0

I have a setup where Nginx and Varnish are just working fine. Multiple website running on one VPS. Nginx runs on port 8080.

I added a SSL certificate to one of the websites to run it in https but after configuration I receive this error when browsing the site in https:

Error 503 Service Unavailable

Service Unavailable Guru Meditation:

XID: 613157718

My nginx config for this site is (partly):

server {

    listen 443 ssl;

    server_name mydomain.com www.mydomain.com;

    root /srv/www/www.mydomain.com;
    index index.php index.html index.htm;

    ssl_certificate /etc/nginx/ssl/mydomain/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/mydomain/certificate.key;

    location / {
    proxy_pass  http://127.0.0.1:80;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Port 443;
    proxy_set_header X-Secure on;
}

}

Any ideas?

Cheers, Jaap

Jaap de Wit
  • 88
  • 1
  • 7
  • 1
    SSL config looks ok, though I include more around ciphers and such. Best guess is nginx is working fine, your back end application can't be communicated with for some reason - configuration or firewall. From the server try to curl the application it's proxing. Post your nginx error/access logs and application logs for a single applicable request. – Tim Feb 26 '16 at 17:18

2 Answers2

0

Your setup is Nginx -> Varnish -> Apache right?

The "Guru Meditation" error is from Varnish, which means the request is making it as far as Varnish, but Varnish is having problems processing the request.

If you run the "varnishlog" on the server, it will start outputting lots of information about each request. Then in your browser make an https request then once you get the error message, use ctrl-c to stop varnishlog from outputting anything else. Scroll up through the output and you should find a line or two telling you what problem Varnish had in processing the request.

rangfu
  • 156
  • 3
  • Hi, I'm only running Nginx and Varnish, no Apache. I guess it's not possible without Apache... – Jaap de Wit Apr 07 '16 at 14:25
  • It's definitely possible. So is your setup Varnish -> Nginx, with Nginx hosting Wordpress? Regardless of what is further up the chain (Nginx, Apache, etc), Varnish can still overwrite the http caching headers before they are returned to the browser. – rangfu Apr 09 '16 at 13:48
  • i would suggest to take a look to https://serverfault.com/questions/980184/varnish-cache-with-nginx-ssl-termination/980272#980272 – djdomi Sep 11 '19 at 05:42
0

Varnish gives me Guru meditation
First, find the relevant log entries in varnishlog. That will probably give you a clue. Since varnishlog logs a lot of data it might be hard to track the entries down.
You can set varnishlog to log all your 503 errors by issuing the following command:

$ varnishlog -q 'RespStatus == 503' -g request

$ varnishlog -d -q 'RespStatus == 503' -g request

Regularly you will get 503 errors because your back end is down or unhealthy. In this case varnishlog could return something like “FetchError c no backend connection.” You should check the port Varnish Cache is trying to connect to, the origin server, and your HTTP services such as Apache or Nginx and see if all of that is operating correctly - if it is not, you’ll need to troubleshoot your back end.

If your back end does seem to be up but you are still getting a Varnish Cache 503 error then there is something wrong with your web server’s connection to Varnish Cache or the Varnish Cache configuration.

If your back end is responding but Varnish Cache is serving 503 we often find this is due to timeouts. You can change or add a .connect_timeout = Xs and a .first_byte_timeout = Xs in the backend default VCL section to a timeout length that works for your web server.
Varnish Cache Software has more information on the various timeouts that can occur in Varnish Cache. Another tip is to disable KeepAlive so that idle connections will be dropped. This would look like the below:

"origin": {
"address": "origin.example.com",
"disable_keepalive": true
}

Ryan
  • 137
  • 4