frequent 504's on VCL
Tim Dunphy
bluethundr at gmail.com
Tue Jul 28 04:24:21 CEST 2015
Hey guys,
I'm getting frequent 504 errors in the browser when using even this
stripped down version of my VCL. I'm also seeing the pages load with the
css totally blown and just the text showing up with no graphics and no
formatting.
It's pretty odd how inconsistent this VCL is behaving.
On one load of the page where the graphics are broken I'm seeing this error
in the logs:
10 TxHeader c Connection: close
10 TxHeader c X-Cache: MISS
10 Debug c Write error, retval = -1, len = 602, errno =
Connection reset by peer
10 ReqEnd c 241437586 1438049428.763690233 1438049435.868994236
0.000110626 7.105183125 0.000120878
10 StatSess c 54.86.143.49 48979 7 1 1 0 0 1 602 0
0 CLI - Rd ping
0 CLI - Wr 200 19 PONG 1438049436 1.0
And on 504 errors I'm seeing this result in the logs:
10 TxHeader c Via: 1.1 varnish
10 TxHeader c Connection: close
10 TxHeader c X-Cache: MISS
10 Length c 316
10 ReqEnd c 241437672 1438049679.750560999 1438049679.750730276
0.000099182 0.000094652 0.000074625
10 SessionClose c error
10 StatSess c 54.86.143.49 49821 0 1 1 0 0 0 285 316
I'm running 3 back ends using apache 2.4 on Centos 7. I'm running two
Varnish nodes at version 3.0.5.
All 3 web backends are checking in as healthy:
[root at varnish1:/etc/varnish] #varnishadm -n varnish1 debug.health
Backend web1 is Healthy
Current states good: 3 threshold: 2 window: 3
Average responsetime of good probes: 0.026873
Oldest Newest
================================================================
--------------------------------------------------------------44 Good IPv4
--------------------------------------------------------------XX Good Xmit
--------------------------------------------------------------RR Good Recv
------------------------------------------------------------HHHH Happy
Backend web2 is Healthy
Current states good: 3 threshold: 2 window: 3
Average responsetime of good probes: 0.029118
Oldest Newest
================================================================
--------------------------------------------------------------44 Good IPv4
--------------------------------------------------------------XX Good Xmit
--------------------------------------------------------------RR Good Recv
------------------------------------------------------------HHHH Happy
Backend web3 is Healthy
Current states good: 3 threshold: 2 window: 3
Average responsetime of good probes: 0.029101
Oldest Newest
================================================================
--------------------------------------------------------------44 Good IPv4
--------------------------------------------------------------XX Good Xmit
--------------------------------------------------------------RR Good Recv
------------------------------------------------------------HHHH Happy
And here is the VCL that I am having this trouble with:
[root at varnish1:/etc/varnish] #egrep -v "^#|^$" default.vcl
backend web1 {
.host = “10.10.10.25”;
.port = "80";
.connect_timeout = 45s;
.first_byte_timeout = 45s;
.between_bytes_timeout = 45s;
.max_connections = 70;
.probe = {
.request =
"GET /healthcheck.php HTTP/1.1"
"Host: wiki.example.com"
"Authorization: Basic SomeLongBase64Hash="
"Connection: close";
.interval = 10m;
.timeout = 60s;
.window = 3;
.threshold = 2;
}
}
backend web2 {
.host = “10.10.10.26”;
.port = "80";
.connect_timeout = 45s;
.first_byte_timeout = 45s;
.between_bytes_timeout = 45s;
.max_connections = 70;
.probe = {
.request =
"GET /healthcheck.php HTTP/1.1"
"Host: wiki.example.com"
"Authorization: Basic SomeLongBase64Hash="
"Connection: close";
.interval = 10m;
.timeout = 60s;
.window = 3;
.threshold = 2;
}
}
backend web3 {
.host = “10.10.10.27”;
.port = "80";
.connect_timeout = 45s;
.first_byte_timeout = 45s;
.between_bytes_timeout = 45s;
.max_connections = 70;
.probe = {
.request =
"GET /healthcheck.php HTTP/1.1"
"Host: wiki.example.com"
"Authorization: Basic SomeLongBase64Hash="
"Connection: close";
.interval = 10m;
.timeout = 60s;
.window = 3;
.threshold = 2;
}
}
director www round-robin {
{ .backend = web1; }
{ .backend = web2; }
{ .backend = web3; }
}
sub vcl_recv {
set req.backend = www;
unset req.http.Cookie;
if (! req.http.Authorization ~ "Basic SomeLongBase64Hash=" && !
req.http.Authorization ~ "Basic AnotherLongBase64Hash=" )
{
error 401 "Restricted";
}
if (req.url ~ "&action=submit($|/)") {
return (pass);
}
return (lookup);
}
sub vcl_fetch {
set beresp.ttl = 3600s;
set beresp.grace = 4h;
return (deliver);
}
sub vcl_error {
if (obj.status == 401) {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.WWW-Authenticate = "Basic realm=Secured";
synthetic {"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "
http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<HTML>
<HEAD>
<TITLE>Error</TITLE>
<META HTTP-EQUIV='Content-Type' CONTENT='text/html;'>
</HEAD>
<BODY><H1>401 Unauthorized (varnish)</H1></BODY>
</HTML>
"};
return (deliver);
}
}
sub vcl_deliver {
if (obj.hits> 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
The IP's you see listed above are fake. I'm not really running the web
servers on a 10-net.
I'm really looking forward to getting this solved! And I'd appreciate any
feedback you may have.
Thanks,
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20150727/5e231229/attachment.html>
More information about the varnish-misc
mailing list