I've tried to post this at the HighPerformance Group, where I suspect it's a better fit, but it's getting refused: "Your submission has triggered the spam filter and will not be accepted."
I recently set up a D7 server and have been migrating from my old DIY setup.
In currrent state, I can't add content; other functions -- admin, etc -- work.
We use a similar config to that discussed in this group in numerous places. I understand it's not an 'out of the box' config, and something in this config is probably causing this problem. That's why I'm asking here.
My high-level config is
NGINX/SSL -> VARNISH -> APACHE/NO-SSL -> DRUPAL
In a little more detail - should be a start
nginx
@listen -> 127.0.0.1:80, redirect to 11.22.33.44:443
@listen -> 127.0.0.1:443, redirect to 11.22.33.44:443
@listen -> 11.22.33.44:80, redirect to 11.22.33.44:443
@listen -> 11.22.33.44:443
upstream VARNISH {
server 127.0.0.1:9082 weight=10 max_fails=3 fail_timeout=60s; server 127.0.0.1:11100 weight=1 backup;
}
upstream APACHE {
server 127.0.0.1:11100;
}
proxy pass to http://VARNISH @ 127.0.0.1:9082
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_set_header HTTPS on;
varnish
@exec -> -a 127.0.0.1:9082 -T 127.0.0.1:6082
@vcl -> backend default { .host = "127.0.0.1"; .port = "11000"; }
apache
@listen -> 127.0.0.1:11100 <-- NON-DRUPAL, LOCAL SITE
@ServerName -> mylocal.server.int
@listen -> 127.0.0.1:11000 <-- DRUPAL SITE
@ServerName -> drupal.server.int
RewriteEngine on
RewriteBase /
RewriteRule "(^|/)\." - [F]
RewriteCond $1 !(^index\.php|\.(gif|jpe?g|png|ico|css|js))$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]
(DRUPAL)sites/default/setting.php
$base_url = 'https://drupal.server.int';
$cookie_domain = '.drupal.server.int';
With this config, I can login, logout, admin (add/delete/modify) modules, clear caches, theme, etc etc. No problems whatsoever.
When I try to add some simple content,
@
https://drupal.server.int/node/add/test
click --> SAVE
the browser just cycles for quite awhile, fails to actually create the content, and then eventually returns (@ view source)
-------------------------------------------------------
<!--#set var="TITLE" value="Object not found!"
--><!--#include virtual="include/top.html" -->
The requested URL was not found on this server.
<!--#if expr="-n v('HTTP_REFERER')" -->
The link on the
<a href="<!--#echo encoding="url" var="HTTP_REFERER" -->">referring
page</a> seems to be wrong or outdated. Please inform the author of
<a href="<!--#echo encoding="url" var="HTTP_REFERER" -->">that page</a>
about the error.
<!--#else -->
If you entered the URL manually please check your
spelling and try again.
<!--#endif -->
<!--#include virtual="include/bottom.html" -->
-------------------------------------------------------
My various logs
==> /var/log/nginx/error.log <==
2012/05/10 21:23:03 [error] 25789#0: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.2.11.17, server: drupal.server.int, request: "POST /node/add/test HTTP/1.1", upstream: "http://127.0.0.1:9082/node/add/test", host: "drupal.server.int", referrer: "https://drupal.server.int/node/add/test"
==> /var/log/apache2/drupal.server.int.11000.error_log <==
[Thu May 10 21:23:03.255512 2012] [auth_digest:info] [pid 26614:tid 139707156784896] [client 127.0.0.1:50876] AH01778: user auth_user: nonce expired (302.00 seconds old - max lifetime 300.00) - sending new nonce, referer: https://drupal.server.int/node/add/test
[Thu May 10 21:23:03.255815 2012] [auth_digest:info] [pid 26614:tid 139707156784896] [client 127.0.0.1:50876] AH01778: user auth_user: nonce expired (302.00 seconds old - max lifetime 300.00) - sending new nonce, referer: https://drupal.server.int/node/add/test
==> /var/log/apache2/drupal.server.int.11000.log <==
drupal.server.int 10.2.11.17 - auth_user [10/May/2012:21:23:03 -0700] "POST /node/add/test HTTP/1.0" 401 - "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0"
==> /var/log/nginx/drupal.server.int.443.access.log <==
10.2.11.17 - - [10/May/2012:21:23:03 -0700] POST /node/add/test HTTP/1.1 "401" 533 "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0" "-"
==> /var/log/messages <==
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Rd PURGE /20 HTTP/1.1
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Rd Accept: */*
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Rd Host: drupal.server.intnode
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
==> /var/log/nginx/error.log <==
2012/05/10 21:24:03 [error] 25789#0: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.2.11.17, server: drupal.server.int, request: "POST /node/add/test HTTP/1.1", upstream: "http://127.0.0.1:9082/node/add/test", host: "drupal.server.int", referrer: "https://drupal.server.int/node/add/test"
==> /var/log/messages <==
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Rd PURGE /21 HTTP/1.1
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Rd Accept: */*
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Rd Host: drupal.server.intnode
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
==> /var/log/nginx/error.log <==
2012/05/10 21:25:03 [error] 25789#0: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.2.11.17, server: drupal.server.int, request: "POST /node/add/test HTTP/1.1", upstream: "http://127.0.0.1:9082/node/add/test", host: "drupal.server.int", referrer: "https://drupal.server.int/node/add/test"
==> /var/log/apache2/mylocal.server.int.11100.error_log <==
[Thu May 10 21:25:03.289744 2012] [core:info] [pid 26614:tid 139707153626880] [client 127.0.0.1:51992] AH00128: File does not exist: /data/webapps/mylocal.server.int/node, referer: https://drupal.server.int/node/add/test
==> /var/log/apache2/mylocal.server.int.11100.log <==
mylocal.server.int 10.2.11.17 - auth_user [10/May/2012:21:25:03 -0700] "POST /node/add/test HTTP/1.0" 404 618 "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0"
==> /var/log/nginx/drupal.server.int.443.access.log <==
10.2.11.17 - - [10/May/2012:21:25:03 -0700] POST /node/add/test HTTP/1.1 "404" 618 "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0" "-"
Something in here is causing me this grief but I'm stumped.
