Re: [users@httpd] Apache + Squid Proxy: AH01991: SSL input filter read failed
Am Freitag, 12. Mai 2017, 12:23:49 CEST schrieb chiasa.men: > Am Mittwoch, 3. Mai 2017, 19:32:04 CEST schrieb Luca Toscano: > > Hi, > > > > 2017-05-02 19:18 GMT+02:00 chiasa.men: > > > Hi, > > > my apache is behind a squid proxy which is configured like that: > > > https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite= > > > ww1.example.com > > > vhost > > > acl server20_domains dstdomain ww1.example.com ww2.example.com > > > http_access allow server20_domains > > > cache_peer server20 parent 443 0 no-query originserver name=server20 > > > login=PASSTHRU ssl sslversion=6 > > > cache_peer_access server20 allow server20_domains > > > cache_peer_access server20 deny all > > > > > > The idea was to send ww1 and ww2 to server20 which is hosting an apache > > > webservice for both sites. > > > It works but each time I visit one of those sites the following messages > > > appear in apache's logs: > > > > > > [00:00:39.641665] --- > > > [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47122] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47120] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47118] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47124] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47118] AH02001: Connection closed to child 11 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47124] AH02001: Connection closed to child 6 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47120] AH02001: Connection closed to child 5 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47122] AH02001: Connection closed to child 8 with standard shutdown > > > (server > > > ww1.example.com:443) > > > [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > > specified has expired: [client wwwclient:47116] AH01991: SSL input > > > filter > > > read > > > failed. > > > [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client > > > wwwclient: > > > 47116] AH02001: Connection closed to child 3 with standard shutdown > > > (server > > > ww1.example.com:443) > > > > > > The corresponding squid access.log entries would be: > > > [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" > > > TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 > > > "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 > > > "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT > > > [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 > > > "https:// > > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > > > > > > > You can see that approximately after 5s the timeout happens. Is it a > > > message > > > to worry about? (it is just "info" labled) Why does it occur? > > > > > > I sent basically the same problem to squid's mailing list because I > > > supposed > > > squid was the problematic part here. But since they suggested apache > > > could > > > be > > > the weirdo, I'm asking here > > > Thanks for your help > > > > I'd need to ask you a couple of questions since I am not familiar with > > Squid: > > > > 1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can > > you describe a bit more your set up? > > That, so it seems, was the acutal reason. Thanks for that > The default setting for squid is: > server_persistent_connections on > which means that squid keeps the connections - apache didn't > > > 2) Can you share your httpd configuration? Do you have any timeout set on > > it that might explain this in httpd or Squid (check also default > > timeouts)? > > The timeout that happens seems to be the
Re: [users@httpd] Apache + Squid Proxy: AH01991: SSL input filter read failed
Am Mittwoch, 3. Mai 2017, 19:32:04 CEST schrieb Luca Toscano: > Hi, > > 2017-05-02 19:18 GMT+02:00 chiasa.men: > > Hi, > > my apache is behind a squid proxy which is configured like that: > > https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite= > > ww1.example.com > > vhost > > acl server20_domains dstdomain ww1.example.com ww2.example.com > > http_access allow server20_domains > > cache_peer server20 parent 443 0 no-query originserver name=server20 > > login=PASSTHRU ssl sslversion=6 > > cache_peer_access server20 allow server20_domains > > cache_peer_access server20 deny all > > > > The idea was to send ww1 and ww2 to server20 which is hosting an apache > > webservice for both sites. > > It works but each time I visit one of those sites the following messages > > appear in apache's logs: > > > > [00:00:39.641665] --- > > [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47122] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47120] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47118] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47124] AH01991: SSL input filter > > read > > failed. > > [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47118] AH02001: Connection closed to child 11 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47124] AH02001: Connection closed to child 6 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47120] AH02001: Connection closed to child 5 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47122] AH02001: Connection closed to child 8 with standard shutdown > > (server > > ww1.example.com:443) > > [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > > specified has expired: [client wwwclient:47116] AH01991: SSL input filter > > read > > failed. > > [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > > 47116] AH02001: Connection closed to child 3 with standard shutdown > > (server > > ww1.example.com:443) > > > > The corresponding squid access.log entries would be: > > [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" > > TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 > > "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 > > "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 > > "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 > > "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 > > "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT > > [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https:// > > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > > > > You can see that approximately after 5s the timeout happens. Is it a > > message > > to worry about? (it is just "info" labled) Why does it occur? > > > > I sent basically the same problem to squid's mailing list because I > > supposed > > squid was the problematic part here. But since they suggested apache could > > be > > the weirdo, I'm asking here > > Thanks for your help > > I'd need to ask you a couple of questions since I am not familiar with > Squid: > > 1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can > you describe a bit more your set up? That, so it seems, was the acutal reason. Thanks for that The default setting for squid is: server_persistent_connections on which means that squid keeps the connections - apache didn't > 2) Can you share your httpd configuration? Do you have any timeout set on > it that might explain this in httpd or Squid (check also default timeouts)? The timeout that happens seems to be the KeepAliveTimeout which is set to 5 (set to 15, the same messages occur simply after 15 seconds) > 3) Not super familiar with Squid but from the logs it seems that a 503 is > logged for https://ww1.example.com/a.. Is it normal? Yes this is intended since the page requested was under maintenance. It was even the only request which did not timeout :D > > Luca
Re: [users@httpd] Apache + Squid Proxy: AH01991: SSL input filter read failed
Hi, 2017-05-02 19:18 GMT+02:00 chiasa.men: > Hi, > my apache is behind a squid proxy which is configured like that: > https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite= > ww1.example.com > vhost > acl server20_domains dstdomain ww1.example.com ww2.example.com > http_access allow server20_domains > cache_peer server20 parent 443 0 no-query originserver name=server20 > login=PASSTHRU ssl sslversion=6 > cache_peer_access server20 allow server20_domains > cache_peer_access server20 deny all > > The idea was to send ww1 and ww2 to server20 which is hosting an apache > webservice for both sites. > It works but each time I visit one of those sites the following messages > appear in apache's logs: > > [00:00:39.641665] --- > [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47122] AH01991: SSL input filter > read > failed. > [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47120] AH01991: SSL input filter > read > failed. > [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47118] AH01991: SSL input filter > read > failed. > [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47124] AH01991: SSL input filter > read > failed. > [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47118] AH02001: Connection closed to child 11 with standard shutdown > (server > ww1.example.com:443) > [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47124] AH02001: Connection closed to child 6 with standard shutdown (server > ww1.example.com:443) > [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47120] AH02001: Connection closed to child 5 with standard shutdown (server > ww1.example.com:443) > [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47122] AH02001: Connection closed to child 8 with standard shutdown (server > ww1.example.com:443) > [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout > specified has expired: [client wwwclient:47116] AH01991: SSL input filter > read > failed. > [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: > 47116] AH02001: Connection closed to child 3 with standard shutdown (server > ww1.example.com:443) > > The corresponding squid access.log entries would be: > [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" > TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 > "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 > "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 > "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 > "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 > "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT > [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https:// > ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT > > > You can see that approximately after 5s the timeout happens. Is it a > message > to worry about? (it is just "info" labled) Why does it occur? > > I sent basically the same problem to squid's mailing list because I > supposed > squid was the problematic part here. But since they suggested apache could > be > the weirdo, I'm asking here > Thanks for your help > I'd need to ask you a couple of questions since I am not familiar with Squid: 1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can you describe a bit more your set up? 2) Can you share your httpd configuration? Do you have any timeout set on it that might explain this in httpd or Squid (check also default timeouts)? 3) Not super familiar with Squid but from the logs it seems that a 503 is logged for https://ww1.example.com/a.. Is it normal? Luca
[users@httpd] Apache + Squid Proxy: AH01991: SSL input filter read failed
Hi, my apache is behind a squid proxy which is configured like that: https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite=ww1.example.com vhost acl server20_domains dstdomain ww1.example.com ww2.example.com http_access allow server20_domains cache_peer server20 parent 443 0 no-query originserver name=server20 login=PASSTHRU ssl sslversion=6 cache_peer_access server20 allow server20_domains cache_peer_access server20 deny all The idea was to send ww1 and ww2 to server20 which is hosting an apache webservice for both sites. It works but each time I visit one of those sites the following messages appear in apache's logs: [00:00:39.641665] --- [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47122] AH01991: SSL input filter read failed. [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47120] AH01991: SSL input filter read failed. [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47118] AH01991: SSL input filter read failed. [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47124] AH01991: SSL input filter read failed. [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47118] AH02001: Connection closed to child 11 with standard shutdown (server ww1.example.com:443) [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47124] AH02001: Connection closed to child 6 with standard shutdown (server ww1.example.com:443) [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47120] AH02001: Connection closed to child 5 with standard shutdown (server ww1.example.com:443) [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47122] AH02001: Connection closed to child 8 with standard shutdown (server ww1.example.com:443) [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47116] AH01991: SSL input filter read failed. [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47116] AH02001: Connection closed to child 3 with standard shutdown (server ww1.example.com:443) The corresponding squid access.log entries would be: [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT You can see that approximately after 5s the timeout happens. Is it a message to worry about? (it is just "info" labled) Why does it occur? I sent basically the same problem to squid's mailing list because I supposed squid was the problematic part here. But since they suggested apache could be the weirdo, I'm asking here Thanks for your help Regards Chia - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache + Squid Proxy: AH01991: SSL input filter read failed
Hi, my apache is behind a squid proxy which is configured like that: https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite=ww1.example.com vhost acl server20_domains dstdomain ww1.example.com ww2.example.com http_access allow server20_domains cache_peer server20 parent 443 0 no-query originserver name=server20 login=PASSTHRU ssl sslversion=6 cache_peer_access server20 allow server20_domains cache_peer_access server20 deny all The idea was to send ww1 and ww2 to server20 which is hosting an apache webservice for both sites. It works but each time I visit one of those sites the following messages appear in apache's logs: [00:00:39.641665] --- [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47122] AH01991: SSL input filter read failed. [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47120] AH01991: SSL input filter read failed. [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47118] AH01991: SSL input filter read failed. [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47124] AH01991: SSL input filter read failed. [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47118] AH02001: Connection closed to child 11 with standard shutdown (server ww1.example.com:443) [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47124] AH02001: Connection closed to child 6 with standard shutdown (server ww1.example.com:443) [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47120] AH02001: Connection closed to child 5 with standard shutdown (server ww1.example.com:443) [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47122] AH02001: Connection closed to child 8 with standard shutdown (server ww1.example.com:443) [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout specified has expired: [client wwwclient:47116] AH01991: SSL input filter read failed. [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient: 47116] AH02001: Connection closed to child 3 with standard shutdown (server ww1.example.com:443) The corresponding squid access.log entries would be: [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239 "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277 "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https:// ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT You can see that approximately after 5s the timeout happens. Is it a message to worry about? (it is just "info" labled) Why does it occur? I sent basically the same problem to squid's mailing list because I supposed squid was the problematic part here. But since they suggested apache could be the weirdo, I'm asking here Thanks for your help Regards Chia - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org