Peer closed connection in SSL handshake marking upstream as failed
Steven Hartland
steven.hartland at multiplay.co.uk
Wed Jun 21 15:51:55 UTC 2017
We're seeing an 502 bad gateway responses to client on an nginx load
balanced upstream due to "no live upstreams".
The upstream in question has 2 servers defined with default settings
running over https (proxy_pass https://myupstream).
When this happens we see "no live upstreams while connecting to
upstream" in the nginx error log and just prior to this:
"peer closed connection in SSL handshake (54: Connection reset by peer)
while SSL handshaking to upstream".
We currently believe that the client closing the connection is causing
the upstream to have a failure counted against it.
With the defaults of max_fails=1 and fail_timeout=10 it only takes two
such closes within a 10 second window to take down all upstream nodes
resulting in the "no live upstreams" and hence all subsequent
connections for the next 10 seconds fail instantly with 502 bad gateway.
Does this explanation seem plausible, is this a bug in nginx?
We're currently testing with max_fails=10 as a potential workaround.
Regards
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170621/4b9b014a/attachment-0001.html>
More information about the nginx
mailing list