清漆在将其分离到容器中后抛出 503 错误
问题描述 投票:0回答:2
下面是 Varnish 容器及其日志和应用程序容器及其日志。
在我将 varnish 分离到容器中之前,varnish 在具有相同以下设置的应用程序容器中工作正常,但是在我分离到容器中后 varnish 抛出 503/500 错误
下面的日志,我在尝试更新应用程序内容时看到的。 varnish容器IP:172.100.0.10暴露8443端口, 应用容器IP:172.100.0.2
清漆容器原木
/etc/varnish # varnishlog
* << Session >> 98305
- Begin sess 0 PROXY
- SessOpen 172.100.0.2 42968 proxy 172.100.0.10 8443 1682051212.332568 26
- SessClose RX_TIMEOUT 5.004
- End
* << BeReq >> 6
- Begin bereq 5 pass
- VCL_use boot
- Timestamp Start: 1682051211.655727 0.000000 0.000000
- BereqMethod PUT
- BereqURL /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645
- BereqProtocol HTTP/1.1
- BereqHeader Host: cms-application.dev.abc.eu
- BereqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- BereqHeader Content-Type: application/json
- BereqHeader X-Requested-With: XMLHttpRequest
- BereqHeader sec-ch-ua-mobile: ?0
- BereqHeader User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- BereqHeader sec-ch-ua-platform: "Linux"
- BereqHeader Accept: */*
- BereqHeader Origin: https://cms-application.dev.abc.eu
- BereqHeader Sec-Fetch-Site: same-origin
- BereqHeader Sec-Fetch-Mode: cors
- BereqHeader Sec-Fetch-Dest: empty
- BereqHeader Referer: https://cms-application.dev.abc.eu/application/
- BereqHeader Accept-Encoding: gzip, deflate, br
- BereqHeader Accept-Language: en-GB,en;q=0.9
- BereqHeader Cookie: Laminas_Auth=ctmm16mcsu765iuljdsvlf90t3
- BereqHeader X-Forwarded-Port: 443
- BereqHeader X-Forwarded-Proto: https
- BereqHeader X-Forwarded-Host: cms-application.dev.abc.eu
- BereqHeader X-Forwarded-Server: proxy.dev.abc.eu
- BereqHeader Content-Length: 1282
- BereqHeader X-Forwarded-For: 172.100.0.1, 172.100.0.2
- BereqHeader Via: 1.1 varnish-container (Varnish/7.2)
- BereqHeader X-Varnish: 6
- VCL_call BACKEND_FETCH
- VCL_return fetch
- Timestamp Fetch: 1682051211.655792 0.000065 0.000065
- Timestamp Connected: 1682051211.656080 0.000353 0.000288
- BackendOpen 31 default 172.100.0.2 8080 172.100.0.10 44590 connect
- Timestamp Bereq: 1682051211.656426 0.000699 0.000345
- Timestamp Beresp: 1682051217.350016 5.694289 5.693590
- BerespProtocol HTTP/1.1
- BerespStatus 500
- BerespReason Internal Server Error
- BerespHeader Date: Fri, 21 Apr 2023 04:26:51 GMT
- BerespHeader Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
- BerespHeader X-Powered-By: PHP/7.4.33
- BerespHeader Cache-Control: max-age=0, must-revalidate, no-cache, public
- BerespHeader Edge-Control: no-store
- BerespHeader X-Varnish-Tags: #website_5#
- BerespHeader Edge-Cache-Tag: #website_5#
- BerespHeader X-Webserver: Unknown
- BerespHeader Connection: close
- BerespHeader Transfer-Encoding: chunked
- BerespHeader Content-Type: text/html; charset=UTF-8
- VCL_call BACKEND_RESPONSE
- BerespHeader x-url: /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645
- BerespHeader x-host: cms-application.dev.abc.eu
- VCL_return abandon
- BackendClose 31 default close Backend/VCL requested close
- BereqAcct 1002 1282 2284 404 0 404
- End
* << Request >> 5
- Begin req 4 rxreq
- Timestamp Start: 1682051211.655401 0.000000 0.000000
- Timestamp Req: 1682051211.655475 0.000073 0.000073
- VCL_use boot
- ReqStart 172.100.0.2 44296 http
- ReqMethod PUT
- ReqURL /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645
- ReqProtocol HTTP/1.1
- ReqHeader Host: cms-application.dev.abc.eu
- ReqHeader sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
- ReqHeader Content-Type: application/json
- ReqHeader X-Requested-With: XMLHttpRequest
- ReqHeader sec-ch-ua-mobile: ?0
- ReqHeader User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
- ReqHeader sec-ch-ua-platform: "Linux"
- ReqHeader Accept: */*
- ReqHeader Origin: https://cms-application.dev.abc.eu
- ReqHeader Sec-Fetch-Site: same-origin
- ReqHeader Sec-Fetch-Mode: cors
- ReqHeader Sec-Fetch-Dest: empty
- ReqHeader Referer: https://cms-application.dev.abc.eu/application/
- ReqHeader Accept-Encoding: gzip, deflate, br
- ReqHeader Accept-Language: en-GB,en;q=0.9
- ReqHeader Cookie: Laminas_Auth=ctmm16mcsu765iuljdsvlf90t3
- ReqHeader X-Forwarded-Port: 443
- ReqHeader X-Forwarded-Proto: https
- ReqHeader X-Forwarded-For: 172.100.0.1
- ReqHeader X-Forwarded-Host: cms-application.dev.abc.eu
- ReqHeader X-Forwarded-Server: proxy.dev.abc.eu
- ReqHeader Connection: Keep-Alive
- ReqHeader Content-Length: 1282
- ReqUnset X-Forwarded-For: 172.100.0.1
- ReqHeader X-Forwarded-For: 172.100.0.1, 172.100.0.2
- ReqHeader Via: 1.1 varnish-container (Varnish/7.2)
- VCL_call RECV
- VCL_return pass
- VCL_call HASH
- VCL_return lookup
- VCL_call PASS
- VCL_return fetch
- Link bereq 6 pass
- Storage malloc Transient
- Timestamp ReqBody: 1682051211.656364 0.000962 0.000889
- Timestamp Fetch: 1682051217.350135 5.694733 5.693770
- RespProtocol HTTP/1.1
- RespStatus 503
- RespReason Service Unavailable
- RespHeader Date: Fri, 21 Apr 2023 04:26:57 GMT
- RespHeader Server: Varnish
- RespHeader X-Varnish: 5
- VCL_call SYNTH
- RespHeader Content-Type: text/html; charset=utf-8
- RespHeader Retry-After: 5
- VCL_return deliver
- Timestamp Process: 1682051217.350186 5.694785 0.000051
- RespHeader Content-Length: 275
- Storage malloc Transient
- Filters
- RespHeader Connection: keep-alive
- Timestamp Resp: 1682051217.350264 5.694862 0.000077
- ReqAcct 958 1282 2240 205 275 480
- End
* << Session >> 4
- Begin sess 0 HTTP/1
- SessOpen 172.100.0.2 44296 http 172.100.0.10 80 1682051211.655293 24
- Link req 5 rxreq
- SessClose RX_CLOSE_IDLE 10.697
- End
应用容器日志
[root@application-container www]# tail -f /var/log/httpd/ssl_request_log
[21/Apr/2023:06:26:51 +0200] 172.100.0.1 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "PUT /application/shared-content/59b2a2390d3b922876493013?_dc=1682051211645 HTTP/1.1" 275
default.vcl
# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
import std;
