Nginx 뒤에 Minio 인스턴스 설정이 있습니다. rclone을 사용하여 큰 폴더를 동기화할 때마다 어떤 이유로든 오류 104 연결 재설정 피어 오류가 발생합니다. Nginx 결함이 아닌지 확인하기 위해 tcpdump를 추적했는데 그렇지 않은 것 같습니다. Minio가 연결 재설정을 보내고 있습니다.
내 PC에서 nginx로 tcpdump 출력:
12:45:56.037558 IP mypc.lan.50299 > myserver.lan.https: Flags [P.], seq 210758:211258, ack 271369, win 513, length 500
12:45:56.037567 IP myserver.lan.https > mypc.lan.50299: Flags [.], ack 211258, win 4014, length 0
12:45:56.041378 IP myserver.lan.https > mypc.lan.50294: Flags [P.], seq 304261:304440, ack 231696, win 6722, length 179
12:45:56.073311 IP myserver.lan.https > mypc.lan.50297: Flags [P.], seq 315796:315975, ack 250662, win 4042, length 179
12:45:56.092129 IP mypc.lan.50297 > myserver.lan.https: Flags [P.], seq 250662:251204, ack 315975, win 513, length 542
12:45:56.092148 IP myserver.lan.https > mypc.lan.50297: Flags [.], ack 251204, win 4052, length 0
12:45:56.097786 IP mypc.lan.50294 > myserver.lan.https: Flags [.], ack 304440, win 511, length 0
12:45:56.113142 IP mypc.lan.50294 > myserver.lan.https: Flags [P.], seq 231696:232196, ack 304440, win 511, length 500
12:45:56.113152 IP myserver.lan.https > mypc.lan.50294: Flags [.], ack 232196, win 6742, length 0
12:45:56.121592 IP myserver.lan.https > mypc.lan.50293: Flags [P.], seq 354178:354357, ack 282451, win 4629, length 179
12:45:56.174268 IP mypc.lan.50293 > myserver.lan.https: Flags [.], ack 354357, win 513, length 0
12:45:56.179362 IP myserver.lan.https > mypc.lan.50296: Flags [P.], seq 269665:270001, ack 211252, win 3463, length 336
nginx와 minio 사이의 루프백에 대한 해당 tcpdump 출력:
12:45:56.092237 IP localhost.40782 > localhost.cslistener: Flags [.], ack 1, win 512, options [nop,nop,TS val 4256686849 ecr 4256686849], length 0
12:45:56.092256 IP localhost.40782 > localhost.cslistener: Flags [P.], seq 1:599, ack 1, win 512, options [nop,nop,TS val 4256686849 ecr 4256686849], length 598
12:45:56.092264 IP localhost.cslistener > localhost.40782: Flags [.], ack 599, win 507, options [nop,nop,TS val 4256686849 ecr 4256686849], length 0
12:45:56.113223 IP localhost.40786 > localhost.cslistener: Flags [S], seq 1989401545, win 65495, options [mss 65495,sackOK,TS val 4256686870 ecr 0,nop,wscale 7], length 0
12:45:56.113231 IP localhost.cslistener > localhost.40786: Flags [S.], seq 2441514866, ack 1989401546, win 65483, options [mss 65495,sackOK,TS val 4256686870 ecr 4256686870,nop,wscale 7], length 0
12:45:56.113237 IP localhost.40786 > localhost.cslistener: Flags [.], ack 1, win 512, options [nop,nop,TS val 4256686870 ecr 4256686870], length 0
12:45:56.113253 IP localhost.40786 > localhost.cslistener: Flags [P.], seq 1:557, ack 1, win 512, options [nop,nop,TS val 4256686870 ecr 4256686870], length 556
12:45:56.113256 IP localhost.cslistener > localhost.40786: Flags [.], ack 557, win 508, options [nop,nop,TS val 4256686870 ecr 4256686870], length 0
12:45:56.121528 IP localhost.cslistener > localhost.40026: Flags [R.], seq 1, ack 557, win 512, options [nop,nop,TS val 4256686878 ecr 4256686639], length 0
12:45:56.179288 IP localhost.cslistener > localhost.40766: Flags [R.], seq 1, ack 653, win 512, options [nop,nop,TS val 4256686936 ecr 4256686696], length 0
그러나 포트 9000을 열고 rclone을 사용하여 동일한 큰 폴더를 직접 동기화하면 해당 오류가 전혀 발생하지 않습니다. 다음은 오류가 발생하지 않은 tcpdump 출력입니다.
12:44:00.253537 IP myserver.lan.cslistenedomacica.r > mypc.lan.49493: Flags [P.], seq 993647:994206, ack 681899, win 9686, length 559
12:44:00.253622 IP mypc.lan.49496 > myserver.lan.cslistener: Flags [P.], seq 530108:530599, ack 991128, win 513, length 491
12:44:00.254002 IP myserver.lan.cslistener > mypc.lan.49488: Flags [P.], seq 1007299:1007860, ack 690855, win 9674, length 561
12:44:00.254018 IP myserver.lan.cslistener > mypc.lan.49496: Flags [P.], seq 991128:991690, ack 530599, win 9662, length 562
12:44:00.254031 IP myserver.lan.cslistener > mypc.lan.49487: Flags [P.], seq 1039391:1039932, ack 653371, win 9709, length 541
두 프로세스의 차이점을 이해하지 못합니다.
누군가가 여기서 문제를 발견할 수 있다면 nginx 사이트 구성도 추가하겠습니다.
server {
server_name something;
set $test 0;
if ( $host != "something" ) {
set $test 1;
}
if ( $host != "something" ) {
set $test 1$test;
}
if ( $test = 11 ) {
return 444;
}
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://127.0.0.1:9000;
}
location /ui/ {
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass http://127.0.0.1:9091;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/something/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/something/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_verify_depth 2;
ssl_verify_client on;
ssl_client_certificate /etc/ssl/certs/ca.crt;
}
server {
if ($host =something) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = something) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name something;
return 404; # managed by Certbot
}