Forum
HTTPS works a while, then stops
Kalileo
10 March 2015, 08:29
Hello Hugo,
this is the same issue already reported here twice, but in a different configuration:
- "OwnCloud and random(?) errors" https://www.hiawatha-webserver.org/forum/topic/1836
- "Probleme whit uploading big files on owncloud through hiawata reverse proxy" https://www.hiawatha-webserver.org/forum/topic/1729
My configuration is different, no reverse proxy, no ownclowd, but same problem. The configuration is an upgrade from a OpenSuse 12.3 server, unchanged. On the old server it was running for years, no issues, happy user, happy me.
Now upgrade to:
Hiawatha version: 9.11
Operating System: OpenSuse 13.2
In the testing phase, with very low traffic, I did not notice any issue. Then, in production, with quite some load, HTTPS access stops to work after sometimes 1 minute, sometimes some hours.HTTP continues to work, apparently unaffected.
- php-fpm restart does not fix it.
- hiawatha restart always fixes it, for a (short) while.
System log shows no errors, just stuff like :
...|Silent client disconnected
...|Silent client disconnected
...|Timeout while waiting for first request
...|Timeout while waiting for first request
...|Silent client disconnected
...|Silent client disconnected
...|Silent client disconnected
...|Silent client disconnected
...|Silent client disconnected
...|No cypher overlap during SSL handshake.
...|No cypher overlap during SSL handshake.
...|Silent client disconnected
Clients are a mix of windows and Mac PCs and a lot of Android, also some old boxes, so possibly using less secure SSL Versions.
I'm not sure what triggers the problem, load alone or some specific access.
In order to survive I had to put a pound proxy for handling https in front of hiawatha, so all https requests arrive at hiawatha as http only, and all is good.
I kept hiawatha serving https but on a different port, and use it for some monitoring stuff, low volume, to test if it dies anyway.
Nothing wrong with that setup now, but there is obviously an issue with hiawatha and https, now, and i report this mainly to help you fix it, because i love hiawatha, and it was running great in the old setup(s) for years, and I want to thank you for it.
this is the same issue already reported here twice, but in a different configuration:
- "OwnCloud and random(?) errors" https://www.hiawatha-webserver.org/forum/topic/1836
- "Probleme whit uploading big files on owncloud through hiawata reverse proxy" https://www.hiawatha-webserver.org/forum/topic/1729
My configuration is different, no reverse proxy, no ownclowd, but same problem. The configuration is an upgrade from a OpenSuse 12.3 server, unchanged. On the old server it was running for years, no issues, happy user, happy me.
Now upgrade to:
Hiawatha version: 9.11
Operating System: OpenSuse 13.2
In the testing phase, with very low traffic, I did not notice any issue. Then, in production, with quite some load, HTTPS access stops to work after sometimes 1 minute, sometimes some hours.HTTP continues to work, apparently unaffected.
- php-fpm restart does not fix it.
- hiawatha restart always fixes it, for a (short) while.
System log shows no errors, just stuff like :
...|Silent client disconnected
...|Silent client disconnected
...|Timeout while waiting for first request
...|Timeout while waiting for first request
...|Silent client disconnected
...|Silent client disconnected
...|Silent client disconnected
...|Silent client disconnected
...|Silent client disconnected
...|No cypher overlap during SSL handshake.
...|No cypher overlap during SSL handshake.
...|Silent client disconnected
Clients are a mix of windows and Mac PCs and a lot of Android, also some old boxes, so possibly using less secure SSL Versions.
I'm not sure what triggers the problem, load alone or some specific access.
In order to survive I had to put a pound proxy for handling https in front of hiawatha, so all https requests arrive at hiawatha as http only, and all is good.
I kept hiawatha serving https but on a different port, and use it for some monitoring stuff, low volume, to test if it dies anyway.
Nothing wrong with that setup now, but there is obviously an issue with hiawatha and https, now, and i report this mainly to help you fix it, because i love hiawatha, and it was running great in the old setup(s) for years, and I want to thank you for it.
Hugo Leisink
11 March 2015, 09:39
Please do the following. Edit config.h.in in the root directory of the Hiawatha source and uncomment the ENABLE_DEBUG at line 32. Recompile and run it with the -d option untill the problems occur. This will write a lot of SSL log information to a file called debug.log, located in probably /var/log/hiawatha or /usr/local/var/log/hiawatha (or wherever your Hiawatha logfiles are located). Sent that file to hugo@hiawatha-webserver.org.
If I'm correct, PolarSSL / mbedTLS will write timestamps to the logfile. Please, mention the time at which connection problems start. Makes it easier to debug.
If I'm correct, PolarSSL / mbedTLS will write timestamps to the logfile. Please, mention the time at which connection problems start. Makes it easier to debug.
Kalileo
13 March 2015, 18:19
I had been using the OpenSUSE provided binaries for OpenSUSE 13.2, hiawatha 9.11 (and in between also 9.7), so that's not an easy option to do now. Let me see if I can get that done, the system is in production, i have to be careful.
As mentioned above, the main load of https is running now through pound, but some low volume monitoring access (3 page loads / minute) is still happening through hiawatha https (on a non standard port). Even with this low volume the HTTPS service did die about once per day (so far).
As mentioned above, the main load of https is running now through pound, but some low volume monitoring access (3 page loads / minute) is still happening through hiawatha https (on a non standard port). Even with this low volume the HTTPS service did die about once per day (so far).
Hugo Leisink
15 March 2015, 07:57
Building a package should be easy. Just run the script extra/make_redhat_package.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
