504 Gateway Time-out when calling curl_exec() in PHP with SSL peer verification (CURLOPT_SSL_VERIFYPEER) off
Ben Johnson
ben at indietorrent.org
Wed Aug 28 13:44:48 UTC 2013
On 8/26/2013 11:25 AM, Lukas Tribus wrote:
> Hi!
>
>
>> If this were the root cause, wouldn't the cURL call fail in the way way,
>> regardless of the CURLOPT_SSL_VERIFYPEER value? In other words, it
>> doesn't seem like changing this cURL option would change the number of
>> backend processes required to handle the request(s). But I could be wrong.
>
> Yes, it there is a difference. CURLOPT_SSL_VERIFYPEER = true probably masks
> your real problem, because it fails at SSL level (due to certificate
> validation failure; after all, thats why you disabled it, right?).
That's correct!
> So the HTTP request passes only when you disable certificate validation,
> which is way you see the 504 error only when its disabled. That doesn't
> mean there is a problem with curl or SSL. It means there is a problem
> with your backend.
>
Okay; that makes sense.
>
>
>> Any further troubleshooting tips would be much appreciated.
>
> Triple check that your backend can handle multiple requests simultanously
> and that your script doesn't somehow create a deadlook (requesting the
> output of itself).
>
Is there a prescribed mechanism for the former (ensuring that the
backend can handle multiple requests simultaneously)? Or should I simply
write a script that, for example, uses a combination of "while" and
"sleep()"to force a lengthy execution time while outputting some type of
progress to indicate that each instance of the script is "alive"?
> Check FCGI logs. If that doesn't help, increment the debug levels on nginx
> and FCGI.
>
By FCGI logs, you mean the PHP logs, correct? Unfortunately, they reveal
nothing, even at maximum verbosity.
I'll try increasing nginx's logging verbosity, though.
>
>
>
> Regards,
>
> Lukas
Thanks for your helpful insights here, Lukas!
-Ben
More information about the nginx
mailing list