<div dir="ltr">Hey guys,<div><br></div><div>I'm getting frequent 504 errors in the browser when using even this stripped down version of my VCL. I'm also seeing the pages load with the css totally blown and just the text showing up with no graphics and no formatting.</div><div><br></div><div>It's pretty odd how inconsistent this VCL is behaving.</div><div><br></div><div>On one load of the page where the graphics are broken I'm seeing this error in the logs:<br><br><div> 10 TxHeader c Connection: close</div><div> 10 TxHeader c X-Cache: MISS</div><div> 10 Debug c Write error, retval = -1, len = 602, errno = Connection reset by peer</div><div> 10 ReqEnd c 241437586 1438049428.763690233 1438049435.868994236 0.000110626 7.105183125 0.000120878</div><div> 10 StatSess c 54.86.143.49 48979 7 1 1 0 0 1 602 0</div><div> 0 CLI - Rd ping</div><div> 0 CLI - Wr 200 19 PONG 1438049436 1.0</div></div><div><br></div><div>And on 504 errors I'm seeing this result in the logs:<br><br><div>10 TxHeader c Via: 1.1 varnish</div><div> 10 TxHeader c Connection: close</div><div> 10 TxHeader c X-Cache: MISS</div><div> 10 Length c 316</div><div> 10 ReqEnd c 241437672 1438049679.750560999 1438049679.750730276 0.000099182 0.000094652 0.000074625</div><div> 10 SessionClose c error</div><div> 10 StatSess c 54.86.143.49 49821 0 1 1 0 0 0 285 316<br><br><br>I'm running 3 back ends using apache 2.4 on Centos 7. I'm running two Varnish nodes at version 3.0.5.</div></div><div><br></div><div>All 3 web backends are checking in as healthy:<br><br><div>[root@varnish1:/etc/varnish] #varnishadm -n varnish1 debug.health</div><div>Backend web1 is Healthy</div><div>Current states good: 3 threshold: 2 window: 3</div><div>Average responsetime of good probes: 0.026873</div><div>Oldest Newest</div><div>================================================================</div><div>--------------------------------------------------------------44 Good IPv4</div><div>--------------------------------------------------------------XX Good Xmit</div><div>--------------------------------------------------------------RR Good Recv</div><div>------------------------------------------------------------HHHH Happy</div><div>Backend web2 is Healthy</div><div>Current states good: 3 threshold: 2 window: 3</div><div>Average responsetime of good probes: 0.029118</div><div>Oldest Newest</div><div>================================================================</div><div>--------------------------------------------------------------44 Good IPv4</div><div>--------------------------------------------------------------XX Good Xmit</div><div>--------------------------------------------------------------RR Good Recv</div><div>------------------------------------------------------------HHHH Happy</div><div>Backend web3 is Healthy</div><div>Current states good: 3 threshold: 2 window: 3</div><div>Average responsetime of good probes: 0.029101</div><div>Oldest Newest</div><div>================================================================</div><div>--------------------------------------------------------------44 Good IPv4</div><div>--------------------------------------------------------------XX Good Xmit</div><div>--------------------------------------------------------------RR Good Recv</div><div>------------------------------------------------------------HHHH Happy</div></div><div><br></div><div>And here is the VCL that I am having this trouble with:<br><br>
<p class="p1">[root@varnish1:/etc/varnish] #egrep -v "^#|^$" default.vcl</p>
<p class="p1">backend web1 {</p>
<p class="p1"> .host = “10.10.10.25”;</p>
<p class="p1"> .port = "80";</p>
<p class="p1"> .connect_timeout = 45s;</p>
<p class="p1"> .first_byte_timeout = 45s;</p>
<p class="p1"> .between_bytes_timeout = 45s;</p>
<p class="p1"> .max_connections = 70;</p>
<p class="p1"> .probe = {</p>
<p class="p1"> .request =</p>
<p class="p1"> "GET /healthcheck.php HTTP/1.1"</p>
<p class="p1"> "Host: <a href="http://wiki.example.com">wiki.example.com</a>"</p>
<p class="p1"> "Authorization: Basic SomeLongBase64Hash="</p>
<p class="p1"> "Connection: close";</p>
<p class="p1"> .interval = 10m;</p>
