4

I am developing an RoR application on mac OSX.

In order to be able to access my app on http://localhost, and in order to support SSL in my tests, I use nginx as a proxy to my Webrick port 3000 with the following configuration:

server {
    listen 80;
    server_name app.mysite.com;
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:3000;
    }
}

server {
    listen       443 ssl;
    server_name  secure.app.mysite.com;

    ssl                  on;
    ssl_certificate      ssl/server.crt;
    ssl_certificate_key  ssl/server.key;

    keepalive_timeout 600;
    ssl_session_timeout 10m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_pass http://127.0.0.1:3000;
        ### force timeouts if one of backend is died ##
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        ### Set headers ####
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        ### Most PHP, Python, Rails, Java App can use this header ###
        proxy_set_header X-Forwarded-Proto https;
        ### By default we don't want to redirect it ####
        proxy_redirect     off;
   }
}

When I access the application on either http://localhost/ or https://localhost/ the server responds quickly, and the overhead over http://localhost:3000 is negligible.

However, when I try to access my machine from another computer on the same network (for example http://10.0.1.9/) the server responds extremely slowly, or doesn't respond at all.

It seems like nginx is not even sending an internal request to port 3000 in this case, although requests are reaching nginx from the outside for sure, and request to port 3000 from the outside are really fast.

It's important to notice that my app is running in dev mode, and my assets (which are quite a lot) are not precompiled.

Is there another option other than nginx to easily expose my dev site on my network, that is as easy to configure, and supports SSL?

Thanks, Ariel

Sakin
  • 3,367
  • 3
  • 23
  • 27
  • What's likely is that when you're accessing local host from the same machine, your browser is caching everything – 000 Apr 02 '13 at 13:43
  • 1
    I saw similar issue with Ubuntu when access RoR via :3000. Try to access your site via :3000 to verify whether it's nginx or not. I suppose that there is some firewall(other software) down the road that slow down the request. – denis-bu Apr 02 '13 at 14:07
  • I did verify that the problem is with nginx (accessing the application directly on port 3000 works fine both locally and remotely). I don't think that firewall is the cause of the problem, my mac firewall is not running, and I don't think anything is blocking port 80. – Sakin Apr 02 '13 at 14:13
  • Thanks for the comments. Unfortunately, Webrick is actually working fine when accessed remotely (As do thin and pow, which I also tried). seems like nginx is taking a very long time to forward the requests, or mayb hitting some kind of timeout when accessed remotely. – Sakin Apr 02 '13 at 14:16
  • 1
    I understand, sorry for spamming with same stuff again. Just miss your comment before posting it. So, I have no idea right now on why nginx is slow... – denis-bu Apr 02 '13 at 14:26
  • One idea comes to my mind though... Since guys having issues with DNS, maybe same stuff is here. Have you try to add to /etc/hosts on client machine 10.0.1.9 app.mysite.com; and 10.0.1.9 secure.app.mysite.com; And access in browser with http://app.mysite.com/ instead of http://10.0.1.9/ – denis-bu Apr 02 '13 at 14:35

3 Answers3

1

Turns out it was a permissions issue with nginx. I found it after discovering errors in nginx error log.

the solution can be found here

https://serverfault.com/questions/235154/permission-denied-while-reading-upstream

Community
  • 1
  • 1
Sakin
  • 3,367
  • 3
  • 23
  • 27
0

I bet it's not nginx at all. Hard to imagine nginx would hold the request for very long before passing to the upstream on the same server. Could you check both access logs (nginx and ROR) to see if the request starting time is that different?

Which version of your osx? is it Lion or Mountain Lion? Both have issues with slow dns lookup with entries in /etc/hosts.

My coworkers experienced the same slowness. See Mac OSX Lion DNS lookup order for discussion. It's kinda messy.

Community
  • 1
  • 1
Chuan Ma
  • 9,754
  • 2
  • 45
  • 37
  • To verify this, you can hit RoR app directly using domain name or ip address to see if the response time is same or not. – Chuan Ma Apr 02 '13 at 16:45
  • As I described above, I can access my site remotely directly on port 3000 without issues. The problem happens only when accessing the site remotely on port 80. – Sakin Apr 03 '13 at 06:07
0

A couple of items to try, as it sounds fishy about working fine with localhost but not from another computer.

  • Also 'netstat -na | grep 80' to make sure Nginx is listening on 0.0.0.0 or *:80 not 127.0.0.1. If Nginx is not listening on 0.0.0.0 or * then it might be TCP routing issue. Same goes for any server. This is a good example output (my example is listening on 8000)

    tcp4 0 0 *.8000 *.* LISTEN

  • For fun, change "127.0.0.1" to "localhost" and/or "0.0.0.0" in your Nginx proxy statement (although the routing would be done by the time it get's here)

Also, I would suggest you try using Nginx's logging to see if there is another issue. There's already a stackoverflow on better proxy/upstream logging here: logging proxy activity in nginx

Additionally, you should turn on debug log (I've solved issues with this), place this below/above the access_log directive. Something like this should do fine: 

 error_log  /Users/your_name/nginx_test/logs/error.log  debug;

Please note, for Nginx you MUST use an absolute path for logs.

Good luck.

Community
  • 1
  • 1
Hank Beaver
  • 31
  • 3