Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#702 closed defect (invalid)

too many open files (/dev/urandom)

Reported by: bigras.bruno@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.7.x
Keywords: Cc:
uname -a: Linux ubuntunew 3.13.0-44-generic #73-Ubuntu SMP Tue Dec 16 00:23:46 UTC 2014 i686 i686 i686 GNU/Linux
nginx -V: nginx version: nginx/1.7.9 built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --add-module=/home/bbigras/nginx/nginx-1.7.9/debian/modules/naxsi/naxsi_src --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --add-module=/home/bbigras/nginx/nginx-1.7.9/debian/modules/ngx_http_auth_pam_module-1.2 --add-module=/home/bbigras/nginx/nginx-1.7.9/debian/modules/ngx_http_enhanced_memcached_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --with-ipv6

Description

I have this problem where nginx stops accepting requests and I see 'too many files open' in the logs.

When I use ls -l /proc/<pid of one worker>/fd, I see a lot of /dev/urandom entries.

It seems that when I access a vhost that uses fastcgi (nagios and gitweb), the number of urandom entries increase and doesn't get released.

I don't know what to do next.

Change History (4)

comment:1 Changed 5 years ago by vbart

Could you reproduce the problem without 3rd-party modules?

comment:2 Changed 5 years ago by bigras.bruno@…

I don't have the problem when I don't have any 3rd-party modules.

I tested and the problem seems to be caused by Auth PAM. I'll try to contact the author.

comment:3 Changed 5 years ago by vbart

  • Resolution set to invalid
  • Status changed from new to closed

Please also note that the module uses the PAM library which doesn't have asynchronous API, so it can block event loop and significantly degrade performance of nginx.

I close this ticket as the issue is caused by 3rd-party code.

comment:4 Changed 5 years ago by bigras.bruno@…

Thanks for the tip. I'll try nginx-auth-ldap instead.

Just in case someone find this bug one day. There was a similar problem with OpenVPN with LDAP+TLS in 2009.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543941
http://thread.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2125

Note: See TracTickets for help on using tickets.