Tempo Limite de Leitura do Cabeçalho da Solicitação Apache (Proxy Reverso)

1

Eu continuo vendo isso em meus arquivos de log do Apache 2.2.22 (Ubuntu) e não sei porque está ocorrendo ou como corrigi-lo

[debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully
[info] [client 10.0.0.5] Connection closed to child 3 with standard shutdown (server example.com:443)
[info] [client 10.0.0.5] (70007)The timeout specified has expired: SSL input filter read failed.

Eu já vi isso: Tempo de espera do proxy do Apache

Já experimentei o a2dismod reqtimeout_module e estas opções:

    SetEnv proxy-sendchunks
    SetEnv force-proxy-request-1.0 1
    SetEnv proxy-nokeepalive 1
    ProxyPass            /  https://example.com/  connectiontimeout=300 timeout=300

Informações do Apache:

#  apachectl -V; apachectl -M
Server version: Apache/2.2.22 (Ubuntu)
Server built:   Jul 12 2013 13:37:10
Server's Module Magic Number: 20051115:30
Server loaded:  APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.6, APR-Util 1.3.12
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_default_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 headers_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 security2_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 status_module (shared)
 unique_id_module (shared)
Syntax OK


# cat /etc/apache2/sites-available/scl/example.com
<Virtualhost *:80>
        Servername example.com
        Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:443>
        Servername example.com
        SSLEngine on
        SSLProxyEngine On
        ProxyRequests Off
        LogLevel Debug
        DocumentRoot "/var/www/html/scl/trail"
        ErrorLog "/var/log/apache2/trail-error_log"
        CustomLog "/var/log/apache2/trail-error_log" common
        DirectoryIndex index.html index.htm
        <Directory /var/www/html/scl/trail>
        Order deny,allow
        Allow from all
        SetHandler default-handler
        </Directory>

        ProxyPass            /  https://example.com/  connectiontimeout=300 timeout=300
        ProxyPassReverse     /  https://example.com/

        ProxyPreserveHost On

        ###################
        # SSL Constraints #
        ###################

        SSLProtocol -ALL +SSLv3 +TLSv1

        # Choose cipher suites
        SSLHonorCipherOrder On
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

        # SameOrigin The page can only be displayed in a frame on the same origin as the page itself
        Header set X-Frame-Options SAMEORIGIN

        SSLCertificateFile     /etc/apache2/example.com.crt
        SSLCertificateKeyFile  /etc/apache2/example.com.key
        SSLCertificateChainFile /etc/apache2/gd_bundle.crt
        SetOutputFilter INFLATE;proxy-html;DEFLATE
</VirtualHost>
    
por brakertech 18.09.2013 / 17:45

1 resposta

2

Por alguma razão isso corrigiu

    SetEnv nokeepalive ssl-unclean-shutdown
    
por 18.09.2013 / 19:04