SSL NGINX + SSL IIS Update

Fixid nginx-forum на nginx.us
Пн Ноя 14 11:14:03 UTC 2011


Здравствуйте, в логах сново появились
такие строчки:

- - [14/Nov/2011:12:04:53 +0300] "GET / HTTP/1.1" 302 154 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
- - [14/Nov/2011:12:04:58 +0300] "-" 400 0 "-" "-" "-"
- - [14/Nov/2011:12:05:20 +0300] "GET / HTTP/1.1" 200 4142 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"

- - [14/Nov/2011:13:12:14 +0300] "-" 400 0 "-" "-" "-"
- - [14/Nov/2011:13:12:37 +0300] "GET / HTTP/1.1" 200 4144 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"

- - [14/Nov/2011:12:04:53 +0300] "GET / HTTP/1.1" 302 154 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
- - [14/Nov/2011:12:04:58 +0300] "-" 400 0 "-" "-" "-"
- - [14/Nov/2011:12:05:20 +0300] "GET / HTTP/1.1" 200 4142 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"

2011/11/14 14:02:24 [crit] 11819#0: *26 rename() "/var/www/0000000013"
to "/var/www/" failed (20: Not a directory) while reading upstream,
client: 111.222.333.444, server: www.test.com, request: "GET /
HTTP/1.1", upstream: "https://IIS:500/", host: "www.test.com"

Установка соединения с сайтом идет
очень долго, потом контент отдается за
пару секунд.
Можете подсказать какие есть ошибки в
конф файлах? И что можно еще подправить
для ускорения отклика.
IIS на Win2008

nginx.conf:

user  nginx;
worker_processes  4;
worker_rlimit_nofile 100000;
timer_resolution 100ms;


error_log   /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  5024;
    use epoll;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local]
"$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens   off;
    gzip            on;
    gzip_static     on;
    gzip_comp_level 5;
    gzip_min_length 1024;
    keepalive_timeout  25;
    limit_zone   myzone  $binary_remote_addr  10m;

    # Load config files from the /etc/nginx/conf.d directory
    include /etc/nginx/conf.d/*.conf;

    server {
        listen 80 default;
        rewrite ^ https://www.test.com/;
    }
}

#
# HTTPS server configuration
#
upstream backend-secure {
  server www.test.com:443;
  }

server {
    listen       443 default;
    server_name  www.test.com ;
    server_tokens off;
    ##########################
    #  GZIP
    ##########################
    gzip             on;
    gzip_min_length  15;
    gzip_buffers 16 8k;
    gzip_proxied     any;
    gzip_disable     "msie6";
    gzip_comp_level  5;
    #########################
    #  SSL
    #########################
    keepalive_timeout 60s;
    sendfile        on;
    tcp_nodelay on;
    expires 10s; #сколько хранить кэш
    ssl                  on;
    ssl_certificate      /etc/nginx/conf.d/certificate.cer;
    ssl_certificate_key  /etc/nginx/conf.d/rsa.key;

    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  20m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    if ($host = "test.com" ) {
    rewrite ^ https://www.test.com/;
}
    location / {
        proxy_pass https://IIS:500/;
        proxy_redirect off;
        proxy_ignore_client_abort off;
        proxy_connect_timeout 600;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_ignore_headers Expires Cache-Control;
        proxy_hide_header Vary;
        proxy_ssl_session_reuse on;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # кэш ответа бэкэнда
        proxy_store on;
        proxy_store_access user:rw group:rw all:r;
        proxy_temp_path /var/www/;
        root /var/www/;
        ########################
        # proxy
        #######################
        #proxy_cache on;
    }

    #######################
    #  Statistic
    #######################
    location = /stat {
        stub_status on;
        access_log  off;
        allow 111.222.333.444;
        deny all;
    }
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?21,218301,218301#msg-218301



Подробная информация о списке рассылки nginx-ru