Hi,
I've nginx server setup that terminates SSL connections from clients and forwards plain HTTP requests to backend servers. Some of these requests can last pretty long (up to 1 minute) and usually get very short 15 byte reply. (Ajax polling)
However, we see often these kind of errors that indicate that backend servers would have disconnected socket while writing reply.
2012/03/03 06:46:38 [error] 13394#0: *2100 upstream prematurely closed connection while reading response header from upstream, client: XX.XX.XX.XX, server: secure.example.com, request: "GET /url/example?par=12345 HTTP/1.1", upstream: "http://127.0.0.1:8082/url/example?par=12345", host: "secure.example.com", referrer: "https://secure.example.com/"
Strangely I can see correponding 200 OK responses from our server logs at the same timestamp, so at least backend server is trying to respond correctly.
Then we captured the traffic between nginx and backend server with wireshark and noticed that when this happens the response from server is actually sent in two TCP packets.
The first packet has headers and the second packet has small 15 byte HTTP body. I suspect that nginx fails to read the second packet in some conditions and thinks backend server disconnected prematurely.
Any insights? Thanks!