<p class="p1"> .timeout = 60s;</p>
<p class="p1"> .window = 3;</p>
<p class="p1"> .threshold = 2;</p>
<p class="p1"> }</p>
<p class="p1">}</p>
<p class="p1">backend web2 {</p>
<p class="p1"> .host = “10.10.10.26”;</p>
<p class="p1"> .port = "80";</p>
<p class="p1"> .connect_timeout = 45s;</p>
<p class="p1"> .first_byte_timeout = 45s;</p>
<p class="p1"> .between_bytes_timeout = 45s;</p>
<p class="p1"> .max_connections = 70;</p>
<p class="p1"> .probe = {</p>
<p class="p1"> .request =</p>
<p class="p1"> "GET /healthcheck.php HTTP/1.1"</p>
<p class="p1"> "Host: <a href="http://wiki.example.com">wiki.example.com</a>"</p>
<p class="p1"> "Authorization: Basic SomeLongBase64Hash="</p>
<p class="p1"> "Connection: close";</p>
<p class="p1"> .interval = 10m;</p>
<p class="p1"> .timeout = 60s;</p>
<p class="p1"> .window = 3;</p>
<p class="p1"> .threshold = 2;</p>
<p class="p1"> }</p>
<p class="p1">}</p>
<p class="p1">backend web3 {</p>
<p class="p1"> .host = “10.10.10.27”;</p>
<p class="p1"> .port = "80";</p>
<p class="p1"> .connect_timeout = 45s;</p>
<p class="p1"> .first_byte_timeout = 45s;</p>
<p class="p1"> .between_bytes_timeout = 45s;</p>
<p class="p1"> .max_connections = 70;</p>
<p class="p1"> .probe = {</p>
<p class="p1"> .request =</p>
<p class="p1"> "GET /healthcheck.php HTTP/1.1"</p>
<p class="p1"> "Host: <a href="http://wiki.example.com">wiki.example.com</a>"</p>
<p class="p1"> "Authorization: Basic SomeLongBase64Hash="</p>
<p class="p1"> "Connection: close";</p>
<p class="p1"> .interval = 10m;</p>
<p class="p1"> .timeout = 60s;</p>
<p class="p1"> .window = 3;</p>
<p class="p1"> .threshold = 2;</p>
<p class="p1"> }</p>
<p class="p1">}</p>
<p class="p1">director www round-robin {</p>
<p class="p1"> { .backend = web1; }</p>
<p class="p1"> { .backend = web2; }</p>
<p class="p1"> { .backend = web3; }</p>
<p class="p1"> }</p>
<p class="p1">sub vcl_recv {</p>
<p class="p1"> set req.backend = www;</p>
<p class="p1"> unset req.http.Cookie;</p>
<p class="p1"> if (! req.http.Authorization ~ "Basic SomeLongBase64Hash=" && ! req.http.Authorization ~ "Basic AnotherLongBase64Hash=" )</p>
<p class="p1"> {</p>
<p class="p1"> error 401 "Restricted";</p>
<p class="p1"> }</p>
<p class="p1"> if (req.url ~ "&action=submit($|/)") {</p>
<p class="p1"> return (pass);</p>
<p class="p1"> }</p>
<p class="p1"> return (lookup);</p>
<p class="p1">}</p>
<p class="p1">sub vcl_fetch {</p>
<p class="p1"> set beresp.ttl = 3600s;</p>
<p class="p1"> set beresp.grace = 4h;</p>
<p class="p1"> return (deliver);</p>
<p class="p1">}</p>
<p class="p1">sub vcl_error {</p>
<p class="p1"> if (obj.status == 401) {</p>
<p class="p1"> set obj.http.Content-Type = "text/html; charset=utf-8";</p>
<p class="p1"> set obj.http.WWW-Authenticate = "Basic realm=Secured";</p>
<p class="p1"> synthetic {"</p>
<p class="p1"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "<a href="http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd</a>"></p>
<p class="p1"> <HTML></p>
<p class="p1"> <HEAD></p>
<p class="p1"> <TITLE>Error</TITLE></p>
<p class="p1"> <META HTTP-EQUIV='Content-Type' CONTENT='text/html;'></p>
<p class="p1"> </HEAD></p>
<p class="p1"> <BODY><H1>401 Unauthorized (varnish)</H1></BODY></p>
<p class="p1"> </HTML></p>
<p class="p1"> "};</p>
<p class="p1"> return (deliver);</p>
<p class="p1"> }</p>
<p class="p1">}</p>
<p class="p1">sub vcl_deliver {</p>
<p class="p1"> if (obj.hits> 0) {</p>
<p class="p1"> set resp.http.X-Cache = "HIT";</p>
<p class="p1"> } else {</p>
<p class="p1"> set resp.http.X-Cache = "MISS";</p>
<p class="p1"> }</p>
<p class="p1"> }</p><p class="p1"><br></p><p class="p1">The IP's you see listed above are fake. I'm not really running the web servers on a 10-net.</p><p class="p1">I'm really looking forward to getting this solved! And I'd appreciate any feedback you may have.</p><p class="p1"><br></p><p class="p1">Thanks,</p><p class="p1">Tim</p></div><div><br></div><div><br clear="all"><div><br></div>-- <br><div class="gmail_signature">GPG me!!<br><br>gpg --keyserver <a href="http://pool.sks-keyservers.net" target="_blank">pool.sks-keyservers.net</a> --recv-keys F186197B<br><br></div>
</div></div>