-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nginx timeouts when proxy is injected #2000
Comments
@vic3lord Ah, ok, apologies for misreading it. It would be really helpful if you could provide a Kubernetes config that reproduces the issue that you're seeing when it's injected with the linkerd proxy. For instance, it could be a modified version of one of our test yaml files that includes an nginx frontend that serves static assets and uses proxy_pass. That will make it a lot easier for us to track down what's going on. |
of course! ---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cdn
namespace: default
labels:
app: cdn
spec:
replicas: 3
revisionHistoryLimit: 1
selector:
matchLabels:
app: cdn
template:
metadata:
labels:
app: cdn
spec:
containers:
- name: cdn
image: nginx:alpine
volumeMounts:
- name: vhost
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
path: /healthz
port: http
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 60
resources:
limits:
cpu: 1
memory: 512Mi
volumes:
- name: vhost
configMap:
name: cdn
---
apiVersion: v1
kind: Service
metadata:
name: cdn
namespace: default
labels:
app: cdn
spec:
type: NodePort
selector:
app: cdn
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cdn
namespace: default
data:
nginx.conf: |+
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
# add extra types support
types {
font/ttf ttf;
font/opentype otf;
font/woff woff;
font/woff2 woff2;
}
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
map $sent_http_content_type $expires {
default off;
text/html 1h;
text/css max;
application/javascript 1h;
~image/ max;
~font/ max;
}
server {
listen 80;
server_name _;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_types "*";
location = /healthz {
access_log off;
return 200 "OK";
}
if ($request_method !~ "OPTIONS|GET|HEAD") {
return 405;
}
location / {
access_log off;
return 200 "OK";
}
location /js/ {
add_header Cache-Control "public,s-maxage=120,max-age=300";
proxy_pass http://sdk.default.svc.cluster.local/js/;
}
location /js/assets/ {
expires $expires;
add_header Cache-Control "public";
proxy_pass http://sdk.default.svc.cluster.local/js/assets/;
}
location /fonts/ {
expires $expires;
add_header Cache-Control "public";
add_header Access-Control-Allow-Origin "*";
proxy_pass http://fonts.default.svc.cluster.local/;
}
location /cookie/ {
expires $expires;
proxy_pass http://cookie-iframe.default.svc.cluster.local/;
}
location /img/ {
expires $expires;
add_header Cache-Control "public";
proxy_pass http://imageflow.default.svc.cluster.local:3000/img/;
}
} |
@vic3lord Thanks! That config doesn't apply in my env. The nginx pods exit with:
But I came up with a working nginx config that uses
And that all works for me. Can you try it in your environment? |
Hi @klingerf I'm sorry I just missed a brace when copying, this service is running in production for the past 254 days with 1k rps without linkerd The problem with the timeouts is that they are not consistent and come after running a few hours, I saw someone posted another issue with something similar about a memory leak in the proxy container I think it's related #2012 It happens only under high traffic that's why I couldnt replicate it on staging. I've been running linkerd in stage for the past month and only after verifying that everything works I moved to production, that's when I found all sorts of issues... Thanks again for your help, LMK if you need anything else on my end. |
The fix for #2012 was shipped with the edge-19.1.1 release. @vic3lord, @etsrepo, can you try upgrading the linkerd proxies in your nginx setups to see if that fixes this issue? |
I injected into few services, will monitor closely for the next few days and close the issue if everything is fine |
@klingerf I won't be able to test nginx deployment, we had removed linkerd from nginx deployment. |
Hi @klingerf, This is the error I get from nginx after injecting
And from linkerd-proxy of this pod
|
Bug Report
I have an Nginx service, serving static files and some locations with proxy_pass that fails with timeouts.
What is the issue?
Lots of timeouts on an Nginx service
How can it be reproduced?
Logs, error output, etc
linkerd check
outputEnvironment
Possible solution
Additional context
The text was updated successfully, but these errors were encountered: