_addr" us="$upstream_status" ' 
'ut="$upstream_response_time" ul="$upstream_response_length" ' 
'cs=$upstream_cache_status' ; 

access_log /var/log/nginx/access.log main_ext; 

# Mitigate httpoxy attack (see README for details) 
proxy_set_header Proxy ""; 

include /etc/nginx/mime.types; 
default_type application/octet-stream; 


map $http_upgrade $connection_upgrade { 
default upgrade; 
'' close; 
} 

# Load modular configuration files from the /etc/nginx/conf.d directory. 
# See http://nginx.org/en/docs/ngx_core_module.html#include 
# for more information. 
include /etc/nginx/conf.d/*.conf; 


server { 
listen 80; 
server_name demo.myserver.com; 
# Load configuration files for the default server block. 
include /etc/nginx/default.d/*.conf; 
} 

client_body_buffer_size 10M; 
client_max_body_size 10M; 
gzip on; 
send_timeout 600; 
proxy_connect_timeout 81640; 
proxy_send_timeout 81640; 
proxy_read_timeout 81640; 
proxy_set_header Connection ""; 
proxy_http_version 1.1; 
proxy_buffering off; 
proxy_redirect off; 
proxy_request_buffering off; 
types_hash_max_size 2048; 
sendfile on; 
tcp_nopush on; 
tcp_nodelay on; 

} 







myvhost.conf 






proxy_cache_path /tmp/NGINX_cache-demo/ levels=1:2 keys_zone=demo:10m max_size=100m inactive=1h; 

upstream demo { 
ip_hash; 

server 172.16.1.1:8080 max_fails=0 fail_timeout=3s; 
keepalive 100; 
} 


server { 
listen 80; 
server_name demo.myserver.com; 

# Redirect all HTTP to HTTPS 
location / { 
return 301 https://$server_name$request_uri; 
} 

} 

server { 
server_name demo.impresacloud.com; 

listen 443 ssl http2; # managed by Certbot 
ssl_certificate /etc/letsencrypt/live/demo.impresacloud.com/fullchain.pem; # managed by Certbot 
ssl_certificate_key /etc/letsencrypt/live/demo.impresacloud.com/privkey.pem; # managed by Certbot 
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot 
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot 
access_log /var/log/nginx/access_demo.log main_ext; 
error_log /var/log/nginx/error_demo.log info; 

client_max_body_size 128m; 
# disable unsupported ciphers 
#ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; 

# ssl optimizations 
ssl_session_cache shared:SSL:60m; 
#sl_session_timeout 60m; 
add_header Strict-Transport-Security "max-age=31536000"; 

client_header_timeout 3m; 
client_body_timeout 3m; 


# Risolve loop di redirect 
location = /app/ { 
return 302 /; 
} 
location = /app { 
return 302 /; 
} 

# A location block is needed per URI group 

location / { 

#proxy_read_timeout 300; 
#proxy_connect_timeout 300; 
proxy_cache demo; 
proxy_cookie_path /app /; 
error_page 500 502 503 504 /server_down.html; 

### force timeouts if one of backend is died ## 
#proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 
### Set headers #### 
#proxy_set_header Accept-Encoding ""; 
proxy_set_header X-Forwarded-Host $host; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header X-Forwarded-Server $host; 
proxy_cache_bypass $http_upgrade; 
proxy_set_header Upgrade $http_upgrade; 
proxy_set_header Connection $connection_upgrade; 

proxy_buffering off; 
proxy_ignore_client_abort off; 
proxy_redirect off; 

### Most PHP, Python, Rails, Java App can use this header ### 
#proxy_set_header X-Forwarded-Proto $scheme; 
#add_header Front-End-Https on; 
#proxy_pass_request_headers On; 

#proxy_buffer_size 64k; 
#proxy_buffers 16 32k; 
#proxy_busy_buffers_size 64k; 

#proxy_connect_timeout 3600; 
#proxy_read_timeout 84600s; 
#proxy_send_timeout 84600s; 

#reset_timedout_connection off; 


proxy_pass http://demo/app/; 
} 

location = /server_down.html { 
root /opt/ImpresaCloud/proxy_html/; 
} 


} 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180704/f99c8722/attachment-0001.html>

More information about the nginx mailing list