Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

nginx error message - what does "peer" refer to?

In order to debug an nginx error case, I need to fully understand an error log message first. Our nginx writes the particular error log message from time to time.

Log message

"peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream".

What is meant by "peer"?

I would like to know: Does "peer" refer to the upstream, meaning that the upstream closed the connection during ssl handshake, or does it refer to the client, meaning that the client closed connection while the load balancer and the webserver was internally during a handshake?

Setup

  • nginx loadbalancer
  • 2 webservers (upstreams) running IIS8
  • Ssl provider: Comodo
like image 606
Stephan Møller Avatar asked Jan 22 '15 13:01

Stephan Møller


2 Answers

Peer refers to upstream in this case. Just because if we take that peer is a client, that would mean that two SSL handshakes (Client -> nginx, nginx -> upstream) happen simultaneously, which doesn't make sense - client have to establish connection and send a query, and only then nginx can choose appropriate upstream to connect to

like image 139
SuddenHead Avatar answered Nov 18 '22 07:11

SuddenHead


Your issue might be to do with the order you have concatenated the Comodo .bundle file with your site cert.

You need to place the bundle file after the site cert.

Click this link for more details

EDIT

The peer has to be something on the same "level" as Nginx which, as your issues are related to SSL, has to be OpenSSL.

I would hazard a guess that your OS is Ubuntu 12.x and that OpenSSL is 1.0.1. If so, then the issue is most likely related to an Ubuntu bug.

Seems you either need to upgrade to Ubuntu 13.04 or disable TLS 1.1.

Click this link for more details

Whatever the case, the peer is not the upstream.

like image 30
Dayo Avatar answered Nov 18 '22 07:11

Dayo