While debugging issue #1527852: Random WSOD on D7 sites with Redis enabled also for anonymous visitors we discovered that the otherwise useful Nginx directive fastcgi_cache_use_stale can cause caching upstream errors, and then effectively serving from cache some nice WSOD for all visitors, which is pretty crazy.

Comments

omega8cc’s picture

omega8cc commented
Status: Active » Fixed

Fixed in commits:

6.x-1.x - http://drupalcode.org/project/provision.git/commit/2f55558
6.x-2.x - http://drupalcode.org/project/provision.git/commit/6ce5dbb

omega8cc’s picture

omega8cc commented
Status: Fixed » Needs work

Well, it doesn't help at all, so I was probably confused. It still caches WSOD header response even with fastcgi_cache_use_stale set to off so we probably need to stop caching HEAD requests instead.

omega8cc’s picture

omega8cc commented
Title: Nginx microcaching shouldn't cache any upstream errors » Nginx microcaching should use fastcgi_cache_valid with 1s only for upstream errors
Status: Needs work » Fixed

Since we can't stop Nginx from caching, we have to make it 1s only cache (for DoS protection only).

Committed in:

6.x-1.x - http://drupalcode.org/project/provision.git/commit/a104712
6.x-2.x - http://drupalcode.org/project/provision.git/commit/cdfdca9

omega8cc’s picture

omega8cc commented
Status: Fixed » Needs work

We should add error 403 to this list.

kepford’s picture

kepford commented
Status: Needs work » Fixed

This bug also affects 403's.

kepford’s picture

kepford commented
Status: Fixed » Needs work

Sorry Omega8, should have refreshed my page. You beat me too posting this.

omega8cc’s picture

omega8cc commented
Priority: Major » Normal

Note that this issue may be Barracuda/Octopus specific, as we force default TTL to 5 minutes there - and this is how we discovered this upstream bug. It may still affect any non-BOA user if he/she is using X-Accel-Expires header in his/her own global.inc file.

Also related: #1535546: D7 site still shows "site in maintenance mode" after it was put live

While we need to force secure enough TTL for all not-OK responses by default to avoid this issue, we have submitted also a bug report upstream: http://trac.nginx.org/nginx/ticket/151

omega8cc’s picture

omega8cc commented
Assigned: omega8cc » Unassigned
Status: Needs work » Fixed

Fixed in commits:

6.x-1.x - http://drupalcode.org/project/provision.git/commit/02f54f6
6.x-2.x - http://drupalcode.org/project/provision.git/commit/c76cd1c

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 6ce5dbb on dev-nginx-6.x-2.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by omega8cc: 
    Issue #1528996 and #1527852 by PlayfulWolf - Nginx microcaching shouldn'...
  • Commit 2f55558 on dev-drupal-8, dev-nginx-6.x-1.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by omega8cc:
    Issue #1528996 and #1527852 by PlayfulWolf - Nginx microcaching shouldn'...
  • Commit cdfdca9 on dev-nginx-6.x-2.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by omega8cc:
    Issue #1528996 by omega8cc - Nginx microcaching should use...
  • Commit a104712 on dev-drupal-8, dev-nginx-6.x-1.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by omega8cc:
    Issue #1528996 by omega8cc - Nginx microcaching should use...
  • Commit c76cd1c on dev-drupal-8, dev-nginx-6.x-2.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by omega8cc:
    Issue #1528996 by omega8cc - Nginx microcaching should use...
  • Commit 02f54f6 on dev-drupal-8, dev-nginx-6.x-1.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by omega8cc:
    Issue #1528996 by omega8cc - Nginx microcaching should use...