Intermittent problems with SSH/nginx/phpmyadmin?
Ian
ian at ianhobson.co.uk
Mon Dec 13 15:22:39 MSK 2010
Hi all,
I'm trying to get to the bottom of a long standing problem. I set up a
SSH tunnel to a VPS, so I could use phpmyadmin - and it almost works.
Here is the set up. Windows 7 with putty to the VPS using
keyfile/passwordless access. This has three tunnels set up
L8080 - localhost:80
L8081 - localhost:81
L8082 - localhost:82
My link to phpmyadmin is "http://localhost:8080/phpmyadmin/index.php"
which should appear from localhost:80 on the VPS.
nginx is set up with a site like this
# server for phpmyadmin
server {
listen localhost:80;
server_name localhost phpmyadmin ;
root /home/ian/websites/example;
index index.htm index.html index.php;
fastcgi_index index.php;
location ^~ /phpmyadmin/ {
root /usr/share;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}
And there are two sites like this (on 81 and 82)
server {
listen localhost:81;
server_name localhost domain;
index index.php;
access_log ....;
root /var/www/<domain>/htdocs;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
location ~ \.pdf$ {
rewrite rules for ,pdf file
}
}
My access to all three sites almost works. In that it works most of the
time, but about 1 click in 5 is lost somewhere. It appears that posts
are more likely to be lost than gets (they are bigger). Repeating the
dropped click usually gets the desired result. The software has never
complained of duplicate posts. Indeed the logs suggest that a dropped
message never arrives.
I have tried many combinations of localhost and 127.0.0.1 from my
machine, and none work better than the above.
But even so, the phpmyadmin site fails about 1 click in 3 or 4 , and
both the 81 and 82 sites fail one click in 5 - for me only.
There is no error message, and nothing in the logs. The symptom is
consistent with windows swallowing the clicks, zone alarm
swallowing it, my firewall (Ubuntu/iptables) swallowing it, SSH
swallowing it, nginx swallowing it, or something strange
with 127.0.0.1 and localhost miss-matching.
Note that console access to the VPS is rock solid, and always has been -
so I don't think the problem is SSH or fire-walling.
Besides, I cannot work out why any link should fail only occasionally.
A miss-configuration would fail 100% or produce a consistent error message.
I am 99.9% certain my ISP is not filtering anything. They say they don't
and "Shields-up" shows all ports as I would expect them - even when I
swap firewalls. Nothing else has ever given a problem to anyone at
home. I've replaced firewalls to no effect. All checks for malware,
viruses and rootkits come up clean.
Some background:
Listening on localhost is so that nginx does not serve these sites to
the internet. It doesn't.
I have 12 users of the sites on ports 81 and 82 - and no complaints of
unreliable connections over 9 months.
My users all come in using plink with a command built like this in a .js
file:
var cmd = "plink -ssh -2 -L 8080:127.0.0.1:81 -N -i "+keyfile+"
"+user+"@" + ipaddress;
var oExec = WshShell.run(cmd,7,true);
The things unique about my setup that I know are:
its the only 64 bit version of windows
its the only one using Putty and not PLink.
Can anyone point out what might be wrong. I'm stumped.
Thanks
Ian
More information about the nginx
mailing list