Hello, I compiled the new release 3.0.1 from source and tested if it
fixes my issue but it didn't. The errors in Firefox and Chromium are
still the same. I think it has something to do with TLS since HTTP works
but HTTPS doesn't. I am using a certificate from "Let's Encrypt"
obtained via certbot. I copied fullchain and private key in one file
(like I did for Hiawatha) and specified it as certificate in my Pound
config. Is this the right way?
Thanks in advance!
Emanuel Loos
Am 20.08.21 um 18:15 schrieb Todd Fleisher via pound:
I haven’t really messed with Pound v3 at all, but tried to test this
out using your configuration (adapted for IP & hostname), a basic
apache2 listener on port 80 with no Nextcloud or anything fancy, & a
self-signed SSL certificate and it segfaults for me pretty much
immediately on Ubuntu 18.04 LTS with Pound compiled by hand when it
receives a curl request. Maybe this output will help Robert or someone
else in debugging:
debug option 5 /home/ubuntu/Pound-3.0/src/config.c:632
start get_others /home/ubuntu/Pound-3.0/src/config.c:564
start get_global /home/ubuntu/Pound-3.0/src/config.c:74
user 0 /home/ubuntu/Pound-3.0/src/config.c:80
group 0 /home/ubuntu/Pound-3.0/src/config.c:85
start get_backends /home/ubuntu/Pound-3.0/src/config.c:123
addr 127.0.0.1 /home/ubuntu/Pound-3.0/src/config.c:139
port 80 /home/ubuntu/Pound-3.0/src/config.c:142
push /home/ubuntu/Pound-3.0/src/config.c:168
start get_https /home/ubuntu/Pound-3.0/src/config.c:489
address 192.168.64.6 /home/ubuntu/Pound-3.0/src/config.c:510
port 443 /home/ubuntu/Pound-3.0/src/config.c:513
start get_services /home/ubuntu/Pound-3.0/src/config.c:209
HeadRequire Host: above-puma.local
/home/ubuntu/Pound-3.0/src/config.c:237
push /home/ubuntu/Pound-3.0/src/config.c:258
start get_certificates /home/ubuntu/Pound-3.0/src/config.c:451
start get_one(/etc/pound/bundle.pem)
/home/ubuntu/Pound-3.0/src/config.c:376
get_one add pattern above-puma.local
/home/ubuntu/Pound-3.0/src/config.c:403
get_one: added 1 patterns /home/ubuntu/Pound-3.0/src/config.c:436
client 60 /home/ubuntu/Pound-3.0/src/config.c:516
start get_ciphers /home/ubuntu/Pound-3.0/src/config.c:334
cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-AES-128-CCM
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-AES-256-GCM-SHA384
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-RC4-128-MD5
/home/ubuntu/Pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-3DES-EDE-CBC-SHA
/home/ubuntu/Pound-3.0/src/config.c:346
push /home/ubuntu/Pound-3.0/src/config.c:552
Prepare backends /home/ubuntu/Pound-3.0/src/pound.c:153
Prepare listeners /home/ubuntu/Pound-3.0/src/pound.c:185
Prepare services for listener 0 /home/ubuntu/Pound-3.0/src/pound.c:188
7F8DB8DDE700 start service /home/ubuntu/Pound-3.0/src/http.c:45
Starting resurrector thread /home/ubuntu/Pound-3.0/src/util.c:80
7F8DB8DDE700 Null session: /home/ubuntu/Pound-3.0/src/http.c:52
7F8DB65D9700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB5DD8700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB5DD8700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB4DD6700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB4DD6700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB55D7700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB55D7700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB65D9700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB6DDA700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB6DDA700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB75DB700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB75DB700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB7DDC700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB7DDC700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB85DD700 thr_http start /home/ubuntu/Pound-3.0/src/http.c:535
7F8DB85DD700 start loop /home/ubuntu/Pound-3.0/src/http.c:539
7F8DB4DD6700 peer address 192.168.64.1
/home/ubuntu/Pound-3.0/src/http.c:549
7F8DB4DD6700 start sni /home/ubuntu/Pound-3.0/src/util.c:157
7F8DB4DD6700 sni for above-puma.local
/home/ubuntu/Pound-3.0/src/util.c:165
Segmentation fault (core dumped)
I actually tried it in a devuan chimaera VM first to use the same apt
package as you but was running into even stranger behaviors where
pound sometimes claimed it couldn’t bind to IP:https even when nothing
else was listening on port 443. I suspect this is an OS-level issue
regarding cleaning up sockets as it frequently happened when I tried
to restart pound after it crashed and if I waited a while until the
network table was clean of the last TIME_WAIT associated with port 443
it would start working again.
But even when it would successfully bind it also immediately
segfaulted on the first attempt to connect to it via curl:
root@devuan:/etc/pound# pound -d 5
debug option 5 /build/pound-hSCqfU/pound-3.0/src/config.c:632
start get_others /build/pound-hSCqfU/pound-3.0/src/config.c:564
start get_global /build/pound-hSCqfU/pound-3.0/src/config.c:74
user 0 /build/pound-hSCqfU/pound-3.0/src/config.c:80
group 0 /build/pound-hSCqfU/pound-3.0/src/config.c:85
start get_backends /build/pound-hSCqfU/pound-3.0/src/config.c:123
addr 127.0.0.1 /build/pound-hSCqfU/pound-3.0/src/config.c:139
port 80 /build/pound-hSCqfU/pound-3.0/src/config.c:142
push /build/pound-hSCqfU/pound-3.0/src/config.c:168
start get_https /build/pound-hSCqfU/pound-3.0/src/config.c:489
address 172.16.237.150 /build/pound-hSCqfU/pound-3.0/src/config.c:510
port 443 /build/pound-hSCqfU/pound-3.0/src/config.c:513
start get_services /build/pound-hSCqfU/pound-3.0/src/config.c:209
HeadRequire Host: devuan.local
/build/pound-hSCqfU/pound-3.0/src/config.c:237
push /build/pound-hSCqfU/pound-3.0/src/config.c:258
start get_certificates /build/pound-hSCqfU/pound-3.0/src/config.c:451
start get_one(/etc/pound/bundle.pem)
/build/pound-hSCqfU/pound-3.0/src/config.c:376
get_one add pattern devuan.local
/build/pound-hSCqfU/pound-3.0/src/config.c:403
get_one: added 1 patterns
/build/pound-hSCqfU/pound-3.0/src/config.c:436
client 60 /build/pound-hSCqfU/pound-3.0/src/config.c:516
start get_ciphers /build/pound-hSCqfU/pound-3.0/src/config.c:334
cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-AES-128-CCM
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-AES-256-GCM-SHA384
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-RC4-128-MD5
/build/pound-hSCqfU/pound-3.0/src/config.c:346
cipher TLS-RSA-WITH-3DES-EDE-CBC-SHA
/build/pound-hSCqfU/pound-3.0/src/config.c:346
push /build/pound-hSCqfU/pound-3.0/src/config.c:552
Prepare backends /build/pound-hSCqfU/pound-3.0/src/pound.c:153
Prepare listeners /build/pound-hSCqfU/pound-3.0/src/pound.c:185
Prepare services for listener 0
/build/pound-hSCqfU/pound-3.0/src/pound.c:188
Starting resurrector thread
/build/pound-hSCqfU/pound-3.0/src/util.c:80
7FCDAF89E700 start service /build/pound-hSCqfU/pound-3.0/src/http.c:45
7FCDAF89E700 Null session: /build/pound-hSCqfU/pound-3.0/src/http.c:52
7FCDAC898700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAC898700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAC097700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAC097700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAB896700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAB896700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAD099700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAD099700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAD89A700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAD89A700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAE09B700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAE09B700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAE89C700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAE89C700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAF09D700 thr_http start
/build/pound-hSCqfU/pound-3.0/src/http.c:535
7FCDAF09D700 start loop /build/pound-hSCqfU/pound-3.0/src/http.c:539
7FCDAF09D700 peer address 172.16.237.1
/build/pound-hSCqfU/pound-3.0/src/http.c:549
7FCDAF09D700 start sni /build/pound-hSCqfU/pound-3.0/src/util.c:157
7FCDAF09D700 sni for devuan.local
/build/pound-hSCqfU/pound-3.0/src/util.c:165
Segmentation fault
-T
On Aug 19, 2021, at 16:45, Emanuel Loos via pound <pound@apsis.ch
<mailto:pound@apsis.ch>> wrote:
Thank you for the kind words!
Looks like pound really wasn't running when you checked. It should
when and after you receive this email.
Here is what Pound writes when trying to access a page with Firefox:
700 start sni /build/pound-hSCqfU/pound-3.0/src/util.c:157
7FD71E405700 start do_request
/build/pound-hSCqfU/pound-3.0/src/http.c:257
7FD71E405700 start do_http2 /build/pound-hSCqfU/pound-3.0/src/http2.c:296
7FD71E405700 start get_be /build/pound-hSCqfU/pound-3.0/src/http.c:143
7FD724C12700 start backend_2
/build/pound-hSCqfU/pound-3.0/src/backend.c:213
100.64.250.47 - - [Fri Aug 20 01:00:12 2021] "GET /index.php/login
HTTP/1.1" 200 8985
Surprisingly it didn't crash this time. Looks like the crashes where
independent from this and caused due to restarting it to fast.
