Welcome! Log In Create A New Profile

Advanced

Bad Decompression error after default ssl_session_timeout

May 22, 2012 03:15AM
Hi,

I have an LB setup with nginx for an ssl enabled site which load balance with 2 apache servers. All the servers are CentOS5.5* and OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. Also we are using the same SSL certificate on all the 3 servers.

It does load balance perfectly untill 5m. After that it raises an error:

[crit] 5179#0: *6 SSL_do_handshake() failed (SSL: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression) while SSL handshaking to upstream, client: clientip, server: lb.abcd.net, request: "GET /search/ HTTP/1.1", upstream: "https://server1-ip:443/search/", host: "lb.abcd.net"

This error happens for both server1 and server2. After this, the load balancer is not working.

The following are the nginx conf.

http {
include mime.types;
default_type application/octet-stream;
autoindex off;
ssi off;
server_tokens off;

log_format main '$remote_addr [$time_local] - "$request" - '
'$status - $body_bytes_sent - "$http_referer"';

log_format load_b '$remote_addr [$time_local] - "$request" - $status - '
'worker_addr $upstream_addr - '
'worker_status $upstream_status - '
'worker_response_time $upstream_response_time - '
'total_processing_time $request_time - '
'content_type $upstream_http_content_type';

access_log logs/access.log main;

sendfile on;
keepalive_timeout 65;

gzip on;
gzip_http_version 1.1;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml text/css application/x-javascript text/xml;
gzip_disable "MSIE [1-6]\.";

proxy_ssl_session_reuse on;

upstream loadbalancer {
server server1-ip:443 weight=1 max_fails=5 fail_timeout=3m;
server server2-ip:443 weight=1 max_fails=5 fail_timeout=3m;
}
server {
listen 443 ssl;
server_name lb.abcd.net;
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|txt|js|htm|html)$ {
expires 24h;
add_header Cache-Control public;
root /home/abc/media;
}

ssl_certificate /root/Apache_New_SSL_Keys/abcd.co.uk.crt;
ssl_certificate_key /root/Apache_New_SSL_Keys/abcd.key.nopass;
ssl_session_timeout 3m;
ssl_protocols SSLv3;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location / {
proxy_pass https://loadbalancer;
access_log logs/access_lb.log load_b;
}

error_page 403 templates/403.html;
error_page 404 templates/404.html;
error_page 500 502 503 504 /50x.html;

location = /50x.html {
alias templates/500.html;
}
}
}

What can be the issue? Thanks in advance.
Subject Author Posted

Bad Decompression error after default ssl_session_timeout

lima May 22, 2012 03:15AM

Re: Bad Decompression error after default ssl_session_timeout

Maxim Dounin May 22, 2012 01:28PM

Re: Bad Decompression error after default ssl_session_timeout

lima May 23, 2012 03:03AM

Re: Bad Decompression error after default ssl_session_timeout

Maxim Dounin May 23, 2012 04:26AM

Re: Bad Decompression error after default ssl_session_timeout

Igor Sysoev May 23, 2012 05:02AM

Re: Bad Decompression error after default ssl_session_timeout

lima May 23, 2012 05:49AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 107
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready