I recently switched from apache to nginx/php-fpm with a few PHP and Django sites. At some point, some users started reporting that they cannot access the websites and getting "server not found". They say:
I'm trying to open the website from my computer and get "server not found". If I go through other computer at work, or through my phone, everything is fine. My IP is: xxx.xxx.xxx.xxx
I've used grep on error log to find those IP's, but got nothing. It seems, that when user is "blocked" this way he cannot access the website anymore - it is not being cured by itself. On the other side, more than 30,000 people visit the sites every day with no problem.
There seem to be nothing special about those blocked ones - they use different browsers, have different subnets. It does not make sense.
Can you give any advice on how to diagnose and fix this problem?
One of my configs is:
server {
server_name example.net;
root /var/www/example/httpdocs;
index index.php;
charset utf-8;
error_log /var/www/example/nginx_error.log;
# banned users
include /var/www/example/ban.conf;
# rewrite rule
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?path=$1 last;
}
}
location /admin {
auth_basic "Restricted";
auth_basic_user_file /var/www/example/chronicler/htpasswd;
}
# including file with PHP related configuration parameters
include php_support;
}
ban.conf contents:
deny 178.49.145.133;
deny 109.237.124.172;
deny 95.24.207.110;
IpTables command:
sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
UPDATE
The problem was a firewall of my hosting provider. People were blocked and banned for the SYN flood, because my website made them do more than 50 HTTP requests at one go. This is a horrible situation and I had to make optimizations to solve it. Thank you for help, everybody!
It really sounds like a DNS service problem, in my practice i haven't seen this problem related to something different than DNS.
Can you give some more information about:
Also try adding a simple test.html (with just 'Test' in it), and ask the users/clients to try hit this file too (ex. http://domain.tld/test.html). Make sure that the file can be accessed normally, without forcing some redirect.
This way we can try to assure that the problem is not related to some bogus external resources [which affect only certain clients/ip's].
It's possible it's just general network issues. Are there any geographic similarities between your users that have issues? I'm in Australia, and I had similar issues with my last host through no fault of their own because of networks in the middle. In this case, there's not too much you can really do besides try to get in contact with the network causing issues, but that may or may not do much depending on who they are.
Do you have any kind of firewall enabled? For example csf has a Port Flood settings sections. Maybe a temporary IP ban because of some kind of network activity from their IP is the reason they receive a "server not found" error.
What about your http{} section in your nginx.conf, any send_timeout set (or anything like that ? Looks like more a network problem than a rewrite or anything like that.
You can try to set these setting a little bit higher:
In the same config file, do you have set things like limit_zone ? This can be problematic with NATed clients.
Can you copy here your nginx.conf ? Another things like tcp_nodelay off and/or tcp_nopush on ?
Server not found means DNS resolution failed. Check your DNS. Do you have both www.domain.tld and domain.tld setup? Do the IPs appear in access.log?