2

I've stumbled upon the following issue and can't seem to find a solution.

Setup: IIS server behind Amazon ELB setup to terminate SSL connections on the ELB with a setup of https 443 -> https 443 (port 443 on the ELB forwards to port 443 on the server). Port 80 is also connected via http 80 -> http 80.

When uploading files that are larger than about 7.5MB I'm getting 504 Gateway timeouts in the frontend.

The ELB has a valid certificate, and so do the IIS EC2 servers on 443. The ELB has an idle timeout of 120. IIS has keep-alive and a timeout of 120. Uploading files > 7.5MB (such as a 9MB file) via http (port 80) works flawlessly (in about 8 seconds) Uploading the same file via https does not work, and instead I get the gateway timeout after 120 seconds. All files below 7.5MB work flawlessly, the trouble starts at about 7.5MB.

The request does pass through to the EC2 server, but the file somehow gets cutoff at 7.5MB. Any ideas? SSL renegotation?

If I switch to https 443 -> http 80 setup (the ELB forwards the 443 request to port 80 on the IIS server), the uploads works fine.

If I pass through port 443 (tcp 443 -> tcp 443) and terminate SSL on the EC2 servers, the upload also works fine.

Why doesn't it work if I terminate the https connection on the ELB?

I'd appreciate any guidance. Thanks!

Daniel Friedmann
  • 21
  • 3
  • If you configure a larger [ELB idle timeout](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-idle-timeout.html), does the upload succeed more often? If so, that would help demonstrate (or rule out!) that that ELB setting is a factor in the issue. The AWS ELB docs indicate that the idle timeout is cancelled _when the backend server responds_, not before. Thus even though the client is sending/uploading data over the connection, the ELB waits for that server response, or the idle timeout, whichever comes first. – Castaglia Feb 13 '16 at 04:47

0 Answers0