Intermittent problems with SSH/nginx/phpmyadmin?

Ian ian at ianhobson.co.uk
Mon Dec 13 15:22:39 MSK 2010


Hi all,

I'm trying to get to the bottom of a long standing problem. I set up a 
SSH tunnel to a VPS, so I could use phpmyadmin - and it almost works.

Here is the set up. Windows 7 with putty to the VPS using 
keyfile/passwordless access. This has three tunnels set up
     L8080  - localhost:80
     L8081  - localhost:81
     L8082  - localhost:82

My link to phpmyadmin is "http://localhost:8080/phpmyadmin/index.php"  
which should appear from localhost:80 on the VPS.

nginx is set up with a site like this

#  server for phpmyadmin
server {
     listen localhost:80;
     server_name localhost phpmyadmin ;
     root /home/ian/websites/example;
     index index.htm index.html index.php;
     fastcgi_index  index.php;
     location ^~ /phpmyadmin/ {
        root /usr/share;
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
     }
     location ~ \.php$ {
       fastcgi_pass 127.0.0.1:9000;
       include  /etc/nginx/fastcgi_params;
    }
}

And there are two sites like this (on 81 and 82)
  server {
     listen localhost:81;
     server_name localhost domain;
     index index.php;
     access_log  ....;
    root  /var/www/<domain>/htdocs;
    location ~ \.php$ {
         fastcgi_pass 127.0.0.1:9000;
        include /etc/nginx/fastcgi_params;
    }
    location ~ \.pdf$ {
       rewrite rules for ,pdf file
    }
}

My access to all three sites almost works. In that it works most of the 
time, but about 1 click in 5 is lost somewhere. It appears that posts 
are more likely to be lost than gets (they are bigger).  Repeating the 
dropped  click usually gets the desired result. The software has never 
complained of duplicate posts. Indeed the logs suggest that a dropped 
message never arrives.

I have tried many combinations of localhost and 127.0.0.1 from my 
machine, and none work better than the above.

But even so, the phpmyadmin site fails about 1 click in 3 or 4 , and 
both the 81 and 82 sites fail one click in 5 - for me only.
There is no error message, and nothing in the logs. The symptom is 
consistent with windows swallowing the clicks, zone alarm
swallowing it, my firewall (Ubuntu/iptables) swallowing it, SSH 
swallowing it, nginx swallowing it, or something strange
with 127.0.0.1 and localhost miss-matching.

Note that console access to the VPS is rock solid, and always has been - 
so I don't think the problem is SSH or fire-walling.
Besides, I cannot work out why any link should fail only occasionally.  
A miss-configuration would fail 100% or produce a consistent error message.

I am 99.9% certain my ISP is not filtering anything. They say they don't 
and "Shields-up" shows all ports as I would expect them - even when I 
swap firewalls.  Nothing else has ever given a problem to anyone at 
home. I've replaced firewalls to no effect.  All checks for malware, 
viruses and rootkits come up clean.

Some background:
Listening on localhost is so that nginx does not serve these sites to 
the internet. It doesn't.

I have 12 users of the sites on ports 81 and 82 - and no complaints of 
unreliable connections over 9 months.

My users all come in using plink with a command built like this in a .js 
file:
var cmd = "plink -ssh -2 -L 8080:127.0.0.1:81 -N -i "+keyfile+" 
"+user+"@" + ipaddress;
var oExec = WshShell.run(cmd,7,true);

The things unique about my setup that I know are:
     its the only 64 bit version of windows
     its the only one using Putty and not PLink.

Can anyone point out what might be wrong. I'm stumped.

Thanks

Ian




More information about the nginx mailing list