ELB -> varnish -> nginx ->> ELB —>> nginx —->>> magento

#amazon-web-services #nginx #magento #varnish

#amazon-веб-сервисы #nginx #magento #лак

Вопрос:

502 Плохой шлюз Привет! помогите с настройкой. Есть 2шт ec2. Они объединены в alb aws в разные целевые группы с одной группой безопасности. 1 ec2 лак и nginx. 2 ec2 magento nginx. Varnish 80 — >> обновление >> alb >> magento. Лак 502 выдает ошибку, пожалуйста, помогите…

ec2 лак nginx.conf

     worker_processes  1;

       events {
    worker_connections 1024;
     }

http {
include       mime.types;
sendfile on;
default_type  application/octet-stream;

keepalive_timeout  65;

server_tokens off;

server {
listen      127.0.0.1:8080;

resolver 8.8.8.8 valid=10s;
        resolver_timeout 10s;
location / {

 
 set $backend_servers http://111-1087349.eu-central-1.elb.amazonaws.com;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header Ssl-Offloaded $scheme;
 fastcgi_buffer_size 32k;
 fastcgi_busy_buffers_size 32k;
 fastcgi_buffers 4 32k;
 proxy_buffer_size   64k;
 proxy_buffers   4 64k;
 proxy_busy_buffers_size   64k;
 proxy_pass $backend_servers;
 proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Ssl-Offloaded "1";

 }
}
}
 

EC2 magento conf

 upstream fastcgi_backend {
  server  unix:/var/run/php/php7.2-fpm.sock;
}

server {

  listen 80;


  server_name 111-1087349.eu-central-1.elb.amazonaws.com;
  set $MAGE_ROOT /var/www/html/magento2;
  set $MAGE_DEBUG_SHOW_ARGS 1;
  fastcgi_buffer_size 32k;
  fastcgi_busy_buffers_size 32k;
  fastcgi_buffers 4 32k;
  proxy_buffer_size   64k;
  proxy_buffers   4 64k;
  proxy_busy_buffers_size   64k;

  include /var/www/html/magento2/nginx.conf.sample;


}
 

лак/по умолчанию.vcl

 # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 5
vcl 4.0;

import std;
# The minimal Varnish version is 5.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'

backend default {
    .host = "127.0.0.1";
    .port = "";
    .first_byte_timeout = 600s;
    
}

acl purge {

}

sub vcl_recv {
    if (req.method == "PURGE") {
        if (client.ip !~ purge) {
            return (synth(405, "Method not allowed"));
        }
        # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
        # has been added to the response in your backend server config. This is used, for example, by the
        # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
        if (!req.http.X-Magento-Tags-Pattern amp;amp; !req.http.X-Pool) {
            return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
        }
        if (req.http.X-Magento-Tags-Pattern) {
          ban("obj.http.X-Magento-Tags ~ "   req.http.X-Magento-Tags-Pattern);
        }
        if (req.http.X-Pool) {
          ban("obj.http.X-Pool ~ "   req.http.X-Pool);
        }
        return (synth(200, "Purged"));
    }

    if (req.method != "GET" amp;amp;
        req.method != "HEAD" amp;amp;
        req.method != "PUT" amp;amp;
        req.method != "POST" amp;amp;
        req.method != "TRACE" amp;amp;
        req.method != "OPTIONS" amp;amp;
        req.method != "DELETE") {
          /* Non-RFC2616 or CONNECT which is weird. */
          return (pipe);
    }

    # We only deal with GET and HEAD by default
    if (req.method != "GET" amp;amp; req.method != "HEAD") {
        return (pass);
    }

    # Bypass shopping cart, checkout and search requests
    if (req.url ~ "/checkout" || req.url ~ "/catalogsearch") {
        return (pass);
    }

    # Bypass health check requests
    if (req.url ~ "/pub/health_check.php") {
        return (pass);
    }

    # Set initial grace period usage status
    set req.http.grace = "none";

    # normalize url in case of leading HTTP scheme and domain
    set req.url = regsub(req.url, "^http[s]?://", "");

    # collect all cookies
    std.collect(req.http.Cookie);

    # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
    if (req.http.Accept-Encoding) {
        if (req.url ~ ".(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
            # No point in compressing these
            unset req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate" amp;amp; req.http.user-agent !~ "MSIE") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            # unknown algorithm
            unset req.http.Accept-Encoding;
        }
    }

    # Remove all marketing get parameters to minimize the cache objects
    if (req.url ~ "(?|amp;)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z] |utm_[a-z] |_bta_[a-z] )=") {
        set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z] |utm_[a-z] |_bta_[a-z] )=[-_A-z0-9 ()%.] amp;?", "");
        set req.url = regsub(req.url, "[?|amp;] $", "");
    }

    # Static files caching
    if (req.url ~ "^/(pub/)?(media|static)/") {
        # Static files should not be cached by default
        return (pass);

        # But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
        #unset req.http.Https;
        #unset req.http.X-Forwarded-Proto;
        #unset req.http.Cookie;
    }

    return (hash);
}

sub vcl_hash {
    if (req.http.cookie ~ "X-Magento-Vary=") {
        hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;] );*.*$", "1"));
    }

    # For multi site configurations to not cache each other's content
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }

    # To make sure http users don't see ssl warning
    if (req.http.X-Forwarded-Proto) {
        hash_data(req.http.X-Forwarded-Proto);
    }
    

    if (req.url ~ "/graphql") {
        call process_graphql_headers;
    }
}

sub process_graphql_headers {
    if (req.http.Store) {
        hash_data(req.http.Store);
    }
    if (req.http.Content-Currency) {
        hash_data(req.http.Content-Currency);
    }
}

sub vcl_backend_response {

    set beresp.grace = 3d;

    if (beresp.http.content-type ~ "text") {
        set beresp.do_esi = true;
    }

    if (bereq.url ~ ".js$" || beresp.http.content-type ~ "text") {
        set beresp.do_gzip = true;
    }

    if (beresp.http.X-Magento-Debug) {
        set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
    }

    # cache only successfully responses and 404s
    if (beresp.status != 200 amp;amp; beresp.status != 404) {
        set beresp.ttl = 0s;
        set beresp.uncacheable = true;
        return (deliver);
    } elsif (beresp.http.Cache-Control ~ "private") {
        set beresp.uncacheable = true;
        set beresp.ttl = 86400s;
        return (deliver);
    }

    # validate if we need to cache it and prevent from setting cookie
    if (beresp.ttl > 0s amp;amp; (bereq.method == "GET" || bereq.method == "HEAD")) {
        unset beresp.http.set-cookie;
    }

   # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
   if (beresp.ttl <= 0s ||
       beresp.http.Surrogate-control ~ "no-store" ||
       (!beresp.http.Surrogate-Control amp;amp;
       beresp.http.Cache-Control ~ "no-cache|no-store") ||
       beresp.http.Vary == "*") {
        # Mark as Hit-For-Pass for the next 2 minutes
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;
    }

    return (deliver);
}

sub vcl_deliver {
    if (resp.http.X-Magento-Debug) {
        if (resp.http.x-varnish ~ " ") {
            set resp.http.X-Magento-Cache-Debug = "HIT";
            set resp.http.Grace = req.http.grace;
        } else {
            set resp.http.X-Magento-Cache-Debug = "MISS";
        }
    } else {
        unset resp.http.Age;
    }

    # Not letting browser to cache non-static files.
    if (resp.http.Cache-Control !~ "private" amp;amp; req.url !~ "^/(pub/)?(media|static)/") {
        set resp.http.Pragma = "no-cache";
        set resp.http.Expires = "-1";
        set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
    }

    unset resp.http.X-Magento-Debug;
    unset resp.http.X-Magento-Tags;
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.X-Varnish;
    unset resp.http.Via;
    unset resp.http.Link;
}

sub vcl_hit {
    if (obj.ttl >= 0s) {
        # Hit within TTL period
        return (deliver);
    }
    if (std.healthy(req.backend_hint)) {
        if (obj.ttl   s > 0s) {
            # Hit after TTL expiration, but within grace period
            set req.http.grace = "normal (healthy server)";
            return (deliver);
        } else {
            # Hit after TTL and grace expiration
            return (miss);
        }
    } else {
        # server is not healthy, retrieve from cache
        set req.http.grace = "unlimited (unhealthy server)";
        return (deliver);
    }
}
 

журнал лакирования

 << BeReq    >> 294975    
-   Begin          bereq 294974 fetch
-   Timestamp      Start: 1607391195.988343 0.000000 0.000000
-   BereqMethod    GET
-   BereqURL       /
-   BereqProtocol  HTTP/1.1
-   BereqHeader    X-Forwarded-Proto: http
-   BereqHeader    X-Forwarded-Port: 80
-   BereqHeader    Host: 111-1087349.eu-central-1.elb.amazonaws.com
-   BereqHeader    X-Amzn-Trace-Id: Root=1-5fced7db-0ce3d2c16cb26ad3467fe8e7
-   BereqHeader    Upgrade-Insecure-Requests: 1
-   BereqHeader    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
-   BereqHeader    Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-   BereqHeader    Accept-Language: ru-RU,ru;q=0.9
-   BereqHeader    X-Forwarded-For: 78.84.157.24, 172.31.24.118
-   BereqHeader    grace: none
-   BereqHeader    Accept-Encoding: gzip
-   BereqHeader    X-Varnish: 294975
-   VCL_call       BACKEND_FETCH
-   VCL_return     fetch
-   BackendOpen    194 boot.default 127.0.0.1 8080 127.0.0.1 42794
-   BackendStart   127.0.0.1 8080
-   Timestamp      Bereq: 1607391195.988456 0.000112 0.000112
-   Timestamp      Beresp: 1607391195.993930 0.005587 0.005475
-   BerespProtocol HTTP/1.1
-   BerespStatus   502
-   BerespReason   Bad Gateway
-   BerespHeader   Server: nginx
-   BerespHeader   Date: Tue, 08 Dec 2020 01:33:15 GMT
-   BerespHeader   Content-Type: text/html
-   BerespHeader   Content-Length: 524
-   BerespHeader   Connection: keep-alive
-   TTL            RFC -1 10 0 1607391196 1607391196 1607391195 0 0
-   VCL_call       BACKEND_RESPONSE
-   TTL            VCL -1 259200 0 1607391196
-   TTL            VCL 0 259200 0 1607391196
-   VCL_return     deliver
-   BerespUnset    Content-Length: 524
-   BerespHeader   Content-Encoding: gzip
-   BerespHeader   Vary: Accept-Encoding
-   Storage        malloc Transient
-   ObjProtocol    HTTP/1.1
-   ObjStatus      502
-   ObjReason      Bad Gateway
-   ObjHeader      Server: nginx
-   ObjHeader      Date: Tue, 08 Dec 2020 01:33:15 GMT
-   ObjHeader      Content-Type: text/html
-   ObjHeader      Content-Encoding: gzip
-   ObjHeader      Vary: Accept-Encoding
-   Fetch_Body     3 length -
-   Gzip           G F E 524 170 80 1280 1290
-   BackendReuse   194 boot.default
-   Timestamp      BerespBody: 1607391195.994121 0.005778 0.000191
-   Length         170
-   BereqAcct      601 0 601 150 0 150
-   End            

*   << Request  >> 294974    
-   Begin          req 294973 rxreq
-   Timestamp      Start: 1607391195.988271 0.000000 0.000000
-   Timestamp      Req: 1607391195.988271 0.000000 0.000000
-   ReqStart       172.31.24.118 34730
-   ReqMethod      GET
-   ReqURL         /
-   ReqProtocol    HTTP/1.1
-   ReqHeader      X-Forwarded-For: 78.84.157.24
-   ReqHeader      X-Forwarded-Proto: http
-   ReqHeader      X-Forwarded-Port: 80
-   ReqHeader      Host: 111-1087349.eu-central-1.elb.amazonaws.com
-   ReqHeader      X-Amzn-Trace-Id: Root=1-5fced7db-0ce3d2c16cb26ad3467fe8e7
-   ReqHeader      Cache-Control: max-age=0
-   ReqHeader      Upgrade-Insecure-Requests: 1
-   ReqHeader      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
-   ReqHeader      Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-   ReqHeader      Accept-Encoding: gzip, deflate
-   ReqHeader      Accept-Language: ru-RU,ru;q=0.9
-   ReqUnset       X-Forwarded-For: 78.84.157.24
-   ReqHeader      X-Forwarded-For: 78.84.157.24, 172.31.24.118
-   VCL_call       RECV
-   ReqHeader      grace: none
-   ReqURL         /
-   ReqUnset       Accept-Encoding: gzip, deflate
-   ReqHeader      Accept-Encoding: gzip
-   VCL_return     hash
-   VCL_call       HASH
-   VCL_return     lookup
-   VCL_call       MISS
-   VCL_return     fetch
-   Link           bereq 294975 fetch
-   Timestamp      Fetch: 1607391195.994196 0.005925 0.005925
-   RespProtocol   HTTP/1.1
-   RespStatus     502
-   RespReason     Bad Gateway
-   RespHeader     Server: nginx
-   RespHeader     Date: Tue, 08 Dec 2020 01:33:15 GMT
-   RespHeader     Content-Type: text/html
-   RespHeader     Content-Encoding: gzip
-   RespHeader     Vary: Accept-Encoding
-   RespHeader     X-Varnish: 294974
-   RespHeader     Age: 0
-   RespHeader     Via: 1.1 varnish (Varnish/5.2)
-   VCL_call       DELIVER
-   RespUnset      Age: 0
-   RespHeader     Pragma: no-cache
-   RespHeader     Expires: -1
-   RespHeader     Cache-Control: no-store, no-cache, must-revalidate, max-age=0
-   RespUnset      Server: nginx
-   RespUnset      X-Varnish: 294974
-   RespUnset      Via: 1.1 varnish (Varnish/5.2)
-   VCL_return     deliver
-   Timestamp      Process: 1607391195.994214 0.005943 0.000018
-   RespHeader     Content-Length: 170
-   RespHeader     Connection: keep-alive
-   Timestamp      Resp: 1607391195.994238 0.005967 0.000024
-   ReqAcct        589 0 589 276 170 446
-   End            

