I haven’t really messed with Pound v3 at all, but tried to test this out using your configuration (adapted for IP & hostname), a basic apache2 listener on port 80 with no Nextcloud or anything fancy, & a self-signed SSL certificate and it segfaults for me pretty much immediately on Ubuntu 18.04 LTS with Pound compiled by hand when it receives a curl request. Maybe this output will help Robert or someone else in debugging:
debug option 5 /home/ubuntu/Pound-3.0/src/config.c:632 start get_others /home/ubuntu/Pound-3.0/src/config.c:564 start get_global /home/ubuntu/Pound-3.0/src/config.c:74 user 0 /home/ubuntu/Pound-3.0/src/config.c:80 group 0 /home/ubuntu/Pound-3.0/src/config.c:85 start get_backends /home/ubuntu/Pound-3.0/src/config.c:123 addr 127.0.0.1 /home/ubuntu/Pound-3.0/src/config.c:139 port 80 /home/ubuntu/Pound-3.0/src/config.c:142 push /home/ubuntu/Pound-3.0/src/config.c:168 start get_https /home/ubuntu/Pound-3.0/src/config.c:489 address 192.168.64.6 /home/ubuntu/Pound-3.0/src/config.c:510 port 443 /home/ubuntu/Pound-3.0/src/config.c:513 start get_services /home/ubuntu/Pound-3.0/src/config.c:209 HeadRequire Host: above-puma.local /home/ubuntu/Pound-3.0/src/config.c:237 push /home/ubuntu/Pound-3.0/src/config.c:258 start get_certificates /home/ubuntu/Pound-3.0/src/config.c:451 start get_one(/etc/pound/bundle.pem) /home/ubuntu/Pound-3.0/src/config.c:376 get_one add pattern above-puma.local /home/ubuntu/Pound-3.0/src/config.c:403 get_one: added 1 patterns /home/ubuntu/Pound-3.0/src/config.c:436 client 60 /home/ubuntu/Pound-3.0/src/config.c:516 start get_ciphers /home/ubuntu/Pound-3.0/src/config.c:334 cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-CAMELLIA-128-CBC-SHA /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-AES-128-CCM /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-AES-256-GCM-SHA384 /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-RC4-128-MD5 /home/ubuntu/Pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-3DES-EDE-CBC-SHA /home/ubuntu/Pound-3.0/src/config.c:346 push /home/ubuntu/Pound-3.0/src/config.c:552 Prepare backends /home/ubuntu/Pound-3.0/src/pound.c:153 Prepare listeners /home/ubuntu/Pound-3.0/src/pound.c:185 Prepare services for listener 0 /home/ubuntu/Pound-3.0/src/pound.c:188 7F8DB8DDE700 start service /home/ubuntu/Pound-3.0/src/http.c:45 Starting resurrector thread /home/ubuntu/Pound-3.0/src/util.c:80 7F8DB8DDE700 Null session: /home/ubuntu/Pound-3.0/src/http.c:52 7F8DB65D9700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB5DD8700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB5DD8700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB4DD6700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB4DD6700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB55D7700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB55D7700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB65D9700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB6DDA700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB6DDA700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB75DB700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB75DB700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB7DDC700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB7DDC700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB85DD700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535 7F8DB85DD700 start loop /home/ubuntu/Pound-3.0/src/http.c:539 7F8DB4DD6700 peer address 192.168.64.1 /home/ubuntu/Pound-3.0/src/http.c:549 7F8DB4DD6700 start sni /home/ubuntu/Pound-3.0/src/util.c:157 7F8DB4DD6700 sni for above-puma.local /home/ubuntu/Pound-3.0/src/util.c:165 Segmentation fault (core dumped) I actually tried it in a devuan chimaera VM first to use the same apt package as you but was running into even stranger behaviors where pound sometimes claimed it couldn’t bind to IP:https even when nothing else was listening on port 443. I suspect this is an OS-level issue regarding cleaning up sockets as it frequently happened when I tried to restart pound after it crashed and if I waited a while until the network table was clean of the last TIME_WAIT associated with port 443 it would start working again. But even when it would successfully bind it also immediately segfaulted on the first attempt to connect to it via curl: root@devuan:/etc/pound# pound -d 5 debug option 5 /build/pound-hSCqfU/pound-3.0/src/config.c:632 start get_others /build/pound-hSCqfU/pound-3.0/src/config.c:564 start get_global /build/pound-hSCqfU/pound-3.0/src/config.c:74 user 0 /build/pound-hSCqfU/pound-3.0/src/config.c:80 group 0 /build/pound-hSCqfU/pound-3.0/src/config.c:85 start get_backends /build/pound-hSCqfU/pound-3.0/src/config.c:123 addr 127.0.0.1 /build/pound-hSCqfU/pound-3.0/src/config.c:139 port 80 /build/pound-hSCqfU/pound-3.0/src/config.c:142 push /build/pound-hSCqfU/pound-3.0/src/config.c:168 start get_https /build/pound-hSCqfU/pound-3.0/src/config.c:489 address 172.16.237.150 /build/pound-hSCqfU/pound-3.0/src/config.c:510 port 443 /build/pound-hSCqfU/pound-3.0/src/config.c:513 start get_services /build/pound-hSCqfU/pound-3.0/src/config.c:209 HeadRequire Host: devuan.local /build/pound-hSCqfU/pound-3.0/src/config.c:237 push /build/pound-hSCqfU/pound-3.0/src/config.c:258 start get_certificates /build/pound-hSCqfU/pound-3.0/src/config.c:451 start get_one(/etc/pound/bundle.pem) /build/pound-hSCqfU/pound-3.0/src/config.c:376 get_one add pattern devuan.local /build/pound-hSCqfU/pound-3.0/src/config.c:403 get_one: added 1 patterns /build/pound-hSCqfU/pound-3.0/src/config.c:436 client 60 /build/pound-hSCqfU/pound-3.0/src/config.c:516 start get_ciphers /build/pound-hSCqfU/pound-3.0/src/config.c:334 cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-CAMELLIA-128-CBC-SHA /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-AES-128-CCM /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-AES-256-GCM-SHA384 /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-RC4-128-MD5 /build/pound-hSCqfU/pound-3.0/src/config.c:346 cipher TLS-RSA-WITH-3DES-EDE-CBC-SHA /build/pound-hSCqfU/pound-3.0/src/config.c:346 push /build/pound-hSCqfU/pound-3.0/src/config.c:552 Prepare backends /build/pound-hSCqfU/pound-3.0/src/pound.c:153 Prepare listeners /build/pound-hSCqfU/pound-3.0/src/pound.c:185 Prepare services for listener 0 /build/pound-hSCqfU/pound-3.0/src/pound.c:188 Starting resurrector thread /build/pound-hSCqfU/pound-3.0/src/util.c:80 7FCDAF89E700 start service /build/pound-hSCqfU/pound-3.0/src/http.c:45 7FCDAF89E700 Null session: /build/pound-hSCqfU/pound-3.0/src/http.c:52 7FCDAC898700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAC898700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAC097700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAC097700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAB896700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAB896700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAD099700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAD099700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAD89A700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAD89A700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAE09B700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAE09B700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAE89C700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAE89C700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAF09D700 thr_http start /build/pound-hSCqfU/pound-3.0/src/http.c:535 7FCDAF09D700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539 7FCDAF09D700 peer address 172.16.237.1 /build/pound-hSCqfU/pound-3.0/src/http.c:549 7FCDAF09D700 start sni /build/pound-hSCqfU/pound-3.0/src/util.c:157 7FCDAF09D700 sni for devuan.local /build/pound-hSCqfU/pound-3.0/src/util.c:165 Segmentation fault -T > On Aug 19, 2021, at 16:45, Emanuel Loos via pound <pound@apsis.ch> wrote: > > Thank you for the kind words! > > Looks like pound really wasn't running when you checked. It should when and > after you receive this email. > > Here is what Pound writes when trying to access a page with Firefox: > > 700 start sni /build/pound-hSCqfU/pound-3.0/src/util.c:157 > 7FD71E405700 start do_request /build/pound-hSCqfU/pound-3.0/src/http.c:257 > 7FD71E405700 start do_http2 /build/pound-hSCqfU/pound-3.0/src/http2.c:296 > 7FD71E405700 start get_be /build/pound-hSCqfU/pound-3.0/src/http.c:143 > 7FD724C12700 start backend_2 /build/pound-hSCqfU/pound-3.0/src/backend.c:213 > 100.64.250.47 - - [Fri Aug 20 01:00:12 2021] "GET /index.php/login HTTP/1.1" > 200 8985 > > Surprisingly it didn't crash this time. Looks like the crashes where > independent from this and caused due to restarting it to fast. However, even > though Pound says everything goes as it should it doesn't: Firefox reports a > Network Protocol Error (see attached screenshots). Lynx (a command line > webbrowser), however, is able to access the service without problems. Putting > this together with the error curl gives I have an idea what the issue could > be: I think, since Pound is writing about HTTP1.1 and curl is writing about > HTTP2 the HTTP versions might be somehow mixed up or wrongly identified. I > don't know how to check and/or fix this, however. > > Emanuel Loos > > Am 20.08.21 um 00:01 schrieb Todd Fleisher via pound: >> FWIW - right now I can connect to the public IPv4 address for >> nc.emanuel-loos.eu <http://nc.emanuel-loos.eu> (185.128.244.57), only the >> onion service @ >> http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion/index.php/login >> >> <http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion/index.php/login> >> is responding. The public IPv4 address refuses connections. >> >> Assuming the onion service points to the same apache2 backend and it >> actually works beyond just loading the login page, this would seem to point >> to an issue with your pound instance - maybe it is no longer running due to >> a crash or you stopped it deliberately. Once you verify it is running, you >> could also try to attach an strace to pound's PID to see what is happening >> when you make a request to it and/or when it is hammering your CPU like you >> mentioned below. >> >> -T >> >> P.S. Kudos to you for being aware of the power of self-hosting and trying to >> learn more about it. It feels like an overlooked concept with younger >> generations so it’s refreshing to see sentiments like yours >> >>> On Aug 19, 2021, at 13:34, Emanuel Loos via pound <pound@apsis.ch >>> <mailto:pound@apsis.ch>> wrote: >>> >>> Am 19.08.21 um 21:39 schrieb Emanuel Loos via pound: >>>> If it helps: The backend is an apache2 web server with a lot of PHP >>>> (Nextcloud) and also available on this Tor Onion Service: >>>> >>>> http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion >>>> <http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion> >>>> >>>> Thanks in advance! >>>> >>>> Emanuel Loos >>>> >>>> Am 19.08.21 um 21:02 schrieb Emanuel Loos via pound: >>>>>> -----Original Message----- >>>>>> From: pound <pound-boun...@apsis.ch> On Behalf Of Emanuel Loos via pound >>>>>> Sent: Thursday, August 19, 2021 10:34 AM >>>>>> To: pound@apsis.ch >>>>>> Cc: Emanuel Loos <m...@mailing-lists.emanuel-loos.eu> >>>>>> Subject: Re: [pound] PR_END_OF_FILE_ERROR in Firefox and ERR_CONNECTION >>>>>> refused in Chromium but lynx works >>>>>> >>>>>> Hello the third time, >>>>>> >>>>>> just reporting that for some reason Pound just started using the full >>>>>> CPU power on one core: >>>>>> >>>>>> PID USER PR NI VIRT RES SHR S %CPU %MEM ZEIT+ BEFEHL >>>>>> 3590 root 20 0 1274244 16664 3144 R 99,3 0,1 37:35.29 >>>>>> pound >>>>>> >>>>>> it is not a problem for me right now as it is a small private server >>>>>> doing not much else (except sending this email) right now but I don't >>>>>> thing that is how it should be. Anyway I think I'll still keep Pound >>>>>> running (or maybe restart it) for now so if anyone wants to help me with >>>>>> my problem Pound is online and the problem can investigated easier. >>>>>> >>>>>> Thanks in advance! >>>>>> >>>>>> Emanuel Loos >>>>>> >>>>>> Am 19.08.21 um 17:00 schrieb Emanuel Loos via pound: >>>>>>> Hello again, >>>>>>> >>>>>>> just wanted to add that with curl this happens: >>>>>>> >>>>>>> emanuel@devuan-emanuel:~$ curl >>>>>>> https://nc.emanuel-loos.eu/index.php/login >>>>>>> curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err >>>>>>> 1) >>>>>>> >>>>>>> I left Pound running on my server so as long as there is no crash >>>>>>> (like when trying to connect using Firefox or Chromium but not lynx or >>>>>>> curl) it should stay online. You are welcome to test it yourself if it >>>>>>> helps. >>>>>>> >>>>>>> Anyone got an idea what the problem could be or how to debug it further? >>>>>>> >>>>>>> Thanks in advance! >>>>>>> >>>>>>> Emanuel Loos >> >> >> > > -- > pound mailing list > pound@apsis.ch > https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch >
-- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch