Welcome! Log In Create A New Profile

Advanced

Problems with Tomcat + NGINX

Posted by Giacomo Arru - BETA Technologies 
Giacomo Arru - BETA Technologies
Problems with Tomcat + NGINX
July 04, 2018 04:20PM
Tomcat: 9.0.8 nginx: 1.12.2




I have this configuration:




Vaadin 8 application, served via Tomcat 9.




The application has manual push with websocket transport.







If I use the app directly from Tomcat,





-the Websocket connection works correctly.




-the upload within the app of 10mb files works.







If I use the application through nginx proxy,




the upload works for very small files only (max 61440 bytes) and the websocket initially works, but after 30 seconds the application hangs (I think the websocket gets closed).







This is the nginx configuration:













nginx.conf






user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}


http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;

access_log /var/log/nginx/access.log main_ext;

# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";

include /etc/nginx/mime.types;
default_type application/octet-stream;


map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;


server {
listen 80;
server_name demo.myserver.com;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
}

client_body_buffer_size 10M;
client_max_body_size 10M;
gzip on;
send_timeout 600;
proxy_connect_timeout 81640;
proxy_send_timeout 81640;
proxy_read_timeout 81640;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_buffering off;
proxy_redirect off;
proxy_request_buffering off;
types_hash_max_size 2048;
sendfile on;
tcp_nopush on;
tcp_nodelay on;

}







myvhost.conf






proxy_cache_path /tmp/NGINX_cache-demo/ levels=1:2 keys_zone=demo:10m max_size=100m inactive=1h;

upstream demo {
ip_hash;

server 172.16.1.1:8080 max_fails=0 fail_timeout=3s;
keepalive 100;
}


server {
listen 80;
server_name demo.myserver.com;

# Redirect all HTTP to HTTPS
location / {
return 301 https://$server_name$request_uri;
}

}

server {
server_name demo.impresacloud.com;

listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/demo.impresacloud.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.impresacloud.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/access_demo.log main_ext;
error_log /var/log/nginx/error_demo.log info;

client_max_body_size 128m;
# disable unsupported ciphers
#ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;

# ssl optimizations
ssl_session_cache shared:SSL:60m;
#sl_session_timeout 60m;
add_header Strict-Transport-Security "max-age=31536000";

client_header_timeout 3m;
client_body_timeout 3m;


# Risolve loop di redirect
location = /app/ {
return 302 /;
}
location = /app {
return 302 /;
}

# A location block is needed per URI group

location / {

#proxy_read_timeout 300;
#proxy_connect_timeout 300;
proxy_cache demo;
proxy_cookie_path /app /;
error_page 500 502 503 504 /server_down.html;

### force timeouts if one of backend is died ##
#proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
### Set headers ####
#proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

proxy_buffering off;
proxy_ignore_client_abort off;
proxy_redirect off;

### Most PHP, Python, Rails, Java App can use this header ###
#proxy_set_header X-Forwarded-Proto $scheme;
#add_header Front-End-Https on;
#proxy_pass_request_headers On;

#proxy_buffer_size 64k;
#proxy_buffers 16 32k;
#proxy_busy_buffers_size 64k;

#proxy_connect_timeout 3600;
#proxy_read_timeout 84600s;
#proxy_send_timeout 84600s;

#reset_timedout_connection off;


proxy_pass http://demo/app/;
}

location = /server_down.html {
root /opt/ImpresaCloud/proxy_html/;
}


}


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Igor A. Ippolitov
Re: Problems with Tomcat + NGINX
July 04, 2018 06:40PM
Giacomo,

Have a look at nginx error and access logs.
Most likely, that's tomcat default timeout fires.

Regards,
Igor.

