On 07/10/15 19:32, Edgar Pettijohn wrote:
On 07/08/15 22:04, Theodore Wynnychenko wrote:
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
Behalf Of Edgar
Pettijohn
Sent: Wednesday, July 08, 2015 8:52 PM
To: misc@openbsd.org
Subject: Re: httpd stops accepting connections after a few hours on
current
On 07/08/15 12:15, Henrik Friedrichsen wrote:
I have encountered the same problem as has the guy in [1]. Maybe it is
worth a bug report?
Could this be related to FastCGI and exhaustion of some ressource?
[1]:
https://www.facebook.com/groups/2210554563/permalink/10153383131319564/
Have you run in debug mode?
# httpd -dvvv
------
Hello
Earlier today, I started it in debug mode.
What I noticed is that for the first few hours there is nothing much of
interest.
A bunch of:
http://server3.tldn.com 10.0.28.254 - - [08/Jul/2015:14:38:31 -0500]
"POST
/rpc/ClientApi HTTP/1.1" 301 0
server http://server3.tldn.com, client 1552 (36 active),
10.0.28.254:65357 ->
10.0.28.131, https://server3.tldn.com/index.html (301 Moved Permanently)
But, then I noticed (and I actually did notice this in the logs the
other day,
but was too stupid to understand that it was - I think now - important):
server https://server2.tldn.com, client 2067 (63 active),
10.0.28.254:60330 ->
10.0.28.130:443, buffer event error
server https://server2.tldn.com, client 1756 (72 active),
10.0.28.254:56005 ->
10.0.28.130:443, buffer event error
server https://server2.tldn.com, client 1521 (58 active),
10.0.28.254:56066 ->
10.0.28.130:443, buffer event error
server https://server2.tldn.com, client 2068 (63 active),
10.0.28.254:52350 ->
10.0.28.130:443, buffer event error
The httpd.conf you supplied doesn't show this server serving fastcgi
is that true? I'm testing a similiar config to see if I can duplicate
the error.
It appears that the "buffer event error"s aren't there for a few
hours, then
start, then increase, and eventually there is no more logging, and
httpd is not
responsive.
[demime 1.01d removed an attachment of type
application/x-pkcs7-signature which had a name of smime.p7s]
This may not have been the most scientific test, but I was able to
reproduce as follows:
httpd.conf
server "default" {
listen on $ext_addr port 80
directory auto index
}
server "secure" {
listen on 192.168.1.5 tls port 443
tls certificate "/etc/ssl/web.crt"
tls key "/etc/ssl/private/web.key"
directory auto index
}
test.sh
#!/bin/sh
while true
do
wget --no-check-certificate https://192.168.1.5/sasl/index.html
&& rm index.html
done
had to add --no-check-certificate due to:
ERROR: cannot verify 192.168.1.5's certificate, issued by
'CN=192.168.1.5,L=Austin,ST=Texas,C=US':
Self-signed certificate encountered.
I tried a couple of certificates all self signed with the same results.
httpd -dvvv
secure 192.168.1.5 - - [10/Jul/2015:20:52:13 -0500] "GET
/sasl/index.html HTTP/1.1" 200 5491
server secure, client 3101 (1 active), 192.168.1.5:21322 ->
192.168.1.5:443, buffer event error
secure 192.168.1.5 - - [10/Jul/2015:20:52:13 -0500] "GET
/sasl/index.html HTTP/1.1" 200 5491
server secure, client 3002 (3 active), 192.168.1.5:23332 ->
192.168.1.5:443, buffer event error
secure 192.168.1.5 - - [10/Jul/2015:20:52:13 -0500] "GET
/sasl/index.html HTTP/1.1" 200 5491
server secure, client 3102 (1 active), 192.168.1.5:23204 ->
192.168.1.5:443, buffer event error
(after killing test.sh)
server_accept_tls: TLS accept failed - accept failed: Connection reset
by peer