Apache ProxyPass => IIS 8

tag-icon tag-icon apache-2.2 reverse-proxy timeout proxypass iis-8.5
Apache ProxyPass => IIS 8

总结:通过 Apache ReverseProxy 执行耗时超过 5 分钟的 Web 任务会出错。持续时间较短的任务/报告会成功。直接访问报告会成功 (http://内部服务器/foobar.aspx代替http://public.mycompany.com/foobar.aspx)。我应该查看哪里以及我遗漏了哪些超时?

我有一个 Apache 实例,它正在切换到 HTTPS,然后通过 ProxyPassing 将请求顺利地传递到 Windows Server 2012 R2 IIS 8 实例中。

Browser <==> 
Apache 2.2.15 <==> 
IIS 8 (Windows 2012 R2, IIS 8.5.9600.16384) <==> 
Web App (<==> database)

一切都进展得非常顺利,直到一份“长期运行”的报告启动。当直接在 Windows 服务器上运行时,该报告需要大约 6 分钟。当从浏览器运行时,较短的报告可以成功运行,但这份报告最终会失败。

网页错误:

502 Proxy Error

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /app/LongRunningReport.aspx.

Reason: Error reading from remote server

SSL错误:

==> ssl_error_log <==
[Wed Nov 04 14:59:48 2015] [error] [client 192.168.1.225] (104)Connection reset by peer: proxy: error reading status line from remote server 192.168.1.179
[Wed Nov 04 14:59:48 2015] [error] [client 192.168.1.225] proxy: Error reading from remote server returned by /app/LongRunningReport.aspx

ssl.conf:

LoadModule ssl_module modules/mod_ssl.so
Listen 192.168.1.101:443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  1200
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost 192.168.1.101:443>
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  SSLCertificateFile conf.d/ssl.crt/test.crt
  SSLCertificateKeyFile conf.d/ssl.key/test.key
  SSLCertificateChainFile conf.d/ssl.crt/2015.crt
  SSLCACertificateFile conf.d/ssl.crt/Company_Root_CA.cer
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>
  CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  ServerName test.company.com
  RedirectMatch ^/$ https://test.company.com/app/login.aspx

  SSLProxyEngine on
  ProxyPass        / https://192.168.1.179/
  ProxyPassReverse / https://192.168.1.179/

  SetEnv force-proxy-request-1.0 1
  SetEnv proxy-nokeepalive 1
  SetEnv proxy-initial-not-pooled 1

  TimeOut 1200
  ProxyTimeout 1200
</VirtualHost>
SSLInsecureRenegotiation off
SSLHonorCipherOrder on

IIS Settings:
Advanced Settings > Limits > Connection Time-out (seconds): 1200
Session State > Cookie Settings > Timeout (in minutes): 20

我们尝试将所有超时设置增加到 1200(20 分钟) - 在 Apache 和 IIS 内部。

我遗漏了什么?什么原因导致 Apache 和 IIS 之间出现代理错误消息?

相关内容