504 Gateway Time-out when calling curl_exec() in PHP with SSL peer verification (CURLOPT_SSL_VERIFYPEER) off

Ben Johnson ben at indietorrent.org
Wed Aug 28 13:44:48 UTC 2013



On 8/26/2013 11:25 AM, Lukas Tribus wrote:
> Hi!
> 
> 
>> If this were the root cause, wouldn't the cURL call fail in the way way,
>> regardless of the CURLOPT_SSL_VERIFYPEER value? In other words, it
>> doesn't seem like changing this cURL option would change the number of
>> backend processes required to handle the request(s). But I could be wrong.
> 
> Yes, it there is a difference. CURLOPT_SSL_VERIFYPEER = true probably masks
> your real problem, because it fails at SSL level (due to certificate
> validation failure; after all, thats why you disabled it, right?).

That's correct!

> So the HTTP request passes only when you disable certificate validation,
> which is way you see the 504 error only when its disabled. That doesn't
> mean there is a problem with curl or SSL. It means there is a problem
> with your backend.
> 

Okay; that makes sense.

> 
> 
>> Any further troubleshooting tips would be much appreciated.
> 
> Triple check that your backend can handle multiple requests simultanously
> and that your script doesn't somehow create a deadlook (requesting the
> output of itself).
> 

Is there a prescribed mechanism for the former (ensuring that the
backend can handle multiple requests simultaneously)? Or should I simply
write a script that, for example, uses a combination of "while" and
"sleep()"to force a lengthy execution time while outputting some type of
progress to indicate that each instance of the script is "alive"?

> Check FCGI logs. If that doesn't help, increment the debug levels on nginx
> and FCGI.
> 

By FCGI logs, you mean the PHP logs, correct? Unfortunately, they reveal
nothing, even at maximum verbosity.

I'll try increasing nginx's logging verbosity, though.

> 
> 
> 
> Regards,
> 
> Lukas 		 	   		  

Thanks for your helpful insights here, Lukas!

-Ben





More information about the nginx mailing list