*   << Session  >> 294973    
-   Begin          sess 0 HTTP/1
-   SessOpen       172.31.24.118 34730 a0 172.31.36.3 80 1607391195.988228 42
-   Link           req 294974 rxreq
-   SessClose      RX_TIMEOUT 5.011
-   End  
 

(Лак EC2) nginx/ error.log

 2020/12/08 01:32:48 [error] 18840#18840: *9 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://18.158.86.156:80/", host: "172.31.36.3"
2020/12/08 01:33:48 [error] 18840#18840: *9 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://18.158.86.156:80/", host: "172.31.36.3"
 

curl -I -v -местоположение, которому доверяют ‘http://111-1087349.eu-central-1.elb.amazonaws.com ‘

 * Rebuilt URL to: http://111-1087349.eu-central-1.elb.amazonaws.com/
*   Trying 35.156.193.122...
* TCP_NODELAY set
* Connected to 111-1087349.eu-central-1.elb.amazonaws.com (35.156.193.122) port 80 (#0)
> HEAD / HTTP/1.1
> Host: 111-1087349.eu-central-1.elb.amazonaws.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 502 Bad Gateway
HTTP/1.1 502 Bad Gateway
< Server: awselb/2.0
Server: awselb/2.0
< Date: Tue, 08 Dec 2020 01:37:37 GMT
Date: Tue, 08 Dec 2020 01:37:37 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 122
Content-Length: 122
< Connection: keep-alive
Connection: keep-alive
 

Ответ №1:

В этой настройке много движущихся частей, и нелегко выяснить, что вызывает HTTP/502 ошибку.

Кто виноват?

Однако мы уже можем исключить следующие компоненты:

  • Ваша точка входа ELB не виновата
  • Лак здесь ни при чем
  • Nginx, который служит серверной частью Varnish, не виноват

Основываясь на ваших журналах, это на самом деле http://111-1087349.eu-central-1.elb.amazonaws.com это и есть тайм-аут.

Это означает, что ваш узел Magento EC2 вызывает эту ошибку.

Как это проверить и исправить?

ELB 2-го уровня, вероятно, находится перед набором серверов Magento. Попробуйте отправить запрос непосредственно на кучу этих серверов Magento и посмотрите, сколько времени потребуется для загрузки.

Если это займет значительное количество времени, попробуйте увеличить время ожидания первого байта на ваших ELB 2-го уровня.

Подумайте о том, чтобы упростить свою настройку

Вам нужно выполнить не менее 5 переходов. Это много.

Может быть, вам удастся упростить настройку и убрать некоторые накладные расходы.

Вот предложение:

 ELB -> Varnish -> Nginx   PHP-FPM
 
  • Принимайте соединения HTTP и HTTPS на ELB и пересылайте простой HTTP-запрос на Varnish
  • Выполните логику кэширования запросов Varnish и прокси-сервера к серверу Magento
  • На сервере Magento есть Nginx и PHP-FPM для размещения содержимого Magento

Краткое примечание: программное обеспечение Varnish предлагает управляемые изображения Varnish на AWS marketplace. См. https://aws.amazon.com/marketplace/seller-profile?id=263c0208-6a3a-435d-8728-fa2514202fd0 . Это позволяет вам даже дешево развернуть Varnish Enterprise и использовать некоторые расширенные функции без предварительной покупки лицензионного ключа.