Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#702 closed defect (invalid)

too many open files (/dev/urandom)

Reported by: Bruno Bigras Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.7.x
Keywords: Cc:
uname -a: Linux ubuntunew 3.13.0-44-generic #73-Ubuntu SMP Tue Dec 16 00:23:46 UTC 2014 i686 i686 i686 GNU/Linux
nginx -V: nginx version: nginx/1.7.9
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --add-module=/home/bbigras/nginx/nginx-1.7.9/debian/modules/naxsi/naxsi_src --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --add-module=/home/bbigras/nginx/nginx-1.7.9/debian/modules/ngx_http_auth_pam_module-1.2 --add-module=/home/bbigras/nginx/nginx-1.7.9/debian/modules/ngx_http_enhanced_memcached_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --with-ipv6

Description

I have this problem where nginx stops accepting requests and I see 'too many files open' in the logs.

When I use ls -l /proc/<pid of one worker>/fd, I see a lot of /dev/urandom entries.

It seems that when I access a vhost that uses fastcgi (nagios and gitweb), the number of urandom entries increase and doesn't get released.

I don't know what to do next.

Change History (4)

comment:1 by Valentin V. Bartenev, 5 years ago

Could you reproduce the problem without 3rd-party modules?

comment:2 by Bruno Bigras, 5 years ago

I don't have the problem when I don't have any 3rd-party modules.

I tested and the problem seems to be caused by Auth PAM. I'll try to contact the author.

comment:3 by Valentin V. Bartenev, 5 years ago

Resolution: invalid
Status: newclosed

Please also note that the module uses the PAM library which doesn't have asynchronous API, so it can block event loop and significantly degrade performance of nginx.

I close this ticket as the issue is caused by 3rd-party code.

comment:4 by Bruno Bigras, 5 years ago

Thanks for the tip. I'll try nginx-auth-ldap instead.

Just in case someone find this bug one day. There was a similar problem with OpenVPN with LDAP+TLS in 2009.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543941
http://thread.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2125

Note: See TracTickets for help on using tickets.