Welcome! Log In Create A New Profile

Advanced

Re: Leaky NGINX Plugin Advice

Roman Arutyunyan
April 25, 2024 10:42AM
Hello,

As this is a development-related question, a better list for it is nginx-devel@nginx.org <mailto:nginx-devel@nginx.org>.

> On 23 Apr 2024, at 1:40 PM, Alex Hussein-Kershaw (HE/HIM) via nginx <nginx@nginx.org> wrote:
>
> Hi Folks,
>
> I've inherited an nginx plugin, written against 0.7.69 that has recently been moved to use nginx 1.24.0 to resolve the need to ship old versions of openssl.
>
> I've found during performance testing that it's leaking file descriptors. After a few hours running and leaking I hit my configured limit of 100k worker_connections which gets written to logs, and nginx starts "reusing connections".
>
> The leaked file descriptors don't show up in the output of "ss", they look like this in lsof:
>
> $ /usr/bin/lsof -p 2875952 | grep protocol | head -2
> nginx 2875952 user 8u sock 0,8 0t0 2222824178 protocol: TCP
> nginx 2875952 user 19u sock 0,8 0t0 2266802646 protocol: TCP
>
> Googling suggests this may be a socket that has been created but never had a "bind" or "connect" call. I've combed through our plugin code, and am confident it's not responsible for making and leaking these sockets.
>
> I should flag two stinkers which may be responsible:
> We have "lingering_timeout" set to an hour, a hack to allow long poll / COMET requests to not be torn down before responding. Stopping load and waiting for an hour does drop some of these leaked fds, but not all. After leaking 17k fds, I stopped my load test and saw it drop to 7k fds which appeared to remain indefinitely. Is this a terrible idea?
> Within our plugin, we are incrementing the request count field for the same purpose. I'm not really sure why we need both of these, maybe I'm missing something but I can't get COMET polls to work without. I believe that was inspired by Nchan which does something similar. Should I be able to avoid requests getting torn down via this method without lingering_timeout?
>
> What could be responsible for these leaked file descriptors and worker connections? I'm unexperienced with nginx so any pointers of where to look are greatly appreciated.

Incrementing request counter should be done carefully and can lead to socket leaks.

To investigate the issue deeper, you can enable debug logging in nginx and find the leaked socket there by "fd:" prefix.
Then track the leaked connection by its connection number (prefixed with '*' in log).

>
> Many thanks,
> Alex
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <mailto:nginx@nginx.org>
> https://mailman.nginx.org/mailman/listinfo/nginx

----
Roman Arutyunyan
arut@nginx.com




_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Re: Leaky NGINX Plugin Advice

Roman Arutyunyan 356 April 25, 2024 10:42AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 144
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready