我们使用 Apache 代理来使我们的应用服务器能够通过互联网访问特定网站。设置如下:
application servers --> apache proxy --> Internet website
某些请求失败,应用程序服务器日志中出现以下错误:
<head>
<title>502 Proxy Error</title>
</head><body>
<h1>Proxy Error</h1>
<p>The proxy server received an invalid
response from an upstream server.<br />
The proxy server could not handle the request <em><a href="/link">POST
nbsp;/link</a></em>.<p>
Reason: <strong>Error reading from remote server</strong></p></p>
</body>
并且 apache error.log 文件中的调试日志如下:
[Mon May 20 09:57:54 2013] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //myURL.com
[Mon May 20 09:57:54 2013] [debug] proxy_util.c(1506): [client 172.20.101.71] proxy: https: found worker `https://myurl.com/` for `https://myurl.com/link`
[Mon May 20 09:57:54 2013] [debug] mod_proxy.c(1015): Running scheme https handler (attempt 0)
[Mon May 20 09:57:54 2013] [debug] mod_proxy_http.c(1973): proxy: HTTP: serving URL https://myurl.com/link
[Mon May 20 09:57:54 2013] [debug] proxy_util.c(2011): proxy: HTTPS: has acquired connection for (mu=y url)
[Mon May 20 09:57:54 2013] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#136e90 [mem: 190593]
[Mon May 20 09:57:54 2013] [debug] proxy_util.c(2067): proxy: connecting https://myurl.com/link to myurl.com:443
[Mon May 20 09:57:54 2013] [debug] proxy_util.c(2193): proxy: connected /link to myurl.com:443
[Mon May 20 09:57:54 2013] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#136e90 [mem: 190593]
[Mon May 20 09:57:54 2013] [info] [client ip] (131)Connection reset by peer: SSL input filter read failed.
[Mon May 20 09:57:54 2013] [error] [client ip2] (131)Connection reset by peer: proxy: error reading status line from remote server myurl.com:443
[Mon May 20 09:57:54 2013] [debug] mod_proxy_http.c(1466): [client ip2] proxy: NOT Closing connection to client although reading from backend server "myurl.com:443 failed.
[Mon May 20 09:57:54 2013] [error] [client ip2] proxy: Error reading from remote server returned by /link
[Mon May 20 09:57:54 2013] [debug] proxy_util.c(2029): proxy: HTTPS: has released connection for (myurl.com)
知道大多数请求都已成功发送,并且响应已正常接收,您有什么想法可以解决这个问题吗?所有请求的长度都相同,并且都是自动生成的,因此问题不可能出在请求本身。
答案1
看起来这里描述了一些问题Apache Bugzilla。 这解决方案httpd.conf正在内部<Proxy>部分添加这些行
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
更新
部署上述解决方案后,我遇到了另一个问题,因为客户端使用 HTTP/1.1 发送请求,而代理根据之前的 setEnv 参数被强制使用 HTTP/1.0,这导致了 HTTP 错误HTTP/1.1 417 期望失败。SO上的这个帖子提到可以从客户端或代理端解决错误。
最后,我在代理端实现了基于这一页。现在我在<Proxy>Section中有三个参数
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
RequestHeader unset Expect early
我从昨天开始就一直在监控该解决方案,到目前为止它运行良好。昨天我还进行了 500 笔交易的测试,全部成功。
更新 2
它已被添加到 Apache 文档中自那以后。
答案2
检查您的 SSL 代理虚拟主机上是否同时拥有SSLProxyVerify none和。SSLProxyCheckPeerCN off