nginx 1.3.14, SPDY patch version 68. Sitting in front of a PGP keyserver, with configuration as below, if I have "spdy" on the "listen" lines, then Chrome gets an error for no data returned and I get errors in errorlog:
2013/03/12 18:08:43 [alert] 8546#0: worker process 8815 exited on signal 11 2013/03/12 18:09:35 [alert] 8546#0: worker process 9085 exited on signal 11 2013/03/12 18:09:36 [alert] 8546#0: worker process 9089 exited on signal 11 Below, nginx version output, nginx.conf server block, and curl output from a working query when SPDY is enabled but not used (because it's curl), over https. (The server in this case has a cert from my private CA https://www.security.spodhuis.org/ has details, including PGP signature, if anyone wants to verify) ----------------------------8< cut here >8------------------------------ # nginx -V nginx version: nginx/1.3.14 TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --with-ipv6 --with-google_perftools_module --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --add-module=/usr/ports/www/nginx-devel/work/giom-nginx_accept_language_module-02262ce --add-module=/usr/ports/www/nginx-devel/work/samizdatco-nginx-http-auth-digest-bd1c86a --with-http_dav_module --with-http_gunzip_module --with-http_stub_status_module --add-module=/usr/ports/www/nginx-devel/work/masterzen-nginx-upload-progress-module-a788 dea --add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_fair-20090923 --add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_hash-0.3.1 --add-module=/usr/ports/www/nginx-devel/work/nginx-sticky-module-1.0 --add-module=/usr/ports/www/nginx-devel/work/simpl-ngx_devel_kit-48bc5dd --add-module=/usr/ports/www/nginx-devel/work/agentzh-encrypted-session-nginx-module-c752861 --add-module=/usr/ports/www/nginx-devel/work/arut-nginx-let-module-a5e1dc5 --with-pcre --add-module=/usr/ports/www/nginx-devel/work/agentzh-set-misc-nginx-module-658c235 --add-module=/usr/ports/www/nginx-devel/work/yaoweibin-nginx_tcp_proxy_module-b83e5a6 --with-http_spdy_module --with-http_ssl_module ----------------------------8< cut here >8------------------------------ ----------------------------8< cut here >8------------------------------ server { # need default_server for SNI to work with session resumption, unless # you accept the same SSL cache. Hrm. We do, for now. listen 94.142.241.93:443 ssl; listen [2a02:898:31:0:48:4558:73:6b73]:443 ssl; server_name sks.spodhuis.org; ssl on; ssl_certificate /www/conf/tls/ssl-sks-web.crt; ssl_certificate_key /www/conf/tls/ssl-sks-web.key; ssl_verify_client off; access_log /var/log/nginx/sks-tls.log combine-tls; location / { root /www/sites/sks.spodhuis.org/content; index index.html; } location ~ /\. { deny all; } location /pks { proxy_pass http://127.0.0.1:11371; proxy_pass_header Server; add_header Via "1.1 sks.spodhuis.org:443 (nginx)"; proxy_ignore_client_abort on; } location /sks-peers { proxy_pass http://127.0.0.1:8001; proxy_set_header X-Real-IP $remote_addr; } } ----------------------------8< cut here >8------------------------------ % gpg -a --export $gpg_key_work | curl --data-urlencode keytext@- -vs https://sks.spodhuis.org/pks/add 2>&1 | pbcopy ----------------------------8< cut here >8------------------------------ * About to connect() to sks.spodhuis.org port 443 (#0) * Trying 2a02:898:31::48:4558:73:6b73... * Failed to connect to 2a02:898:31::48:4558:73:6b73: No route to host * Trying 94.142.241.93... * Connected to sks.spodhuis.org (94.142.241.93) port 443 (#0) * successfully set certificate verify locations: * CAfile: /opt/local/share/curl/curl-ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Server hello (2): { [data not shown] * SSLv3, TLS handshake, CERT (11): { [data not shown] * SSLv3, TLS handshake, Server key exchange (12): { [data not shown] * SSLv3, TLS handshake, Server finished (14): { [data not shown] * SSLv3, TLS handshake, Client key exchange (16): } [data not shown] * SSLv3, TLS change cipher, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Finished (20): } [data not shown] * SSLv3, TLS change cipher, Client hello (1): { [data not shown] * SSLv3, TLS handshake, Finished (20): { [data not shown] * SSL connection using ECDHE-RSA-AES128-SHA256 * Server certificate: * subject: C=NL; ST=Noord Holland; O=GlobNIX Systems; CN=sks.spodhuis.org; [email protected] * start date: 2011-08-10 04:59:54 GMT * expire date: 2013-05-01 04:59:54 GMT * subjectAltName: sks.spodhuis.org matched * issuer: C=US; O=GlobNIX Systems; OU=Certification Authority; CN=GlobNIX Certificate Authority 3; [email protected] * SSL certificate verify ok. > POST /pks/add HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sks.spodhuis.org > Accept: */* > Content-Length: 18437 > Content-Type: application/x-www-form-urlencoded > Expect: 100-continue > < HTTP/1.1 100 Continue } [data not shown] < HTTP/1.1 200 OK < Date: Tue, 12 Mar 2013 18:22:58 GMT < Content-Type: text/html; charset=UTF-8 < Content-Length: 129 < Connection: keep-alive < Server: sks_www/1.1.4 < Cache-Control: no-cache < Pragma: no-cache < Expires: 0 < X-HKP-Results-Count: 1 < Via: 1.1 sks.spodhuis.org:443 (nginx) < { [data not shown] * Connection #0 to host sks.spodhuis.org left intact <html><body>Key block added to key server database. New public keys added: <br>1 key(s) added successfully.<br></html></body> ----------------------------8< cut here >8------------------------------ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
