110 nginx timeout_error ai_generated true

upstream timed out (110: Connection timed out) while connecting to upstream, client: 10.0.0.1, server: example.com, upstream: "http://127.0.0.1:8080"

ID: nginx/upstream-timed-out-110-connection-timed-out-while-connecting-to-upstream

Also available as: JSON · Markdown · 中文
85%Fix Rate
85%Confidence
1Evidence
2023-10-05First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
nginx 1.24.0 active
nginx 1.22.1 active
nginx 1.20.2 active
nginx 1.18.0 active

Root Cause

Nginx cannot establish a TCP connection to the upstream server because the server is unreachable, firewalled, or overloaded, causing the connection attempt to exceed the proxy_connect_timeout.

generic

中文

Nginx 无法与上游服务器建立 TCP 连接,因为服务器不可达、被防火墙阻止或过载,导致连接尝试超过 proxy_connect_timeout。

Official Documentation

https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout

Workarounds

  1. 80% success Increase proxy_connect_timeout to allow more time for connection: proxy_connect_timeout 30s; Also verify upstream reachability: telnet 127.0.0.1 8080 Check firewall rules: iptables -L -n | grep 8080 
    Increase proxy_connect_timeout to allow more time for connection:
proxy_connect_timeout 30s;
Also verify upstream reachability: telnet 127.0.0.1 8080
Check firewall rules: iptables -L -n | grep 8080
  2. 75% success Add upstream server health checks and remove unhealthy servers: upstream backend { server 127.0.0.1:8080 max_fails=3 fail_timeout=30s; server 10.0.0.2:8080 backup; } This allows nginx to skip unresponsive servers. 
    Add upstream server health checks and remove unhealthy servers:
upstream backend {
    server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
    server 10.0.0.2:8080 backup;
}
This allows nginx to skip unresponsive servers.
  3. 90% success Check if the upstream server is running and listening: systemctl status myapp netstat -tlnp | grep 8080 Restart the upstream service if needed. 
    Check if the upstream server is running and listening:
systemctl status myapp
netstat -tlnp | grep 8080
Restart the upstream service if needed.

中文步骤

  1. 增加 proxy_connect_timeout 以允许更多连接时间:
proxy_connect_timeout 30s;
同时验证上游可达性:telnet 127.0.0.1 8080
检查防火墙规则:iptables -L -n | grep 8080
  2. 添加上游服务器健康检查并移除不健康的服务器:
upstream backend {
    server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
    server 10.0.0.2:8080 backup;
}
这允许 nginx 跳过无响应的服务器。
  3. 检查上游服务器是否正在运行并监听:
systemctl status myapp
netstat -tlnp | grep 8080
如有必要,重新启动上游服务。

Dead Ends

Common approaches that don't work:

  1. 60% fail

    The timeout occurs during the TCP handshake, not during data transfer; these settings do not affect connect timeout.

  2. 40% fail

    The error is at the transport layer; protocol version is irrelevant.

  3. 30% fail

    Keepalive only helps after a connection is established; it does not prevent connection timeouts.