Weird behavior on SSL, and corruption on reload

orensol nginx-forum at nginx.us
Sun Sep 25 11:14:40 UTC 2011


Hello Maxim,

For now I can't reproduce the problem, if it happens again i'll try to
catch a real backtrace.

Here are the other details. Thanks!



nginx:
nginx version: nginx/0.8.35
built by gcc 4.1.1 20070105 (Red Hat 4.1.1-52)
TLS SNI support disabled
configure arguments: --with-http_ssl_module
--add-module=/root/ngx_cache_purge-1.0



openssl:
OpenSSL 0.9.8b 04 May 2006
built on: Wed Oct 17 18:15:17 EDT 2007
platform: linux-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
blowfish(idx) 
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN
-DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686
-mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic padlock



nginx conf:

user              nginx;
worker_processes  1;
worker_rlimit_nofile 10240;
error_log         /var/log/nginx/error.log warn;
pid               /var/run/nginx.pid;

events {
    worker_connections  10240;
}
 
http {
    include       /usr/local/nginx/conf/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local]
$request '
                      '"$status" $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    log_format cache '***$time_local '
                     '$upstream_cache_status '
                     'Cache-Control: $upstream_http_cache_control '
                     'Expires: $upstream_http_expires '
                     '"$host" "$request" ($status) '
                     '"$http_user_agent" ';
    access_log  /var/log/nginx/cache.log cache;

    sendfile        on;

    keepalive_timeout  65;

    gzip  on;
    gzip_types  text/css text/javascript application/x-javascript;


        proxy_cache_path /mnt/nginx/cache levels=1:2
keys_zone=myzone:50m inactive=2h max_size=3000m;
        proxy_temp_path /mnt/nginx/temp;


	upstream  backend_ssl  {
		        server 10.255.10.255:443;
	}

	server {
	    listen       443;
	    server_name  _;

	    ssl                  on;
	    ssl_certificate      /usr/local/nginx/conf/cert;
	    ssl_certificate_key  /usr/local/nginx/conf/key;

	    ssl_session_timeout  5m;

	    ssl_protocols  SSLv2 SSLv3 TLSv1;
	    ssl_ciphers 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	    ssl_prefer_server_ciphers   on;

		location / {

		        proxy_pass http://backend_ssl;
		        proxy_set_header Host $host;
		        proxy_set_header X-Real-IP $remote_addr;
		        proxy_set_header X-Forwarded-For $remote_addr;
		}

		# static files served locally
		location ~* \.(css|js)$ {
		    root   /home/static;
		}

		# static images served locally and get Expires header
		location ~* \.(jpg|jpeg|gif|png|ico|bmp)$ {
		    root   /home/static;
		    expires 30d;
		}
	}


}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215785,215795#msg-215795



More information about the nginx mailing list