On 04.07.2018 17:17, Giacomo Arru - BETA Technologies wrote:
>
> Tomcat: 9.0.8 nginx: 1.12.2
>
>
> I have this configuration:
>
>
> Vaadin 8 application, served via Tomcat 9.
>
>
> The application has manual push with websocket transport.
>
>
>
> *If I use the app directly from Tomcat,*
>
>
> -the Websocket connection works correctly.
>
>
> -the upload within the app of 10mb files works.
>
>
>
> *If I use the application through nginx proxy,*
>
>
> the upload works for very small files only (max 61440 bytes) and the
> websocket initially works, but after 30 seconds the application hangs
> (I think the websocket gets closed).
>
>
>
> This is the nginx configuration:
>
>
>
>
>
> *nginx.conf*
>
>
>
> user nginx;
> worker_processes auto;
> error_log /var/log/nginx/error.log;
> pid /run/nginx.pid;
>
> # Load dynamic modules. See /usr/share/nginx/README.dynamic.
> include /usr/share/nginx/modules/*.conf;
>
> events {
>     worker_connections 1024;
> }
>
>
> http {
>     log_format  main  '$remote_addr - $remote_user [$time_local]
> "$request" '
>                       '$status $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for"';
>
>     log_format main_ext '$remote_addr - $remote_user [$time_local]
> "$request" '
>             '$status $body_bytes_sent "$http_referer" '
>             '"$http_user_agent" "$http_x_forwarded_for" '
>             '"$host" sn="$server_name" '
>             'rt=$request_time '
>             'ua="$upstream_addr" us="$upstream_status" '
> 'ut="$upstream_response_time" ul="$upstream_response_length" '
> 'cs=$upstream_cache_status' ;
>
>     access_log /var/log/nginx/access.log  main_ext;
>
>     # Mitigate httpoxy attack (see README for details)
>     proxy_set_header Proxy "";
>
>     include /etc/nginx/mime.types;
>     default_type application/octet-stream;
>
>
>     map $http_upgrade $connection_upgrade {
>         default upgrade;
>         ''      close;
>     }
>
>     # Load modular configuration files from the /etc/nginx/conf.d
> directory.
>     # See http://nginx.org/en/docs/ngx_core_module.html#include
>     # for more information.
>     include /etc/nginx/conf.d/*.conf;
>
>
>     server {
>     listen 80;
>     server_name demo.myserver.com;
>         # Load configuration files for the default server block.
>         include /etc/nginx/default.d/*.conf;
>     }
>
>     client_body_buffer_size 10M;
>     client_max_body_size 10M;
>     gzip                        on;
>     send_timeout 600;
>     proxy_connect_timeout 81640;
>     proxy_send_timeout 81640;
>     proxy_read_timeout 81640;
>     proxy_set_header Connection "";
>     proxy_http_version 1.1;
>     proxy_buffering off;
>     proxy_redirect off;
>     proxy_request_buffering off;
>     types_hash_max_size 2048;
>     sendfile                    on;
>     tcp_nopush on;
>     tcp_nodelay on;
>
> }
>
>
>
> *myvhost.conf*
>
>
>
>
> proxy_cache_path /tmp/NGINX_cache-demo/ levels=1:2 keys_zone=demo:10m
> max_size=100m inactive=1h;
>
> upstream demo {
>     ip_hash;
>
>     server 172.16.1.1:8080 max_fails=0 fail_timeout=3s;
>     keepalive 100;
> }
>
>
> server {
>     listen 80;
>     server_name demo.myserver.com;
>
>     # Redirect all HTTP to HTTPS
>     location / {
>         return 301 https://$server_name$request_uri;
>     }
>
> }
>
> server {
>     server_name demo.impresacloud.com;
>
>     listen 443 ssl http2; # managed by Certbot
>     ssl_certificate
> /etc/letsencrypt/live/demo.impresacloud.com/fullchain.pem; # managed
> by Certbot
>     ssl_certificate_key
> /etc/letsencrypt/live/demo.impresacloud.com/privkey.pem; # managed by
> Certbot
>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>     access_log /var/log/nginx/access_demo.log main_ext;
>     error_log /var/log/nginx/error_demo.log info;
>
>         client_max_body_size 128m;
>         # disable unsupported ciphers
>         #ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
>
>         # ssl optimizations
>         ssl_session_cache shared:SSL:60m;
>         #sl_session_timeout 60m;
>         add_header Strict-Transport-Security "max-age=31536000";
>
>             client_header_timeout 3m;
>             client_body_timeout 3m;
>
>
>     # Risolve loop di redirect
>     location = /app/ {
>         return 302 /;
>     }
>     location = /app {
>         return 302 /;
>     }
>
>     # A location block is needed per URI group
>
>     location / {
>
>         #proxy_read_timeout 300;
>         #proxy_connect_timeout 300;
>         proxy_cache demo;
>         proxy_cookie_path /app /;
>         error_page 500 502 503 504 /server_down.html;
>
>         ### force timeouts if one of backend is died ##
>         #proxy_next_upstream error timeout invalid_header http_500
> http_502 http_503 http_504;
>         ### Set headers ####
>         #proxy_set_header Accept-Encoding   "";
>         proxy_set_header X-Forwarded-Host         $host;
>         proxy_set_header        Host     $host;
>         proxy_set_header        X-Real-IP     $remote_addr;
>         proxy_set_header        X-Forwarded-For    
> $proxy_add_x_forwarded_for;
>         proxy_set_header X-Forwarded-Server    $host;
>         proxy_cache_bypass $http_upgrade;
>         proxy_set_header Upgrade $http_upgrade;
>         proxy_set_header Connection $connection_upgrade;
>
>             proxy_buffering           off;
>             proxy_ignore_client_abort off;
>             proxy_redirect off;
>
>         ### Most PHP, Python, Rails, Java App can use this header ###
>         #proxy_set_header X-Forwarded-Proto $scheme;
>         #add_header Front-End-Https   on;
>         #proxy_pass_request_headers On;
>
>         #proxy_buffer_size 64k;
>         #proxy_buffers 16 32k;
>         #proxy_busy_buffers_size 64k;
>
>             #proxy_connect_timeout   3600;
>             #proxy_read_timeout      84600s;
>             #proxy_send_timeout      84600s;
>
>         #reset_timedout_connection    off;
>
>
>         proxy_pass http://demo/app/;
>     }
>
>        location = /server_down.html {
>         root  /opt/ImpresaCloud/proxy_html/;
>     }
>
>
> }
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login