Connections time out before proxy_connect_timeout
Maxim Dounin
mdounin at mdounin.ru
Wed Aug 31 17:07:58 UTC 2011
Hello!
On Wed, Aug 31, 2011 at 05:31:15PM +0100, John Arundel wrote:
> Hi,
>
> I've got Nginx set up to handle SSL connections, decode them, and
> proxy them to a Java application. Every so often the Java stack pauses
> while it does a GC, and the proxy connections time out. The odd thing
> is that although proxy_connect_timeout is set to 70s, the connections
> are timing out after around twenty seconds.
>
> I tried setting proxy_connect_timeout to a smaller value (10s, say)
> and Nginx does indeed time out the connections after that period, so
> the setting is at least being read. But if you set it to anything
> higher than 22s, it doesn't make any difference - the connections are
> still timed out after 22s with this error:
>
> connect() failed (110: Connection timed out) while connecting to upstream
>
> I have also set proxy_read_timeout to a high value and it makes no
> difference. I can reliably reproduce this issue on both Nginx 1.0.2
> and 1.1.1. Is this a known bug or is there some other setting I should
> look at? Could it be an issue with the backend server (Glassfish)? Or
> related to the SSL listener? Any suggestions appreciated.
Connect timeout is limited by your OS's SYN retransmit count limit
and timeout. Under FreeBSD it's 75s by default (3 retransmits
with exponential backoff: 3s + 6s + 12s + 24s), under Linux it's
looks like something about 20s by default. Looks like you are
hitting this limit.
The only way to enlarge this limit is to tune OS, e.g. on Linux
try adjusting net.ipv4.tcp_syn_retries sysctl.
Maxim Dounin
More information about the nginx
mailing list