# Default backend definition. Set this to point to your content server.
backend default {
.host = "application-container";
.port = "8080";
}
backend blogproxy {
.host = "ip";
.port = "80";
}
acl abc {
"application-container";
}
acl abc_loadbalancer {
"application-container";
}
sub vcl_recv {
# Use true client ip from Akamai CDN
if (req.http.True-Client-IP) {
set req.http.X-Forwarded-For = req.http.True-Client-IP;
}
if (req.restarts == 0) {
if (req.http.X-Forwarded-For && client.ip !~ abc_loadbalancer) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} elseif (client.ip !~ abc_loadbalancer) {
set req.http.X-Forwarded-For = client.ip;
}
}
if(req.method == "BAN") {
if (client.ip !~ abc) {
return(synth(405, "Not allowed"));
}
ban("obj.http.x-url == " + req.url);
return(synth(200, "Ban added"));
}
if (req.http.host ~ "^nl-s_app" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.nl";
return(pass);
}
if (req.http.host ~ "^www\.s_app\.de" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.de";
return(pass);
}
if (req.http.host ~ "^www\.s_app\.fr" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.fr";
return(pass);
}
if (req.http.host ~ "^www\.s_app\.co\.uk" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.s_app.nl";
set req.http.X-Forwarded-Host = "www.s_app.co.uk";
return(pass);
}
if (req.http.host ~ "^nl-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.nl";
return(pass);
}
if (req.http.host ~ "^de-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.de";
return(pass);
}
if (req.http.host ~ "^fr-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.fr";
return(pass);
}
if (req.http.host ~ "^en-application" && req.url ~ "^/blog/") {
set req.backend_hint = blogproxy;
set req.http.host = "blogproxy.application.nl";
set req.http.X-Forwarded-Host = "www.application.co.uk";
return(pass);
}
if (req.http.url ~ "^/xml.*") {
return (pass);
}
if (req.http.host ~ "^api") {
return (pipe);
}
# Only bypass cache for development
if (req.http.Cache-Control ~ "(private|no-cache|no-store)" || req.http.Pragma == "no-cache") {
return (pipe);
}
if (
req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
# Non-RFC2616 or CONNECT which is weird.
return (pass);
}
# Never cache POST or HEAD requests
if (
req.method == "HEAD" ||
req.method == "POST" ||
req.method == "PUT") {
return (pass);
}
# Set a header announcing Surrogate Capability to the origin
if (req.http.Surrogate-Control ~ "content\x3D\x22ESI\/1\.0\x22\x3BAkamai") {
set req.http.Surrogate-Capability = "akamai=ESI/1.0";
} else {
set req.http.Surrogate-Capability = "varnish=ESI/1.0";
}
# Skip Varnish for the CMS
if (req.http.host ~ "^cms-application") {
return (pass);
}
# Sync jobs should also not use Varnish
if (req.url ~ "sync") {
return (pass);
}
if (req.url ~ "logout" || req.url ~ "callback" || req.url ~ "account" || req.url ~ "/affiliate/") {
return (pass);
}
# Normalize the accept encoding header
call normalize_accept_encoding;
# Strip cookies from static assets
if (req.url ~ "(?i)\.(css|js|txt|xml|bmp|png|gif|jpeg|jpg|svg|ico|mp3|mp4|swf|flv|ttf|woff|pdf)(\?.*)?$") {
unset req.http.Cookie;
}
# Serving ESI
if (req.esi_level > 0) {
set req.http.X-Esi = 1;
set req.http.X-Esi-Parent = req_top.url;
} else {
unset req.http.X-Esi;
}
# Strip not allowed cookies
call strip_not_allowed_cookies;
# Strip out all Google query parameters
call strip_google_query_params;
