-
-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Harbor] input.harbor.ssl don't accept connections after some time #3067
Comments
It seems this issue is Debian-specific. I'm unable to reproduce this using Ubuntu. To reproduce it, you can use either the docker image savonet/liquidsoap:v2.1.4 or the virtual machine with Debian bullseye. It's possible to use self-signed certs. settings.harbor.ssl.certificate.set("cert.pem")
settings.harbor.ssl.private_key.set("key.pem")
live = input.harbor.ssl(
"live",
port=8005,
password="test",
icy=true,
)
output.dummy(mksafe(live)) The problem happens because the
Then use The same problem exists in 2.2.0+git@8101608. ssl_transport = http.transport.ssl(
certificate="cert.pem",
key="key.pem",
)
live = input.harbor(
"live",
transport=ssl_transport,
port=8005,
password="test",
icy=true,
)
output.dummy(mksafe(live)) |
For now I just try to remove all I will try with the Docker image later maybe. |
Ok, I have tried with the Debian Docker image and the issue seem still here: lot of But I can still connect because it never hit the limit of the log message So I don't know, maybe I will try to compile the binary without using the Debian package on the machine where the issue occur. |
@codeurimpulsif, settings.harbor.ssl.certificate.set("#{TLS_CERTIFICATE_PATH}/fullchain.pem")
settings.harbor.ssl.private_key.set("#{TLS_CERTIFICATE_PATH}/privkey.pem") |
@vitoyucepi Yes rights are ok, it's not a permission issue |
Found the same problem after I changed the rights for
Check Also spelling errors |
@vitoyucepi Yes on the raspberry pi the ulimit is 1024. Of course I can increase it but I think it will just hide the real problem (the |
Reproduction
|
Thanks for reporting. This could point to file descriptor leak from I pushed a PR fixing this here: #3071 Any chance you could test? This would be with the |
2.2.0+git@27ec137 looks the same Log
|
This should be fixed now! |
@vitoyucepi what do you use to generate certificate and key? In the tests, we use:
Then:
|
I'll check the release artifacts from https://github.com/savonet/liquidsoap/actions/runs/4972860470 |
Liquidsoap 2.2.0+git@4af8db1 The same problem as before. Log
|
Thanks for insisting @vitoyucepi This is confirmed fixed in 57d4897 and in the latest |
Describe the bug
I use
input.harbor.ssl
to input external stream but after some time (I don't know exactly how many time, few days for sure) I can't connect anymore.Note: This issue seem similar to #1403 where I leave a comment.
To Reproduce
The script:
A netstat (
netstat -altupn | grep <harbor-port> | grep "CLOSE_WAIT"
) or ss (ss -tap state CLOSE-WAIT | grep "liquidsoap"
) command show me there is a lot of open connections (250 exactly) to the harbor port inCLOSE_WAIT
state.I can reproduce the issue by sending lot of connections (using
nc -z <harbor-ip> <harbor-port>
, curl don't seem to reproduce), after some time I can't connect anymore on harbor port and open connections in CLOSE_WAIT state are still here, never flushed.Liquidsoap logs shows
Failed to accept new client: SSL accept() error: error:00000000:lib(0):func(0):reason(0)
each time I open a connection (and of course add a connection inCLOSE_WAIT
state to the previous netstat or ss list).Then at some point (I can't say when exactly) a normal streaming source (I use Butt) can't connect anymore.
Then it reach the limit with log message
Failed to accept new client: Too many open files in accept()
, but only when I try to reproduce with this test. In normal conditions it take days to append and there is noToo many open files in accept()
log messages, only theSSL accept() error
ones.Expected behavior
Version details
2.1.4-debian-bullseye-1
Install method
Debian package from this Github repository
The text was updated successfully, but these errors were encountered: