使用 Varnish + Pound 解决 Apache 503 错误

使用 Varnish + Pound 解决 Apache 503 错误

我在 Apache 上的 Varnish + Pound 设置中收到很多看似随机的 503 服务不可用错误。我不知道从哪里开始或问题是什么。我在网上搜索了很多,但我尝试过的所有建议都没有用。

以下是我的设置。

Varnish 配置

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -p connect_timeout=2500 \
             -p thread_pools=8 \
             -p thread_pool_max=2500 \
             -p max_restarts=8 \
             -s malloc,256m"

清漆 VCL

backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .connect_timeout = 3600s;
    .first_byte_timeout = 3600s;
    .between_bytes_timeout =  3600s;
}

磅配置

ListenHTTPS
    HeadRemove "X-Forwarded-Proto"
    AddHeader "X-Forwarded-Proto: https"
    Address 1.2.3.4 # server public ip
    Port 443
    xHTTP       0
    Cert "/etc/apache2/ssl/website.pem"
    Service
        Backend
            Address 127.0.0.1
            Port 80
        End
    End
End

Apache 配置

端口配置文件

NameVirtualHost *:8080
Listen 8080

<IfModule mod_ssl.c>
    NameVirtualHost *:44333
    Listen 44333
</IfModule>

<IfModule mod_gnutls.c>
    NameVirtualHost *:44333
    Listen 44333
</IfModule>

已启用站点/网站 SSL

SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
<VirtualHost *:44333>
    DocumentRoot /var/www/website
    ServerName website.com
    ServerAlias www.website.com
    ServerAlias *.website.com

    <Directory /var/www/website>
            Options -Indexes
            Options FollowSymLinks
            AllowOverride All
        </Directory>

    <Location />
        SetEnv no-gzip
    </Location>

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/website.crt
    SSLCertificateKeyFile /etc/apache2/ssl/website.key
    SSLCertificateChainFile /etc/apache2/ssl/provider.crt
    SSLProtocol all -SSLv2
    SSLHonorCipherOrder On
    SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
</VirtualHost>

我在 apache 日志中没有看到任何错误,但是我从 varnishlog 中看到了这个

Varnishlog

 0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1400458257 1.0
   13 BackendOpen  b default 127.0.0.1 49422 127.0.0.1 8080
   13 BackendXID   b 1621892887
   13 TxRequest    b GET
   13 TxURL        b /portal/home
   13 TxProtocol   b HTTP/1.1
   13 TxHeader     b Host: website.com
   13 TxHeader     b Cache-Control: max-age=0
   13 TxHeader     b Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
   13 TxHeader     b User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
   13 TxHeader     b Accept-Encoding: gzip,deflate,sdch
   13 TxHeader     b Accept-Language: en-US,en;q=0.8
   13 TxHeader     b Cookie: PHPSESSID=b2vl2i3l9i7undm3blm4sqsa90;
   13 TxHeader     b X-Forwarded-Proto: https
   13 TxHeader     b X-SSL-cipher: DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
   13 TxHeader     b X-Forwarded-For: 1.2.3.4, 127.0.0.1
   13 TxHeader     b X-Varnish: 1621892887
   13 BackendClose b default
   11 SessionOpen  c 127.0.0.1 59210 :80
   11 ReqStart     c 127.0.0.1 59210 1621892887
   11 RxRequest    c GET
   11 RxURL        c /portal/home
   11 RxProtocol   c HTTP/1.1
   11 RxHeader     c Host: website.com
   11 RxHeader     c Connection: keep-alive
   11 RxHeader     c Cache-Control: max-age=0
   11 RxHeader     c Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
   11 RxHeader     c User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
   11 RxHeader     c Accept-Encoding: gzip,deflate,sdch
   11 RxHeader     c Accept-Language: en-US,en;q=0.8
   11 RxHeader     c Cookie: PHPSESSID=b2vl2i3l9i7undm3blm4sqsa90; 
   11 RxHeader     c X-Forwarded-Proto: https
   11 RxHeader     c X-SSL-cipher: DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
   11 RxHeader     c X-Forwarded-For: 1.2.3.4
   11 VCL_call     c recv pass
   11 VCL_call     c hash
   11 Hash         c /portal/home
   11 Hash         c website.com
   11 VCL_return   c hash
   11 VCL_call     c pass pass
   11 Backend      c 13 default default
   11 FetchError   c http read error: -2 0 (Success)
   11 VCL_call     c error deliver
   11 VCL_call     c deliver deliver
   11 TxProtocol   c HTTP/1.1
   11 TxStatus     c 503
   11 TxResponse   c Service Unavailable
   11 TxHeader     c Server: Varnish
   11 TxHeader     c Content-Type: text/html; charset=utf-8
   11 TxHeader     c Retry-After: 5
   11 TxHeader     c Content-Length: 419
   11 TxHeader     c Accept-Ranges: bytes
   11 TxHeader     c Date: Mon, 19 May 2014 00:11:00 GMT
   11 TxHeader     c X-Varnish: 1621892887
   11 TxHeader     c Age: 0
   11 TxHeader     c Via: 1.1 varnish
   11 TxHeader     c Connection: close
   11 Length       c 419
   11 ReqEnd       c 1621892887 1400458260.537350416 1400458260.631304026 0.000104666 0.093891382 0.000062227
   11 SessionClose c error
   11 StatSess     c 127.0.0.1 59210 0 1 1 0 1 0 257 419
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1400458260 1.0
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1400458263 1.0

对于可能出现的问题,您有什么帮助或建议吗?

答案1

最终解决了这个问题,

首先我检查了 varnish 是否有错误,没有发现任何错误,然后检查了 apache,仍然没有发现任何错误。此时我决定尝试一下 pound 配置。

由于 Apache 正在监听端口 8080,因此 pound 配置后端也应该监听端口 8080。

这是我的新磅配置:

ListenHTTPS
    HeadRemove "X-Forwarded-Proto"
    AddHeader "X-Forwarded-Proto: https"
    Address 1.2.3.4 # server public ip
    Port 443
    xHTTP       0
    Cert "/etc/apache2/ssl/website.pem"
    Service
        Backend
            Address 127.0.0.1
            Port 8080
        End
    End
End

相关内容