Nginx cache lock always causes 500ms delay - caching

Nginx cache locked requests(http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock) always takes 500ms to respond
$ab -n 2 -c 2 http://192.168.12.103/test1234
access.log:
192.168.12.103 - - [12/Sep/2017:02:34:59 -0700] "GET /test1234 HTTP/1.0" 200 12 "-" "ApacheBench/2.3" "-" 127.0.0.1:9095 0.002 0.002 MISS
192.168.12.103 - - [12/Sep/2017:02:34:59 -0700] "GET /test1234 HTTP/1.0" 200 12 "-" "ApacheBench/2.3" "-" - - 0.502 HIT
I know that it buffers to a temp file and copies it to the cache. But 500ms looks large. Anybody knows why?
Any help would be appreciated.
Setup info:
Test upstream server
cache is located in tmpfs (mount -t tmpfs -o size=512m tmpfs /tmpfs)
nginx version: 1.7.2.1
nginx config
worker_processes 1;
error_log logs/error.log;
daemon off;
pid /var/run/nginx.pid;
events {}
http {
proxy_cache_path /tmpfs/local_cache keys_zone=local_cache:250m levels=1:2 inactive=8s max_size=1G;
proxy_temp_path /tmpfs;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$upstream_addr $upstream_response_time $request_time $upstream_cache_status';
access_log logs/access.log main;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:9095;
proxy_cache local_cache;
proxy_cache_valid 200 2s;
proxy_cache_lock on;
}
}
}

This seems to be the default behaviour. The cache locked requests are locked by worst case 500ms or the time_out value.(source)
If the upstream response times are stable, for cache_lock_timeout any value little above the response time, it will avoid the behaviour. In this particular case we can set about 5ms and the first request will return in 0-1 ms and the locked requests will return within 5-6ms.

Related

*1539 768 worker_connections are not enough while connecting to upstream

Deployed ruby backend api project to digitalocean server, i'm having issues configuring nagix and passenger
when I make this api call "http://159.65.65.203/api/v1/items" using postman i get this error
based on cat /var/log/nginx/error.log
2020/07/08 02:59:11 [alert] 2769#2769: *1539 768 worker_connections are not enough while
connecting to upstream, client: 159.65.65.203, server: borroup.com, request: "GET
/api/v1/items HTTP/1.0", upstream: "http://159.65.65.203:80/api/v1/items", host:
"159.65.65.203"
when i visit http://159.65.65.203/ i get this error
404 Not Found
nginx/1.18.0
using Ubuntu 16.04.6 (LTS) x64 ruby 2.4.1
here is sudo nano /etc/nginx/sites-available/default
upstream app {
server 159.65.65.203:80 fail_timeout=0;
}
# Default server configuration
server {
listen 80;
server_name borroup.com;
allow 159.65.65.203;
# this is where my react-app is located
root /var/www/development/ram/public/;
index index.html index.htm;
# Serve the static content (React app)
location / {
try_files $uri /index.html =404;
}
location /api {
# Insert your public app path
root /your/rails-app/path/public;
proxy_pass http://app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
here is sudo nano /etc/nginx/nginx.conf
user deploy;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
here is netstat -plunta
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2769/nginx:
worker
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
tcp 0 976 159.65.65.203:22 222.186.30.167:11710 ESTABLISHED -
tcp 0 0 159.65.65.203:22 70.176.141.88:54472 ESTABLISHED -
tcp 0 604 159.65.65.203:22 184.101.50.220:55467 ESTABLISHED -
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.1:37075 127.0.0.1:37075 ESTABLISHED -
every time i change port i get similar but different wording errors
Note: This is a backend project does not have front end just used for api's

Why is nginx running on port 8080 but not 81?

