From tadashi.1027 @ gmail.com Fri Dec 4 10:27:52 2009 From: tadashi.1027 @ gmail.com (=?ISO-2022-JP?B?GyRCMHAzQBsoQg==?=) Date: Fri, 04 Dec 2009 10:27:52 +0900 Subject: [Ultramonkey-l7-users 257] =?iso-2022-jp?b?U1NMUHJveHkbJEIkLElRSEskS01uJEEkaxsoQg==?= Message-ID: <4B186598.4070803@gmail.com> いつもお世話になっております。 稲垣と申します。 SSLPorxyサービスが頻繁に落ちています。 /var/log/l7vs/sslproxy/sslproxy.target.logには、以下のようなメッセージが 出力されていました。 =========== 2009/12/04 04:19:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb39b9b90 sslproxysession.cpp:503 2009/12/04 04:24:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb39b9b90 sslproxysession.cpp:503 2009/12/04 04:29:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb39b9b90 sslproxysession.cpp:503 2009/12/04 04:34:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb39b9b90 sslproxysession.cpp:503 2009/12/04 04:39:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb39b9b90 sslproxysession.cpp:503 2009/12/04 04:44:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb57bcb90 sslproxysession.cpp:503 2009/12/04 04:54:44 [ERROR] sslproxy_session SLP40050010 Handshaking NG : End of file. web01 0xb25b7b90 sslproxysession.cpp:503 2009/12/04 04:55:14 [ERROR] sslproxy_session SLP40050007 Handshake timer wait : 30 giveup. web01 0xb61bdb90 sslproxysession.cpp:343 =========== 設定ファイルは以下の通りです。 /etc/l7vs/sslproxy/sslproxy.target.cf =========== # sslproxy configuration file. # /etc/l7vs/sslproxy/sslproxy..cf [sslproxy] # Global configuration. recv_endpoint = "172.31.208.109:443" target_endpoint = "172.31.208.109:8080" num_thread = 10 timeout_sec = 30 # SSL configuration. ca_dir = "/etc/l7vs/sslproxy/" ca_file = "root.pem" cert_chain_dir = "/etc/l7vs/sslproxy/" cert_chain_file = "server.pem" private_key_dir = "/etc/l7vs/sslproxy/" private_key_file = "server.pem" private_key_filetype = "SSL_FILETYPE_PEM" #private_key_filetype = "SSL_FILETYPE_ASN1" #private_key_passwd_from = "console" private_key_passwd_from = "file" private_key_passwd_dir = "/etc/l7vs/sslproxy/" private_key_passwd_file = "passwd.txt" verify_options = "SSL_VERIFY_NONE" #verify_options = "SSL_VERIFY_PEER" #verify_options = "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" #verify_options = "SSL_VERIFY_CLIENT_ONCE" verify_cert_depth = 9 #ssl_options = "SSL_OP_MICROSOFT_SESS_ID_BUG" #ssl_options = "SSL_OP_NETSCAPE_CHALLENGE_BUG" #ssl_options = "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" #ssl_options = "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" #ssl_options = "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" #ssl_options = "SSL_OP_MSIE_SSLV2_RSA_PADDING" #ssl_options = "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" #ssl_options = "SSL_OP_TLS_D5_BUG" #ssl_options = "SSL_OP_TLS_BLOCK_PADDING_BUG" #ssl_options = "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" ssl_options = "SSL_OP_ALL" #ssl_options = "SSL_OP_NO_QUERY_MTU" #ssl_options = "SSL_OP_COOKIE_EXCHANGE" #ssl_options = "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" #ssl_options = "SSL_OP_SINGLE_ECDH_USE" #ssl_options = "SSL_OP_SINGLE_DH_USE" #ssl_options = "SSL_OP_EPHEMERAL_RSA" #ssl_options = "SSL_OP_CIPHER_SERVER_PREFERENCE" #ssl_options = "SSL_OP_TLS_ROLLBACK_BUG" ssl_options = "SSL_OP_NO_SSLv2" #ssl_options = "SSL_OP_NO_SSLv3" #ssl_options = "SSL_OP_NO_TLSv1" #ssl_options = "SSL_OP_PKCS1_CHECK_1" #ssl_options = "SSL_OP_PKCS1_CHECK_2" #ssl_options = "SSL_OP_NETSCAPE_CA_DN_BUG" #ssl_options = "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" #tmp_dh_dir = "/etc/l7vs/sslproxy/" #tmp_dh_file = "dh512.pem" cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" # SSL session cache configuration. session_cache = "on" session_cache_size = 20480 session_cache_timeout = 300 # Packet edit configuration. # http_request_header: Edit HTTP client request header message. # http_response_header: Edit HTTP server response header message. # Format: "mode:header-field-name[:header-field-value[:replace-value]] # Mode: 'set', 'unset', 'add' or 'replace' # Macro: %{CLIENT_ADDR} -> client IP address # %{CLIENT_PORT} -> client port number # %{SERVER_ADDR} -> server IP address # %{SERVER_PORT} -> server port number # %{RECV_ADDR} -> sslproxy IP address # %{RECV_PORT} -> sslproxy port number # Example: Insert or overwrite "X-Forwarded-Proto: https" #http_request_header = "set:X-Forwarded-Proto:https" # Example: Change Host to real address #http_request_header = "set:Host:%{SERVER_ADDR}:%{SERVER_PORT}" # Example: Remove "Cookie" field #http_request_header = "unset:Cookie" # Example: Add "X-Forwarded-For: old-value,new-value" # or insert "X-Forwarded-For: new-value" #http_request_header = "add:X-Forwarded-For:%{CLIENT_ADDR}" # Example: Add or insert "Via" #http_request_header = "add:Via:HTTP/1.1 myserver (sslproxy/1.0)" # Example: Replace keep-alive to close #http_request_header = "replace:Connection:keep-alive:close" # Example: Replace MSIE User-Agent to Firefox (regex) #http_request_header = "replace:User-Agent:^.*MSIE.*$:Mozilla/5.0 (Windows; U; Windows NT 5.1) Firefox/3.0.0" # Example: Add "Set-Cookie" #http_response_header = "add:Set-Cookie:sslproxy=on; path=/; secure" # Example: Remove "Server" #http_response_header = "unset:Server" # Example: Change "Content-Type" text/html to text/plain #http_response_header = "replace:Content-Type:html:plain" [logger] ## SSLProxy log configuration. # sslproxy logfile base name sslproxy_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target.log" # sslproxy log rotate pattern sslproxy_rotation = "size" #sslproxy_rotation = "date" #sslproxy_rotation = "datesize" # sslproxy rotate max backup number sslproxy_max_backup_index = "10" # sslproxy rotate file size sslproxy_max_filesize = "10M" # sslproxy rotation timing #sslproxy_rotation_timing = "month" #sslproxy_rotation_timing_value = "1 0:01" ## Connection log configuration. # connection log ON/OFF conn_log_flag = "on" # connection logfile base name conn_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target.conn_log" # connection log rotate pattern #conn_rotation = "size" conn_rotation = "date" #conn_rotation = "datesize" # connection rotate max backup number conn_max_backup_index = "10" # connection rotate file size #conn_max_filesize = "10M" # sslproxy rotation timing conn_rotation_timing = "month" conn_rotation_timing_value = "1 0:01" # Log categories level sslproxy_logger = "warn" sslproxy_parameter = "warn" sslproxy_common = "warn" sslproxy_server = "warn" sslproxy_session = "warn" sslproxy_connection = "info" packet_edit = "info" packet_edit_http = "info" [root @ web01 ~]# cat /etc/l7vs/sslproxy/sslproxy.target.cf # sslproxy configuration file. # /etc/l7vs/sslproxy/sslproxy..cf [sslproxy] # Global configuration. recv_endpoint = "172.31.208.109:443" target_endpoint = "172.31.208.109:8080" num_thread = 10 timeout_sec = 30 # SSL configuration. ca_dir = "/etc/l7vs/sslproxy/" ca_file = "root.pem" cert_chain_dir = "/etc/l7vs/sslproxy/" cert_chain_file = "server.pem" private_key_dir = "/etc/l7vs/sslproxy/" private_key_file = "server.pem" private_key_filetype = "SSL_FILETYPE_PEM" #private_key_filetype = "SSL_FILETYPE_ASN1" #private_key_passwd_from = "console" private_key_passwd_from = "file" private_key_passwd_dir = "/etc/l7vs/sslproxy/" private_key_passwd_file = "passwd.txt" verify_options = "SSL_VERIFY_NONE" #verify_options = "SSL_VERIFY_PEER" #verify_options = "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" #verify_options = "SSL_VERIFY_CLIENT_ONCE" verify_cert_depth = 9 #ssl_options = "SSL_OP_MICROSOFT_SESS_ID_BUG" #ssl_options = "SSL_OP_NETSCAPE_CHALLENGE_BUG" #ssl_options = "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" #ssl_options = "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" #ssl_options = "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" #ssl_options = "SSL_OP_MSIE_SSLV2_RSA_PADDING" #ssl_options = "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" #ssl_options = "SSL_OP_TLS_D5_BUG" #ssl_options = "SSL_OP_TLS_BLOCK_PADDING_BUG" #ssl_options = "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" ssl_options = "SSL_OP_ALL" #ssl_options = "SSL_OP_NO_QUERY_MTU" #ssl_options = "SSL_OP_COOKIE_EXCHANGE" #ssl_options = "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" #ssl_options = "SSL_OP_SINGLE_ECDH_USE" #ssl_options = "SSL_OP_SINGLE_DH_USE" #ssl_options = "SSL_OP_EPHEMERAL_RSA" #ssl_options = "SSL_OP_CIPHER_SERVER_PREFERENCE" #ssl_options = "SSL_OP_TLS_ROLLBACK_BUG" ssl_options = "SSL_OP_NO_SSLv2" #ssl_options = "SSL_OP_NO_SSLv3" #ssl_options = "SSL_OP_NO_TLSv1" #ssl_options = "SSL_OP_PKCS1_CHECK_1" #ssl_options = "SSL_OP_PKCS1_CHECK_2" #ssl_options = "SSL_OP_NETSCAPE_CA_DN_BUG" #ssl_options = "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" #tmp_dh_dir = "/etc/l7vs/sslproxy/" #tmp_dh_file = "dh512.pem" cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" # SSL session cache configuration. session_cache = "on" session_cache_size = 20480 session_cache_timeout = 300 # Packet edit configuration. # http_request_header: Edit HTTP client request header message. # http_response_header: Edit HTTP server response header message. # Format: "mode:header-field-name[:header-field-value[:replace-value]] # Mode: 'set', 'unset', 'add' or 'replace' # Macro: %{CLIENT_ADDR} -> client IP address # %{CLIENT_PORT} -> client port number # %{SERVER_ADDR} -> server IP address # %{SERVER_PORT} -> server port number # %{RECV_ADDR} -> sslproxy IP address # %{RECV_PORT} -> sslproxy port number # Example: Insert or overwrite "X-Forwarded-Proto: https" #http_request_header = "set:X-Forwarded-Proto:https" # Example: Change Host to real address #http_request_header = "set:Host:%{SERVER_ADDR}:%{SERVER_PORT}" # Example: Remove "Cookie" field #http_request_header = "unset:Cookie" # Example: Add "X-Forwarded-For: old-value,new-value" # or insert "X-Forwarded-For: new-value" #http_request_header = "add:X-Forwarded-For:%{CLIENT_ADDR}" # Example: Add or insert "Via" #http_request_header = "add:Via:HTTP/1.1 myserver (sslproxy/1.0)" # Example: Replace keep-alive to close #http_request_header = "replace:Connection:keep-alive:close" # Example: Replace MSIE User-Agent to Firefox (regex) #http_request_header = "replace:User-Agent:^.*MSIE.*$:Mozilla/5.0 (Windows; U; Windows NT 5.1) Firefox/3.0.0" # Example: Add "Set-Cookie" #http_response_header = "add:Set-Cookie:sslproxy=on; path=/; secure" # Example: Remove "Server" #http_response_header = "unset:Server" # Example: Change "Content-Type" text/html to text/plain #http_response_header = "replace:Content-Type:html:plain" [logger] ## SSLProxy log configuration. # sslproxy logfile base name sslproxy_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target.log" # sslproxy log rotate pattern sslproxy_rotation = "size" #sslproxy_rotation = "date" #sslproxy_rotation = "datesize" # sslproxy rotate max backup number sslproxy_max_backup_index = "10" # sslproxy rotate file size sslproxy_max_filesize = "10M" # sslproxy rotation timing #sslproxy_rotation_timing = "month" #sslproxy_rotation_timing_value = "1 0:01" ## Connection log configuration. # connection log ON/OFF conn_log_flag = "on" # connection logfile base name conn_log_filename = "/var/log/l7vs/sslproxy/sslproxy.target.conn_log" # connection log rotate pattern #conn_rotation = "size" conn_rotation = "date" #conn_rotation = "datesize" # connection rotate max backup number conn_max_backup_index = "10" # connection rotate file size #conn_max_filesize = "10M" # sslproxy rotation timing conn_rotation_timing = "month" conn_rotation_timing_value = "1 0:01" # Log categories level sslproxy_logger = "warn" sslproxy_parameter = "warn" sslproxy_common = "warn" sslproxy_server = "warn" sslproxy_session = "warn" sslproxy_connection = "info" packet_edit = "info" packet_edit_http = "info" =========== 何が原因でSSLProxyが落ちているのでしょうか。 ご教授の程宜しくお願い致します。