django-social-auth在Google OpenID中给出了502错误,但只有少数用户

Question

在过去的几周里,我一直在与一只虫子作斗争,这让我疯狂.请帮忙!

这是症状:

如果用户没有登录到GMail,他可以毫无问题地登录我的网站(使用GMail openID).这将显然促使用户首先在GMail中进行身份验证.

但是,如果用户已经在GMail中进行了身份验证,他会看到由nginx生成的502错误页面.

这只发生在一些用户身上(我不是其中之一),其中一个用户非常友好地报告甚至制作了一个视频来演示:

http://rvzt.net/Temp/google-freedomsponsors.webm

怪不是吗？

我在生产中为django-social-auth添加了一些调试行,试图了解正在发生的事情(这里,只需按ctrl + f +'logger'来查找我的更改)

使用此设置,健康登录尝试将使用类似的东西充斥我的(django)日志文件

2013-09-06 11:19:26,659 [DEBUG] social_auth.backends: auth_complete ARGS=(), KWARGS={...} 2013-09-06 11:19:26,666 [DEBUG] social_auth.backends: response and status <openid.consumer.consumer.SuccessResponse id='https://id.mixi.jp/10452407' signed=[u'openid.mode', u'openid.claimed_id', u'openid.identity', u'openid.op_endpoint', u'openid.return_to', u'openid.response_nonce', u'openid.assoc_handle', u'openid.ax.type.nickname', u'openid.ns.ax', u'openid.ax.mode', u'openid.ax.value.nickname']> / success 2013-09-06 11:19:26,675 [DEBUG] social_auth.views: got user: 5ca95b48317944cd87b7d5af4b6e77 2013-09-06 11:19:26,683 [DEBUG] social_auth.views: return redirect to: /

但是,此特定用户失败登录尝试在django的日志文件中不生成任何输出.因此,它甚至没有触及视图方法.

但是在nginx上有一些日志.

这是一个糟糕的登录尝试(在/var/log/nginx/access.log中):

```130.225.243.86 - - [03/Sep/2013:13:23:39 +0000]"GET /complete/google/?janrain_nonce=2013-09-03T13%3A23%XXXXXXXXXX&openid.ns=http%3A%2F %2Fspecs.openid.net%2Fauth%2F2.0&openid.mode = id_res&openid.op_endpoint = HTTPS%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce = 2013-09-03T13%3A23%3A38Zh5WrngwxTu2ByQ&openid.return_to = http%3A%2F%2Ffreedomsponsors.org%2Fcomplete%2Fgoogle%2F%3Fjanrain_nonce%3D2013-09-03T13%253A23%253XXXXXXXXXX&openid.assoc_handle = 1.AMlYXXXXXXXXXXXr5MKoxu- k-3cnkXXXXXXXXXXXXXXXXXXXXXXgdEpo3HOg&和openid.signed = op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.old_email%2Cext1.value.old_email%2Cext1.type.first_name%2Cext1.value.first_name%2Cext1 .type.last_name%2Cext1.value.last_name%2Cext1.type.email%2Cext1.value.email&openid.sig = 3n46MUyn8wIIWpvYIJXj%2BeZqC7o%3D&openid.identity = HTTPS%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid %3Fid%3DAItOawmGmlrjd-OuXXXXXXXXXXXXXXXtIXGpMJQ&openid.claimed_id = HTTPS%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawmGmlrjd-OuXXXXXXXXXXXXXXXXIXGpMJQ&openid.ns.ext1 = HTTP%3A%2F%2Fopenid.net%2Fsrv%2Fax %2F1.0&openid.ext1.mode = fetch_response&openid.ext1.type.old_email = HTTP%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ext1.value.old_email = xxxxxxxxx.junior%40gmail.com&openid.ext1.type.first_name = HTTP%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ext1.value.first_name =巴斯蒂安&openid.ext1.type.last_name = HTTP%3A%2F%2Faxschema.org%2FnamePerson%2Flast&的OpenID. ext1.value.last_name = Hougaard&openid.ext1.type.email = http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.value.email = xxxxxxxxx.junior%40gmail.com HTTP/1.1"502 575"http://freedomsponsors.org/login/google/""Mozilla/5.0(X11; Linux x86_64)AppleWebKit/537.36(KHTML,与Gecko一样)Chrome/29.0.1547.62 Safari/537.36"

```

这总是伴随着/var/log/nginx/errors.log中的条目,如:

2013/09/06 10:46:06 [error] 667#0: *116533 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 130.225.198.129, server: freedomsponsors.org, request: "GET //complete/google/?janrain_nonce=2013-09-03T13%3A23%XXXXXXXXXXX&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2013-09-03T13%3A23%3A38Zh5WrngwxTu2ByQ&openid.return_to=http%3A%2F%2Ffreedomsponsors.org%2Fcomplete%2Fgoogle%2F%3Fjanrain_nonce%3D2013-09-03T13%253A23%253XXXXXXXXXX&openid.assoc_handle=1.AMlYXXXXXXXXXXXr5MKoxu-_k_-3cnkXXXXXXXXXXXXXXXXXXXXXXgdEpo3HOg&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.old_email%2Cext1.value.old_email%2Cext1.type.first_name%2Cext1.value.first_name%2Cext1.type.last_name%2Cext1.value.last_name%2Cext1.type.email%2Cext1.value.email&openid.sig=3n46MUyn8wIIWpvYIJXj%2BeZqC7o%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawmGmlrjd-OuXXXXXXXXXXXXXXXtIXGpMJQ&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawmGmlrjd-OuXXXXXXXXXXXXXXXXIXGpMJQ&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_response&openid.ext1.type.old_email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ext1.value.old_email=xxxxxxxxx.junior%40gmail.com&openid.ext1.type.first_name=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ext1.value.first_name=Bastian&openid.ext1.type.last_name=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ext1.value.last_name=Hougaard&openid.ext1.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.value.email=xxxxxxxxx.junior%40gmail.com HTTP/1.1", upstream: "uwsgi://unix:///tmp/frespo.sock:", host: "freedomsponsors.org", referrer: "http://freedomsponsors.org/login/google/"

一个好的登录尝试看起来是一样的(在access.log中),而不是以.结尾

502 575 "http://freedomsponsors.org/login/google/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36"

它结束于

302 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36"

当然,它不会在error.log中生成任何条目.

我的生产环境是带有文件套接字的标准nginx + uswgi,非常类似于本教程所说的 - > https://uwsgi.readthedocs.org/en/latest/tutorials/Django_and_nginx.html

我很乐意为你提供任何帮助!

Answer 1

胜利!!!

稍微研究一下后,我发现uwsgi有一个--daemonize选项,可以将uwsgi日志定向到一个文件.

启用后,我开始看到"无效请求块大小:4167(最大4096)...跳过"之类的错误

所以我添加了另一个配置选项:buffer-size = 8192 问题就消失了.

非常感谢巴斯蒂安帮助我调试这个问题!