Based on brew info nginx the terminal output is telling me that nginx is running on port 8080 by default:
The default port has been set in /usr/local/etc/nginx/nginx.conf to
8080 so that nginx can run without sudo.
This is the full output:
$ brew info nginx
nginx: stable 1.19.0 (bottled), HEAD
HTTP(S) server and reverse proxy, and IMAP/POP3 proxy server
https://nginx.org/
/usr/local/Cellar/nginx/1.19.0 (25 files, 2.1MB) *
Poured from bottle on 2020-06-16 at 17:55:46
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/nginx.rb
==> Dependencies
Required: openssl#1.1 ✔, pcre ✔
==> Options
--HEAD
Install HEAD version
==> Caveats
Docroot is: /usr/local/var/www
The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.
nginx will load all files in /usr/local/etc/nginx/servers/.
To have launchd start nginx now and restart at login:
brew services start nginx
Or, if you don't want/need a background service you can just run:
nginx
==> Analytics
install: 33,973 (30 days), 101,534 (90 days), 407,985 (365 days)
install-on-request: 33,387 (30 days), 99,128 (90 days), 394,576 (365 days)
build-error: 0 (30 days)
My Mac OS is Catalina 10.15
However, when I go to look at the nginx.conf in /usr/local/etc/nginx/nginx.conf I do not see that the nginx port is open on 8080. I see it open on port 81:
server {
listen 81;
server_name localhost;
....
....
When I go to visit http://localhost:8080/ I get the nginx welcome message. However when I go to visit http://localhost:81/ I get a "site can't be reached" ERR_CONNECTION_REFUSED error.
How is nginx running on port 8080 without such a specification in the nginx.conf file? And why is nginx not running on port 81 which the conf appears to suggest it should.
Here's the full nginx.conf:
# cat /usr/local/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 81;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
include servers/*;
}
Have you tried to restart/reload Nginx yet? In order for the configuration change to take effect, you need to reload it.
You can use this command on Mac OSX to reload Nginx: sudo nginx -s reload

connect() to unix:///tmp/web2py.socket failed (13: Permission denied) in mac

I have followed below tutorial to setup nginx+web2py+uwsgi but nginx couldn't access uwsgi socket. below is my configuration file. when i am opening localhost it is showing 502 bad gateway and nginx error log is showing permission denied while trying to access web2py.socket
setup web2py+uwsgi+nginx on ubuntu
nginx conf file in /usr/local/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
error_log /var/log/nginx/nginx_error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name $hostname;
###to enable correct use of response.static_version
location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ {
alias /Users/sudhakar/Desktop/web2py/applications/$1/static/$2;
expires max;
### if you want to use pre-gzipped static files (recommended)
### check scripts/zip_static_files.py and remove the comments
# include /etc/nginx/conf.d/web2py/gzip_static.conf;
}
###
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
### remove the comments if you use uploads (max 10 MB)
#client_max_body_size 10m;
###
}
}
server {
listen 443 default_server ssl;
server_name $hostname;
ssl_certificate /usr/local/etc/nginx/ssl/web2py.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/web2py.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
keepalive_timeout 70;
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
### remove the comments if you want to enable uploads (max 10 MB)
#client_max_body_size 10m;
###
}
###to enable correct use of response.static_version
location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ {
alias /Users/sudhakar/Desktop/web2py/applications/$1/static/$2;
expires max;
### if you want to use pre-gzipped static files (recommended)
### check scripts/zip_static_files.py and remove the comments
# include /etc/nginx/conf.d/web2py/gzip_static.conf;
}
###
}
include servers/*;
}
uwsgi conf file in /etc/uwsgi/web2py.ini
[uwsgi]
socket = /tmp/web2py.socket
chmod-socket = 600
uid = _www
gid = _www
pythonpath = /Users/sudhakar/Desktop/web2py/
mount = /=wsgihandler:application
processes = 4
master = true
harakiri = 60
reload-mercy = 8
cpu-affinity = 1
stats = /tmp/stats.socket
max-requests = 2000
limit-as = 512
reload-on-as = 256
reload-on-rss = 192
touch-reload = /Users/sudhakar/Desktop/web2py/routes.py
cron = 0 0 -1 -1 -1 python /Users/sudhakar/Desktop/web2py/web2py.py -Q -S welcome -M -R scripts/sessions2trash.py -A -o
no-orphans = true
below command is use to run uwsgi
exec /usr/local/bin/uwsgi --ini /etc/uwsgi/web2py.ini
You need to run nginx and uwsgi processes with same user. Alternatively, you can change socket file permission but it's not recommended because of security issues.
Solution 1:
Change #user nobody; line as user _www; in your /usr/local/etc/nginx/nginx.conf file (to run Nginx process with _www user)
Then restart nginx service
Solution 2:
Change chmod-socket = 600 line as chmod-socket = 666 in your /etc/uwsgi/web2py.ini file. (Not recommended)
Then restart uwsgi service

403 Forbidden on Rails app w/ Nginx, Passenger, unix

Hi i am having the 403 error despite following the steps from here
403 Forbidden on Rails app w/ Nginx, Passenger
My app folder permissions
namei -l /home/ubuntu/resume_consumer/current/public
f: /home/ubuntu/resume_consumer/current/public
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x ubuntu ubuntu ubuntu
drwxrwxr-x ubuntu ubuntu resume_consumer
lrwxrwxrwx ubuntu ubuntu current -> /home/ubuntu/resume_consumer/releases/20150815211156
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x ubuntu ubuntu ubuntu
drwxrwxr-x ubuntu ubuntu resume_consumer
drwxrwxr-x ubuntu ubuntu releases
drwxrwxr-x ubuntu ubuntu 20150815211156
drwxrwxr-x ubuntu ubuntu public
The Nginx app is running as nobody
ps waux | grep nginx
root 12005 0.0 0.0 42480 900 ? Ss Jul28 0:00 nginx: master process /opt/nginx/sbin/nginx
nobody 12006 0.0 0.1 42804 2016 ? S Jul28 0:00 nginx: worker process
My nginx config looks as follows
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
passenger_root /home/ubuntu/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.14;
passenger_ruby /home/ubuntu/.rvm/wrappers/ruby-2.2.1/ruby;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name qa.enterprise.getmeed.com;
root /home/ubuntu/resume/current/public;
passenger_enabled on;
#charset koi8-r;
#access_log logs/host.access.log main;
# location / {
# root html;
# index index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
listen 80;
server_name qa.getmeed.com;
root /home/ubuntu/resume_consumer/current/public;
index index.html index.htm;
passenger_enabled on;
rails_env production;
passenger_friendly_error_pages on;
# location / {
# root html;
# index index.html index.htm;
# }
}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
When i look at logs, i find an alert that says PassengerAgent not found another error that the directory is forbidden. I am not sure if the alert is related.
2015/08/15 23:40:41 [notice] 20858#0: signal process started
2015/08/15 23:40:41 [alert] 12005#0: Unable to start Phusion Passenger: Support binary PassengerAgent not found (tried: /home/ubuntu/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.14/buildout/support-binaries/PassengerAgent and /root/.passenger/support-binaries/5.0.14/PassengerAgent). This probably means that your Phusion Passenger installation is broken or incomplete, or that your 'passenger_root' setting contains the wrong value. Please reinstall Phusion Passenger or adjust the setting (see: https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#PassengerRoot). (-1: Unknown error)
2015/08/15 23:45:04 [error] 20859#0: *375 directory index of "/home/ubuntu/resume_consumer/current/public/" is forbidden, client: 104.135.15.7, server: qa.getmeed.com, request: "GET / HTTP/1.1", host: "qa.getmeed.com"
You simply need to see if you can read the file inside /home/ubuntu/resume_consumer/current/public. You are showing us the permissions set in the home directory of Ubuntu, but current and public will have their own permissions as well.
First assuming there is an index.html inside of public, does the following return an error:
sudo -u nobody /home/ubuntu/resume_consumer/current/public
If so then you have a permission problem. You could resolve this by adding the nobody user to the same ubuntu group:
sudo adduser nobody ubuntu
and then ensure the group ubuntu users have the same access as the ubuntu user.
sudo chmod -R g=u /home/ubuntu/resume_consumer
Thanks all! it turns out there is no issue with the nginx. There was an error about passenger in nginx logs, which i wan't sure was related initially, But it turns out that was the root cause.
I had passenger installed but the passenger was not installed for the application specifically. I had to go to the application directory and install passenger gem and then use the passenger_root corresponding to the gem in application in nginx config. That fixed the issue.

enable CACHE on nginx, CentOS 7

I am new to nginx so sorry if this question has been asked before.
I am trying to enable cache on nginx. I found the solution NGINX Cache
The problem is that my nginx.conf which I have found in /etc/nginx/ngin.conf does not look anything like one posted there. So I am a bit confused and have no idea what to do.
here is my nginx.conf
#user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;
#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
so how should I apply the solution I have found or should I do something else?
Please help
See the include /etc/nginx/conf.d/*.conf; line at the bottom of your nginx.conf? This is where you'd symlink or save your actual host config files.. the ones you see in other posts, usually enclosed by server {...}.
You can change the path or add another one at any time and once nginx can successfully parse the included config files (nginx -t will test the files), you'd restart nginx gracefully using nginx -s reload
UPDATE:
Something like below would go into your filename.conf file
server {
listen 80;
root /somewhere/on/your/machine;
location / {
expires 1d;
# other caching related directives
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml;
# replace with your own gzip config
}
}
See http://nginx.org/en/docs/ for more detailed docs

Resources