Bad Decompression error after default ssl_session_timeout

lima nginx-forum at nginx.us
Tue May 22 07:15:31 UTC 2012


Hi,

I have an LB setup with nginx for an ssl enabled site which load balance
with 2 apache servers. All the servers are CentOS5.5* and  OpenSSL
0.9.8e-fips-rhel5 01 Jul 2008. Also we are using the same SSL
certificate on all the 3 servers.

It does load balance perfectly untill 5m. After that it raises an
error:

[crit] 5179#0: *6 SSL_do_handshake() failed (SSL: error:1408F06B:SSL
routines:SSL3_GET_RECORD:bad decompression) while SSL handshaking to
upstream, client: clientip, server: lb.abcd.net, request: "GET /search/
HTTP/1.1", upstream: "https://server1-ip:443/search/", host:
"lb.abcd.net"

This error happens for both server1 and server2. After this, the load
balancer is not working.

The following are the nginx conf.

http {
    include       mime.types;
    default_type  application/octet-stream;
    autoindex off;
    ssi off;
    server_tokens off;

    log_format  main  '$remote_addr [$time_local] - "$request" - '
                      '$status - $body_bytes_sent - "$http_referer"';

    log_format load_b '$remote_addr [$time_local] - "$request" - $status
- '
                      'worker_addr $upstream_addr - '
                      'worker_status $upstream_status - '
                      'worker_response_time $upstream_response_time - '
                      'total_processing_time $request_time - '
                      'content_type $upstream_http_content_type';

    access_log  logs/access.log  main;

    sendfile        on;
    keepalive_timeout  65;

    gzip  on;
    gzip_http_version   1.1;
    gzip_proxied     expired no-cache no-store private auth;
    gzip_types       text/plain application/xml text/css
application/x-javascript text/xml;
    gzip_disable     "MSIE [1-6]\.";

    proxy_ssl_session_reuse on;

    upstream loadbalancer {
        server server1-ip:443  weight=1  max_fails=5 fail_timeout=3m;
        server server2-ip:443 weight=1  max_fails=5 fail_timeout=3m;
    }
server {
        listen       443 ssl;
        server_name   lb.abcd.net;
        location ~* ^.+.(jpg|jpeg|gif|png|ico|css|txt|js|htm|html)$ {
            expires 24h;
            add_header Cache-Control public;
            root   /home/abc/media;
        }

        ssl_certificate      /root/Apache_New_SSL_Keys/abcd.co.uk.crt;
        ssl_certificate_key  /root/Apache_New_SSL_Keys/abcd.key.nopass;
        ssl_session_timeout  3m;
        ssl_protocols  SSLv3;
        
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location / {
           proxy_pass https://loadbalancer;
           access_log logs/access_lb.log load_b;
        }

        error_page  403 templates/403.html;
        error_page  404 templates/404.html;
        error_page   500 502 503 504  /50x.html;

        location = /50x.html {
            alias templates/500.html;
        }
    }
}

What can be the issue? Thanks in advance.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,226705,226705#msg-226705



More information about the nginx mailing list