I'm hoping somebody here might have some ideas.
Randy
Comments
If I remove Varnish from the
If I remove Varnish from the stack, the "Add content" step works. So, I suspect the problem's to do with Varnish, probably my config.
Something in here is causing this grief ... I'm hoping somebody here might have some ideas.
After chatting in #varnish IRC, I've added the varnishlog and my Varnish VCL from when this occurs.
Randy
varnishlog
vcl
acl purge {"localhost"; "127.0.0.1"/24; "10.2.11.0"/24; }
acl internal { "10.2.11.0"/24; }
backend default { .port = "11000"; .host = "127.0.0.1"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; .max_connections = 250; }
sub vcl_recv {
if (req.request == "GET" && req.url ~ "^/varnishcheck$") { error 200 "Varnish is Ready"; }
if ( req.url ~ "^/(user/login|user/password|user/register|logout|admin/(.*)|node/add/(.*))" ) {return (pass);}
if (req.url ~ "^/status\.php$" ||
req.url ~ "^/update\.php$" ||
req.url ~ "^/ooyala/ping$" ||
req.url ~ "^/info/.*$" ||
req.url ~ "^/flag/.*$" ||
req.url ~ "^.*/ajax/.*$" ||
req.url ~ "^.*/ahah/.*$") { return (pass);}
if (!req.backend.healthy) {
unset req.http.Cookie;
if (req.http.X-Forwarded-Proto == "https") { set req.http.X-Forwarded-Proto = "http"; }
set req.grace = 30m;}
else { set req.grace = 15s; }
if (req.request == "PURGE") {
if (!client.ip ~ purge) { error 405 "This IP is not allowed to send PURGE requests."; }
return (lookup);
}
if (req.url ~ "^/misc/progress\.js\?[0-9]+$") { set req.url = "/misc/progress.js"; }
if (req.url ~ "^/(cron|install|update)\.php$" && !client.ip ~ internal) { error 404 "Page not found.";}
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz)$") { unset req.http.Accept-Encoding; }
elseif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; }
elseif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; }
else { unset req.http.Accept-Encoding;}
}
if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|css|js)(\?[a-z0-9]+)?$") { unset req.http.Cookie; }
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "Drupal.toolbar.collapsed=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, ";(S{1,2}ESS[a-z0-9]+|NO_CACHE)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, "Drupal.tableDrag.showWeight=[^;]+(; )?", "");
if (req.http.Cookie == "") { unset req.http.Cookie;}
else { return (pass);}
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " +
regsub(client.ip, ":.*", ""); }
else {
set req.http.X-Forwarded-For =
regsub(client.ip, ":.*", ""); }
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") { return (pipe);}
if (req.request != "GET" && req.request != "HEAD") {return (pass);}
if (req.http.Authorization || req.http.Cookie) {return (pass);}
return (lookup);
}
sub vcl_pipe { set bereq.http.connection = "close";}
sub vcl_hash {
if (req.http.Cookie) {hash_data(req.http.Cookie);}
return (hash);
}
sub vcl_hit { if (req.request == "PURGE") { purge; error 200 "Purged."; } }
sub vcl_miss { if (req.request == "PURGE") { purge; error 200 "Purged."; } }
sub vcl_fetch {
if (req.url ~ "\.(png|gif|jpg(e?)g|ico|css|js)(\?[a-z0-9]+)?$") { unset beresp.http.set-cookie; } elseif (beresp.http.Cache-Control) { unset beresp.http.Expires; }
if (beresp.status == 301) { set beresp.ttl = 1h; return(deliver); }
set beresp.grace = 30s;
}
sub vcl_deliver {
if (obj.hits > 0) { set resp.http.X-Varnish-Cache = "HIT"; set resp.http.X-Varnish-Hits = obj.hits; } else { set resp.http.x-Varnish-Cache = "MISS"; }
unset resp.http.X-Powered-By;
unset resp.http.Server;
}
Maybe you can just link to
Maybe you can just link to this from the High Performance group?
Anthony Pero
Project Lead
Virtuosic Media
http://www.virtuosic.me/
I already had
I already had ...
http://groups.drupal.org/node/230043
Disabling EXPIRE & PURGE modules fixes inabilty to add content
As I'd reported, when exec'ing any 'add/delete content' I'm seeing
in my logs. Which appears to be an unsucessful purge.
But if I exec
I see
which looks OK.
Checking in sites/all/modules/contrib/varnish/varnish.module for purge code,
So far, in this setup, 'VARNISH_SELECTIVE_CLEAR'=2, which requires the Expire module, and uses this code.
If I switch to using DrupalDefault caching
and
I can once again add/delete content with no timeout problems, with any of the VCLs I'd mentioned.
Now, I'm not sure what possibly breaks if I disable these modules :-/
Did you ever get this figured out?
I'm looking to do something similar.
Speed up Server using nginx and Varnish
Use Apachebooster which is an integration of Nginx and Varnish. It caches both static and dynamic contents and enhance the speed of the server.
You may find more details regarding apachebooster from here : http://ndimensionz.com/apachebooster/