NGINX Reverse Proxy terminate TCP connection after 5 minutes of inactivity
Kin Seng
ckinseng at gmail.com
Mon Feb 26 11:57:56 UTC 2024
Hi J Carter,
Thank you so much for your suggestions, I did tcpdump concurrently on both
nginx and client app host as well and able to find out that F5 device in
between is sending out RST to both side. Now i am able to exclude Nginx's
configuration as part of the investigation.
On Thu, Feb 22, 2024 at 1:46 AM J Carter <jordanc.carter at outlook.com> wrote:
> Hello,
>
> On Tue, 20 Feb 2024 11:57:27 +0800
> Kin Seng <ckinseng at gmail.com> wrote:
>
> > Hi J Carter,
> >
> > Thank you for your reply.
> > I am capturing the packet from firewall, and the filtering is as per
> below
> > for the previously attached pcap.
>
> I see, I assumed you had run tcpdump on the nginx
> host. I'd reccomend doing that too then (as well as client app host) if
> you have a network firewall in the mix - to see what nginx itself
> truely sends/recieves.
>
> > Source : client app -- Dest : nginx proxy , any port to any port
> >
> > Source : public server -- Dest : nginx proxy , any port to any port
> >
> > Source : nginx proxy -- Dest : client app , any port to any port
> >
> > Source : nginx proxy -- Dest : public server , any port to any port.
> >
>
> It shouldn't be missing such data then - although again, this may be
> specific to the firewall itself.
>
> > Perhaps I will try to do tcpdump from the client app as well.
> >
> > One more info that I notice from client app host, from the netstat
> command,
> > it shows CLOSE_WAIT for the terminated session, it seems like close_wait
> is
> > the symbol that the closing is from external ( in this case client app is
> > connect to nginx proxy), is this right?
>
> close_wait on client would indicate that the other party initated
> connection close (sent the first FIN) - again, firewall makes me more
> skeptical, as it can have it's own timers for closing tcp connection /
> it's own logic.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240226/a25e9965/attachment.htm>
More information about the nginx
mailing list