From: Eric Wong <e@80x24.org>
To: Michael Bernstein <michael.bernstein@clicksign.com>
Cc: unicorn-public@yhbt.net,
Daniel Libanori <daniel.libanori@clicksign.com>,
Luiz Ferreira <luiz.ferreira@clicksign.com>
Subject: Re: Connection issues between nginx and unicorn
Date: Tue, 18 Aug 2020 18:06:11 +0000 [thread overview]
Message-ID: <20200818180611.GA18977@dcvr> (raw)
In-Reply-To: <CANgN-T4PPJL=G4SKH7DeaFq_ep9ROYaSXfXimMh32xpRqvyf0w@mail.gmail.com>
Michael Bernstein <michael.bernstein@clicksign.com> wrote:
> Hello,
>
> We are having a lot of connection issues between nginx and unicorn,
> but we don't know exactly where is the issue. Can somebody help us?
Sure, replies in line...
> Exemple from our nginx logs:
> [error] 6#6: *4269348 connect() failed (111: Connection refused) while
> connecting to upstream, client: 10.2.2.252, server: _, request: "POST
> /api/v1/documents?access_token=....
> [error] 6#6: *4269169 recv() failed (104: Connection reset by peer)
> while reading response header from upstream, client: 10.2.10.120,
> server: _, request: "GET /api/v1/documents/.....
> [error] 6#6: *4268896 upstream timed out (110: Operation timed out)
> while connecting to upstream, client: 10.2.2.252, server: _, request:
> "GET /accounts/.... HTTP/1.1", upstream:
> "http://172.20.214.176:80/accounts...", host: "app.clicksign.com",
> referrer: "https://app.clicksign.com/..."
Did any connections ever work?
> ############
> Unicorn configuration file:
>
> # frozen_string_literal: true
>
> listen 8080
OK, so that means it's listening to all IP addresses on TCP port 8080;
no problem here.
If you use curl to hit 8080 on the host(s) unicorn is running,
it should work.
> worker_processes 4
> timeout 60
>
> preload_app true
> GC.respond_to?(:copy_on_write_friendly=) &&
> (GC.copy_on_write_friendly = true)
Off-topic, GC.copy_on_write_friendly is the default in Ruby 2.0+;
(and IIRC it wasn't in any official Ruby release, just the
Phusion "Enterprise Edition")
<snip>
> ############
> nginx configuration file:
>
> proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=assets_cache:10m
> max_size=1g inactive=60m use_temp_path=off;
>
> resolver kube-dns.kube-system.svc.cluster.local valid=5s;
>
> upstream backend {
> server unicorn;
Is "unicorn" an entry in your DNS (via search path) or
an entry in /etc/hosts file?
There's also no reference to port 8080 anywhere in your nginx
config, so I don't know how nginx is supposed to know that
unicorn is on port 8080.
I would expect to see something like:
server unicorn.internal.example.com:8080;
Or if on the same host:
server 127.0.0.1:8080;
> }
>
> server {
> server_name _;
<snip>
> location ~* ^/(fonts|webfonts|assets|packs) {
> proxy_redirect off;
> proxy_cache assets_cache;
> proxy_cache_valid 120m;
> proxy_pass http://backend;
> add_header Cache-Control public;
> if ($http_origin ~
> '^((https*?:\/\/).*?((\.clicksign)\.(com|me|dev)))($|\/.*$)$' ){
> add_header Access-Control-Allow-Origin $http_origin;
> }
> expires max;
> }
>
> location / {
> proxy_pass http://backend;
> proxy_redirect off;
> proxy_read_timeout 60;
> proxy_set_header Host $http_host;
> }
No references to port 8080 in either location block, either.
I don't think you need 8080 in location block if you have them
in the "upstream backend" block; it's been a while since I've
used nginx... But you need 8080 (and the correct IP address or
DNS entry) somewhere.
next prev parent reply other threads:[~2020-08-18 18:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-18 15:15 Connection issues between nginx and unicorn Michael Bernstein
2020-08-18 18:06 ` Eric Wong [this message]
2020-08-22 1:27 ` Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/unicorn/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200818180611.GA18977@dcvr \
--to=e@80x24.org \
--cc=daniel.libanori@clicksign.com \
--cc=luiz.ferreira@clicksign.com \
--cc=michael.bernstein@clicksign.com \
--cc=unicorn-public@yhbt.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).