No CORS Workaround - SSL Proxy

Maxim Dounin mdounin at mdounin.ru
Sun Jun 22 14:32:16 UTC 2014 

Hello!

On Fri, Jun 20, 2014 at 11:29:39PM +0000, Eric Swenson wrote:

> Hello Maxim,
> 
> On 6/20/14, 3:46 PM, "Maxim Dounin" <mdounin at mdounin.ru> wrote:
> 
> >Hello!
> >
> >On Fri, Jun 20, 2014 at 07:32:36PM +0000, Eric Swenson wrote:
> >
> >[...]
> >
> >> This works fine.  However, every once in a while (say, every
> >> week or so), traffic to https://app.example.com/svc/api/xxxx
> >> returns gateway 502 errors.  The API service (located at
> >> https://svc.example.com/api) is working fine and is accessible
> >> directly.  However, through the proxy setup (above), nginx will
> >> not pass traffic.  Simply restarting nginx gets it working again
> >> for another week or so, only to have it get into the same state
> >> again some random interval later.
> >> 
> >> Does anyone have any ideas what might be causing nginx to fail
> >> to proxy traffic when no changes to the configuration have been
> >> made and the backend service is functioning normally?
> >
> >First of all, it may be a good idea to take a look into error log.
> 
> The only messages in the error log were ones for hours before and for
> hours after the ³problem², of the form:
> 
> 2014/06/17 17:14:16 [error] 28165#0: *1508 no user/password was provided
> for basic authentication, client: 11.12.13.14, server:
> app.test.example.com, request: "GET / HTTP/1.1", host:
> ³app.test.example.com"
> 
> There was nothing related to the 502 errors around the time of the first
> request that failed with a 502 error code.  The access log shows quite a
> few requests failing with a 502 status code from that point forward, up
> until the time that I restarted nginx.

If there is nothing in error logs, and you are getting 502 errors, 
then there are two options:

1. The 502 errors are returned by your backend, not generated by 
   nginx.

2. You did something wrong while configuring error logs and/or you 
   are looking into a wrong log.

In this particular case, I would suggest the latter.

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx mailing list