dpca4790 2018-06-11 17:10
浏览 197
已采纳

大文件的cURL SSL错误

I'm trying to make some backup of my production server and send the backup compressed in tar.gz in another server. This was working fine before updating my server to php7.2-fpm (for HTTP2.0).

I get this error :

Fatal error: Uncaught Exception: SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

Here is the configuration of my two servers:

- Production server :
- System : Linux debian2 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64
- Apache : Apache/2.4.33
- Php : PHP Version 7.2.5-1 (with FPM api)

- Backup server :
- System : Linux debian2 3.16.0-4-amd64 #1 SMP Debian 3.16.51-3 (2017-12-13) x86_64
- Apache : Apache/2.4.10
- Php : PHP Version 7.1.13-1 (with Apache 2.0 handler)

The backup server is still with HTTP1, the production server use HTTP2 protocol.

So in order to make my backup, i go to my root folder and just compress everything inside as a .tar.gz.

To send the file here is the code i use :

/**
 * @brief Sends a file.
 * @param      Array          $data    The data to send (backup file path, file name)
 * @param      String|string  $action  The action (platformBackup, databaseBackup)
 * @return     Array|boolean
 */
public static function sendFile(Array $data, String $action) : Array
{
    $cFile = curl_file_create($data['file']);
    $data['save'] = $cFile;

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,SERVER_SAVE_URL.'/'.SERVER_SAVE_TOKEN.'/' . $action . '/'.PLATEFORM_ID);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_HTTPHEADER,array('Content-Type: multipart/form-data'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec($ch);

    if ($result === false)
    {
        throw new Exception(curl_error($ch), curl_errno($ch));
    }

    $result = json_decode($result, true);
    return $result;
}

This works with a small file (less than 1Gb). But not with larger one.

My first thought was a bad configuration of Apache and php7.2-fpm because everything worked great before.

But i think that this is ok, here is the variables i changed in my php/7.2/fpm/php.ini :

max_execution_time = 10800 
memory_limit = 1024M
post_max_size = 10000M
upload_max_filesize = 10000M

I also try to force them in the php/7.2/fpm/pool.d/www.conf but nothing change.

Thanks in advance for your help !

EDIT :

I update my backup server to Apache 2.4.33 and enable HTTP2.0 protocol with php7.2-fpm. When i try to backup i got a message in my error log :

[Tue Jun 12 13:10:34.829260 2018] [proxy_fcgi:error] [pid 9092:tid 140388941666048] (70008)Partial results are valid but processing is incomplete: [client XXX.XXX.XXX.XXX:XXX] AH01075: Error dispatching request to : (reading input brigade)

From a php7.1-fpm server i got 

503 Service Unavailable

From a php7.2-fpm i got :

Fatal error: Uncaught Exception: SSL read:error:00000000:lib(0):func(0):reason(0), errno 104

Since nothing worked with php and apache I told myself that the problem came from elsewhere, i watch my filesystem which is ext4 so no problem with large file and i try to send a backup with SCP which work great too. So for me the problem only come from PHP, Apache or cURL.

As a reminder, the backup works for a little server (800mb) but not for larger one (3.4Gb)

EDIT 1 :

It seems that SSL is the problem, when i disable it on my backup server everything works. As a temporary solution i just encrypt the file with openssl with a generated key and send it to my backup server.

  • 写回答

1条回答 默认 最新

  • douyin4561 2018-06-13 10:04
    关注

    EDIT: in these other topics:

    It is explained how to raise the SSL buffer size at apache config (which could be your problem).

    <Directory /my/site/here>
...
  # Set this to something big...
  SSLRenegBufferSize 10486000
...
</Directory>

    Source: @kongekrabben

    **

    I have seen many of these problems in our corporate apps, mainly because the web servers were old to support new cipher suites.

    In order to completly discard SSL I would run the following test using openssl:

    To Test TLS1.2

    openssl s_client -connect ${DoMain}:${port} -tls1_2

    Change -tls1_2 to tls1 or tls1_1 or ssl3 to test other cipher suites.

    The above will simulate a SSL handshake and transmission, if all good it should end with exit code 0.

    To read the exit code at bash, just echo $? after executing the previous command

    Then, a nmap scan will list all SSL ciphers available from a server, please note this is an invasive test and could actually trigger Security Software resulting in banned requester’s IP. DO NOT use this second test unless you are sure what you are doing:

    nmap --script ssl-enum-ciphers ${DoMain}

    Hope this helps.

    Then, depending on the results set this in your PHP libcurl declaration:

    curl_setopt($ch, CURLOPT_SSLVERSION, $int);

    Where $int stands for the SSL cipher suite to be used:

    • CURL_SSLVERSION_DEFAULT (0)
    • CURL_SSLVERSION_TLSv1 (1)
    • CURL_SSLVERSION_SSLv2 (2)
    • CURL_SSLVERSION_SSLv3 (3)
    • CURL_SSLVERSION_TLSv1_0 (4)
    • CURL_SSLVERSION_TLSv1_1 (5)
    • CURL_SSLVERSION_TLSv1_2 (6)

    Doc: http://php.net/manual/en/function.curl-setopt.php

    @stackOverflow admins: I am sorry, I wanted to comment but do not have enough points to do so. Please edit or copy/paste then remove my answer and place it in a comment if needed.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料