Problems with Tomcat + NGINX
Igor A. Ippolitov
iippolitov at nginx.com
Wed Jul 4 16:30:29 UTC 2018
Giacomo,
Have a look at nginx error and access logs.
Most likely, that's tomcat default timeout fires.
Regards,
Igor.
On 04.07.2018 17:17, Giacomo Arru - BETA Technologies wrote:
>
> Tomcat: 9.0.8 nginx: 1.12.2
>
>
> I have this configuration:
>
>
> Vaadin 8 application, served via Tomcat 9.
>
>
> The application has manual push with websocket transport.
>
>
>
> *If I use the app directly from Tomcat,*
>
>
> -the Websocket connection works correctly.
>
>
> -the upload within the app of 10mb files works.
>
>
>
> *If I use the application through nginx proxy,*
>
>
> the upload works for very small files only (max 61440 bytes) and the
> websocket initially works, but after 30 seconds the application hangs
> (I think the websocket gets closed).
>
>
>
> This is the nginx configuration:
>
>
>
>
>
> *nginx.conf*
>
>
>
> user nginx;
> worker_processes auto;
> error_log /var/log/nginx/error.log;
> pid /run/nginx.pid;
>
> # Load dynamic modules. See /usr/share/nginx/README.dynamic.
> include /usr/share/nginx/modules/*.conf;
>
> events {
> worker_connections 1024;
> }
>
>
> http {
> log_format main '$remote_addr - $remote_user [$time_local]
> "$request" '
> '$status $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for"';
>
> log_format main_ext '$remote_addr - $remote_user [$time_local]
> "$request" '
> '$status $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for" '
> '"$host" sn="$server_name" '
> 'rt=$request_time '
> 'ua="$upstream_addr" us="$upstream_status" '
> 'ut="$upstream_response_time" ul="$upstream_response_length" '
> 'cs=$upstream_cache_status' ;
>
> access_log /var/log/nginx/access.log main_ext;
>
> # Mitigate httpoxy attack (see README for details)
> proxy_set_header Proxy "";
>
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
>
> map $http_upgrade $connection_upgrade {
> default upgrade;
> '' close;
> }
>
> # Load modular configuration files from the /etc/nginx/conf.d
> directory.
> # See http://nginx.org/en/docs/ngx_core_module.html#include
> # for more information.
> include /etc/nginx/conf.d/*.conf;
>
>
> server {
> listen 80;
> server_name demo.myserver.com;
> # Load configuration files for the default server block.
> include /etc/nginx/default.d/*.conf;
> }
>
> client_body_buffer_size 10M;
> client_max_body_size 10M;
> gzip on;
> send_timeout 600;
> proxy_connect_timeout 81640;
> proxy_send_timeout 81640;
> proxy_read_timeout 81640;
> proxy_set_header Connection "";
> proxy_http_version 1.1;
> proxy_buffering off;
> proxy_redirect off;
> proxy_request_buffering off;
> types_hash_max_size 2048;
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
>
> }
>
>
>
> *myvhost.conf*
>
>
>
>
> proxy_cache_path /tmp/NGINX_cache-demo/ levels=1:2 keys_zone=demo:10m
> max_size=100m inactive=1h;
>
> upstream demo {
> ip_hash;
>
> server 172.16.1.1:8080 max_fails=0 fail_timeout=3s;
> keepalive 100;
> }
>
>
> server {
> listen 80;
> server_name demo.myserver.com;
>
> # Redirect all HTTP to HTTPS
> location / {
> return 301 https://$server_name$request_uri;
> }
>
> }
>
> server {
> server_name demo.impresacloud.com;
>
> listen 443 ssl http2; # managed by Certbot
> ssl_certificate
> /etc/letsencrypt/live/demo.impresacloud.com/fullchain.pem; # managed
> by Certbot
> ssl_certificate_key
> /etc/letsencrypt/live/demo.impresacloud.com/privkey.pem; # managed by
> Certbot
> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
> access_log /var/log/nginx/access_demo.log main_ext;
> error_log /var/log/nginx/error_demo.log info;
>
> client_max_body_size 128m;
> # disable unsupported ciphers
> #ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
>
> # ssl optimizations
> ssl_session_cache shared:SSL:60m;
> #sl_session_timeout 60m;
> add_header Strict-Transport-Security "max-age=31536000";
>
> client_header_timeout 3m;
> client_body_timeout 3m;
>
>
> # Risolve loop di redirect
> location = /app/ {
> return 302 /;
> }
> location = /app {
> return 302 /;
> }
>
> # A location block is needed per URI group
>
> location / {
>
> #proxy_read_timeout 300;
> #proxy_connect_timeout 300;
> proxy_cache demo;
> proxy_cookie_path /app /;
> error_page 500 502 503 504 /server_down.html;
>
> ### force timeouts if one of backend is died ##
> #proxy_next_upstream error timeout invalid_header http_500
> http_502 http_503 http_504;
> ### Set headers ####
> #proxy_set_header Accept-Encoding "";
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Server $host;
> proxy_cache_bypass $http_upgrade;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection $connection_upgrade;
>
> proxy_buffering off;
> proxy_ignore_client_abort off;
> proxy_redirect off;
>
> ### Most PHP, Python, Rails, Java App can use this header ###
> #proxy_set_header X-Forwarded-Proto $scheme;
> #add_header Front-End-Https on;
> #proxy_pass_request_headers On;
>
> #proxy_buffer_size 64k;
> #proxy_buffers 16 32k;
> #proxy_busy_buffers_size 64k;
>
> #proxy_connect_timeout 3600;
> #proxy_read_timeout 84600s;
> #proxy_send_timeout 84600s;
>
> #reset_timedout_connection off;
>
>
> proxy_pass http://demo/app/;
> }
>
> location = /server_down.html {
> root /opt/ImpresaCloud/proxy_html/;
> }
>
>
> }
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180704/ceef9935/attachment-0001.html>
More information about the nginx
mailing list