# Strip hash, server doesn't need it.
if (req.url ~ "\#") {
set req.url = regsub(req.url, "\#.*$", "");
}
# if (req.http.X-Forwarded-For ~ "80.95.169.59") {
# if (client.ip ~ abc) {
# Enable the feature toggle button via cookie
# set req.http.Cookie = "abcToggle-abc-feature-toggles=true;" + req.http.Cookie;
# }
return (hash);
}
sub vcl_backend_response {
set beresp.http.x-url = bereq.url;
set beresp.http.x-host = bereq.http.host;
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
return (abandon);
}
# Stop Caching 302 or 301 or 303 redirects
if (beresp.status == 302 || beresp.status == 301 || beresp.status == 303) {
set beresp.ttl = 0s;
set beresp.uncacheable = true;
return (deliver);
}
# Don't cache 404 responses
if ( beresp.status == 404 ) {
set beresp.ttl = 0s;
set beresp.uncacheable = true;
return (deliver);
}
# Set cache-control headers for 410
if (beresp.status == 410) {
set beresp.ttl = 2d;
}
if (bereq.http.Surrogate-Control ~ "content\x3D\x22ESI\/1\.0\x22\x3BAkamai") {
set beresp.do_esi = false;
set beresp.http.X-Esi-Processor = bereq.http.Surrogate-Control;
} elseif (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
set beresp.http.X-Esi-Processor = bereq.http.Surrogate-Control;
}
unset beresp.http.Vary;
# Strip cookies from static assets
if (bereq.url ~ "\.(css|js|txt|xml|bmp|png|gif|jpeg|jpg|svg|ico|mp3|mp4|swf|flv|ttf|woff|pdf)$") {
unset beresp.http.Set-cookie;
}
# Mark as "Hit-For-Pass" for the next 5 minutes
# Zend-Auth (EC session handling) cookie isset, causing no page to be cached anymore.
# if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") {
if (beresp.ttl <= 0s || beresp.http.Vary == "*") {
set beresp.uncacheable = true;
set beresp.ttl = 300s;
}
# Grace: when several clients are requesting the same page Varnish will send one request to the webserver and
# serve old cache to the others for x secs
set beresp.grace = 30s;
return (deliver);
}
sub vcl_deliver {
# Add a header indicating the response came from Varnish, only for ABC IP addresses
# if (std.ip(regsub(req.http.X-Forwarded-For, "[, ].*$", ""), "0.0.0.0") ~ abc) {
set resp.http.X-Varnish-Client-IP = client.ip;
set resp.http.X-Varnish-Server-IP = server.ip;
set resp.http.X-Varnish-Local-IP = local.ip;
set resp.http.X-Varnish-Remote-IP = remote.ip;
set resp.http.X-Varnish-Forwarded-For = req.http.X-Forwarded-For;
set resp.http.X-Varnish-Webserver = "abc-cache-dev";
set resp.http.X-Varnish-Cache-Control = resp.http.Cache-Control;
set resp.http.X-Edge-Control = resp.http.Edge-Control;
if (resp.http.x-varnish ~ " ") {
set resp.http.X-Varnish-Cache = "HIT";
set resp.http.X-Varnish-Cached-Hits = obj.hits;
} else {
set resp.http.X-Varnish-Cached = "MISS";
}
# Add a header indicating the feature toggle status
set resp.http.X-Varnish-FeatureToggle = req.http.FeatureToggle;
#} else {
# unset resp.http.x-varnish-tags;
#}
# strip host and url headers, no need to send it to the client
unset resp.http.x-url;
unset resp.http.x-host;
return (deliver);
}
# strip host and url headers, no need to send it to the client
sub strip_not_allowed_cookies {
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(abcToggle-[^;]*)=", "; \1=");
# set req.http.Cookie = regsuball(req.http.Cookie, ";(redirect_url)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
unset req.http.Cookie;
}
}
}
# Remove the Google Analytics added parameters, useless for our backend
sub strip_google_query_params {
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|_ga|PHPSESSID)=" && req.url !~ "(tradedoubler|index\.html|deeplink|affiliate)" && req.url !~ "^\/[0-9]{6}") {
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|_ga|PHPSESSID)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|_ga|PHPSESSID)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
}
# Normalize the accept-encoding header to minimize the number of cache variations
sub normalize_accept_encoding {
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# Skip, files are already compressed
unset req.http.Accept-Encoding;
} elseif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
unset req.http.Accept-Encoding;
}
}
}
sub vcl_hash {
# Add the feature toggles to the hash
if (req.http.Cookie ~ "abcToggle-") {
set req.http.FeatureToggle = regsuball(req.http.cookie, "(abcToggle-[^;]*)", "\1");
hash_data(req.http.FeatureToggle);
}
if (req.http.X-Akamai-Staging ~ "ESSL") {
hash_data(req.http.x-akamai-staging);