However, even though Pound says everything goes as it should it
doesn't: Firefox reports a Network Protocol Error (see attached
screenshots). Lynx (a command line webbrowser), however, is able to
access the service without problems. Putting this together with the
error curl gives I have an idea what the issue could be: I think,
since Pound is writing about HTTP1.1 and curl is writing about HTTP2
the HTTP versions might be somehow mixed up or wrongly identified. I
don't know how to check and/or fix this, however.
Emanuel Loos
Am 20.08.21 um 00:01 schrieb Todd Fleisher via pound:
FWIW - right now I can connect to the public IPv4 address for
nc.emanuel-loos.eu <http://nc.emanuel-loos.eu>
<http://nc.emanuel-loos.eu <http://nc.emanuel-loos.eu>>
(185.128.244.57), only the onion service @
http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion/index.php/login
<http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion/index.php/login>
<http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion/index.php/login
<http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion/index.php/login>> is
responding. The public IPv4 address refuses connections.
Assuming the onion service points to the same apache2 backend and it
actually works beyond just loading the login page, this would seem
to point to an issue with your pound instance - maybe it is no
longer running due to a crash or you stopped it deliberately. Once
you verify it is running, you could also try to attach an strace to
pound's PID to see what is happening when you make a request to it
and/or when it is hammering your CPU like you mentioned below.
-T
P.S. Kudos to you for being aware of the power of self-hosting and
trying to learn more about it. It feels like an overlooked concept
with younger generations so it’s refreshing to see sentiments like yours
On Aug 19, 2021, at 13:34, Emanuel Loos via pound <pound@apsis.ch
<mailto:pound@apsis.ch> <mailto:pound@apsis.ch
<mailto:pound@apsis.ch>>> wrote:
Am 19.08.21 um 21:39 schrieb Emanuel Loos via pound:
If it helps: The backend is an apache2 web server with a lot of
PHP (Nextcloud) and also available on this Tor Onion Service:
http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion
<http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion>
<http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion
<http://jlw3fkl2xecpqarvz3qavyl7d7m43j5swxjskofhtdgb6f2cfp2cccid.onion>>
Thanks in advance!
Emanuel Loos
Am 19.08.21 um 21:02 schrieb Emanuel Loos via pound:
-----Original Message-----
From: pound <pound-boun...@apsis.ch
<mailto:pound-boun...@apsis.ch>> On Behalf Of Emanuel Loos via pound
Sent: Thursday, August 19, 2021 10:34 AM
To: pound@apsis.ch <mailto:pound@apsis.ch>
Cc: Emanuel Loos <m...@mailing-lists.emanuel-loos.eu
<mailto:m...@mailing-lists.emanuel-loos.eu>>
Subject: Re: [pound] PR_END_OF_FILE_ERROR in Firefox and
ERR_CONNECTION refused in Chromium but lynx works
Hello the third time,
just reporting that for some reason Pound just started using the
full CPU power on one core:
PID USER PR NI VIRT RES SHR S %CPU %MEM ZEIT+
BEFEHL
3590 root 20 0 1274244 16664 3144 R 99,3 0,1
37:35.29 pound
it is not a problem for me right now as it is a small private
server doing not much else (except sending this email) right now
but I don't thing that is how it should be. Anyway I think I'll
still keep Pound running (or maybe restart it) for now so if
anyone wants to help me with my problem Pound is online and the
problem can investigated easier.
Thanks in advance!
Emanuel Loos
Am 19.08.21 um 17:00 schrieb Emanuel Loos via pound:
Hello again,
just wanted to add that with curl this happens:
emanuel@devuan-emanuel:~$ curl
https://nc.emanuel-loos.eu/index.php/login
<https://nc.emanuel-loos.eu/index.php/login>
curl: (92) HTTP/2 stream 0 was not closed cleanly:
PROTOCOL_ERROR (err
1)
I left Pound running on my server so as long as there is no crash
(like when trying to connect using Firefox or Chromium but not
lynx or
curl) it should stay online. You are welcome to test it
yourself if it
helps.
Anyone got an idea what the problem could be or how to debug it
further?
Thanks in advance!
Emanuel Loos
--
pound mailing list
pound@apsis.ch <mailto:pound@apsis.ch>
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
--
pound mailing list
pound@apsis.ch
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
