Why is nginx serving my rails app very slowly on development environment?

Question

I am developing an RoR application on mac OSX.

In order to be able to access my app on http://localhost, and in order to support SSL in my tests, I use nginx as a proxy to my Webrick port 3000 with the following configuration:

server {
    listen 80;
    server_name app.mysite.com;
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:3000;
    }
}

server {
    listen       443 ssl;
    server_name  secure.app.mysite.com;

    ssl                  on;
    ssl_certificate      ssl/server.crt;
    ssl_certificate_key  ssl/server.key;

    keepalive_timeout 600;
    ssl_session_timeout 10m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_pass http://127.0.0.1:3000;
        ### force timeouts if one of backend is died ##
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        ### Set headers ####
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        ### Most PHP, Python, Rails, Java App can use this header ###
        proxy_set_header X-Forwarded-Proto https;
        ### By default we don't want to redirect it ####
        proxy_redirect     off;
   }
}

When I access the application on either http://localhost/ or https://localhost/ the server responds quickly, and the overhead over http://localhost:3000 is negligible.

However, when I try to access my machine from another computer on the same network (for example http://10.0.1.9/) the server responds extremely slowly, or doesn't respond at all.

It seems like nginx is not even sending an internal request to port 3000 in this case, although requests are reaching nginx from the outside for sure, and request to port 3000 from the outside are really fast.

It's important to notice that my app is running in dev mode, and my assets (which are quite a lot) are not precompiled.

Is there another option other than nginx to easily expose my dev site on my network, that is as easy to configure, and supports SSL?

Thanks, Ariel

Answer 1

Turns out it was a permissions issue with nginx. I found it after discovering errors in nginx error log.

the solution can be found here

https://serverfault.com/questions/235154/permission-denied-while-reading-upstream

Answer 2

A couple of items to try, as it sounds fishy about working fine with localhost but not from another computer.

• Also 'netstat -na | grep 80' to make sure Nginx is listening on 0.0.0.0 or *:80 not 127.0.0.1. If Nginx is not listening on 0.0.0.0 or * then it might be TCP routing issue. Same goes for any server. This is a good example output (my example is listening on 8000)

  tcp4 0 0 *.8000 *.* LISTEN

• For fun, change "127.0.0.1" to "localhost" and/or "0.0.0.0" in your Nginx proxy statement (although the routing would be done by the time it get's here)

Also, I would suggest you try using Nginx's logging to see if there is another issue. There's already a stackoverflow on better proxy/upstream logging here: logging proxy activity in nginx

Additionally, you should turn on debug log (I've solved issues with this), place this below/above the access_log directive. Something like this should do fine:

 error_log  /Users/your_name/nginx_test/logs/error.log  debug;

Please note, for Nginx you MUST use an absolute path for logs.

Good luck.

Answer 3

I bet it's not nginx at all. Hard to imagine nginx would hold the request for very long before passing to the upstream on the same server. Could you check both access logs (nginx and ROR) to see if the request starting time is that different?

Which version of your osx? is it Lion or Mountain Lion? Both have issues with slow dns lookup with entries in /etc/hosts.

My coworkers experienced the same slowness. See Mac OSX Lion DNS lookup order for discussion. It's kinda messy.