}
# When the ESI handling is not done by Akamai, create a new cache set, because varnish will process the ESI tags.
if (req.http.Surrogate-Control !~ "content\x3D\x22ESI\/1\.0\x22\x3BAkamai") {
hash_data("varnish-handles-ESI");
}
if (req.http.Cookie ~ "redirect_url") {
hash_data("redirect_url");
}
hash_data(req.http.X-Forwarded-Proto);
}
代码库调试后的最新发现
while (!feof($this->socket)) {
if (($response = fgets($this->socket, 1024)) === false) {
$metaData = stream_get_meta_data($this->socket);
if ($metaData['timed_out']) {
throw new RuntimeException('Varnish CLI timed out');
}
throw new RuntimeException('Unable to read from Varnish CLI');
}
if (strlen($response) === 13 && preg_match('/^(\d{3}) (\d+)/', $response, $matches)) {
$statusCode = (int) $matches[1];
$responseLength = (int) $matches[2];
break;
}
}
fgets($this->socket, 1024) return values incase of varnish 作为服务安装在应用程序容器中
fgets($this->socket, 1024) return false incase of varnish 作为一个单独的容器安装
2个回答
0
投票
投票
哼...
您是否看到您的应用程序抛出 500 HTTP 错误?
- BerespStatus 500
- BerespReason Internal Server Error
应用程序容器日志可能不是对您的情况有帮助的日志。它指的是 HTTP 连接(并且您可能在 varnish 和您的应用程序之间没有 HTTPS)...以及请求 IP (172.100.0.1)不是 varnish 容器 IP (172.100.0.10)。您可能正在查看代理容器日志,它似乎位于您的清漆配置之上。
0
投票
投票
很明显,HTTP 503错误返回给客户端,因为后端返回HTTP 500错误。
如果您通过调试得出结论,由于无法访问 Varnish CLI,您的代码中抛出了异常,您应该在 Docker 中公开 CLI 端口,挂载秘密文件并连接到应用程序中的该端点。
你能分享你的
Dockerfiledocker rundocker-compose.yml最新问题
- 获取 Perl 命令行参数时出现问题
- Django 安装的应用程序位置
- org.openqa.selenium.NoSuchSessionException:没有这样的会话
- 机器学习算法
- 运行 SSM 文档时,Systemd 服务单元无法访问 Ubuntu 中的 Jarfile
- 为什么`fromDouble`不是`Num`的方法?
- Delphi 7 TComPort 未开放端口
- 有没有办法让 macos/Runner.xcworkspace 中的版本和内部版本号自动匹配 pubspec.yaml 中的版本和内部版本号?
- 在 OS X 中获取 mac 地址的 Shell 命令 [已关闭]
- 如何在Python3.10+中获取导入包的发行版名称
- git 正在尝试在 'git rebase --interactive <commit>'
- 如何卸载Docker或删除Docker目录?
- 使用 startAfter 检索数据时从 firestore 得到相同的响应
- 我不知道我遇到了什么错误..任何人都可以解释如何解决这个问题吗?
- MSVC++ 警告标志的 Wextra 替代方案
- 写入 STDOUT 时,Resque 作业失败并显示“Broken pipeline @ io_write - <STDOUT>”(Errno::EPIPE)
- Terraform 源代码中的两个斜杠如何工作?
- exec /usr/java/openjdk-20/bin/java:运行 docker 映像 AWS ECS fargate 时执行格式错误
- 防止 Kivy 留下调试消息
- 使用 flutter 在 iOS 应用程序中进行购买
© www.soinside.com 2019 - 2024. All rights reserved.