it our build from nginx repository it a vanilla source On Mon, Mar 13, 2017 at 3:30 PM, Thomas Ward <tew...@dark-net.net> wrote:
> Eww, that looks like a backport exploded. > > Do me a favor and file a bug in Ubuntu for this with `ubuntu-bug nginx` so > the retraced can trace the core dump. > > > Thomas > > > > *Sent from my iPhone. Please excuse any typos, as they are likely to > happen by accident.* > > On Mar 13, 2017, at 09:24, George . <geo...@ucdn.com> wrote: > > > Hi Valentin, Sorry, I've sent the mail incidentally before I complete it > ;) > > ssl_proxy_cores # ./nginx -V > nginx version: nginx/1.10.3 > built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) > built with OpenSSL 1.0.2g 1 Mar 2016 (running with OpenSSL 1.0.2g-fips 1 > Mar 2016) > TLS SNI support enabled > configure arguments: --prefix=/cdn/nginx_ssl_proxy --with-cc-opt='-O0 -g > -ggdb -march=core2' --with-debug --with-http_geoip_module > --with-http_realip_module --with-http_ssl_module > --without-http_charset_module --without-http_ssi_module > --without-http_userid_module --without-http_autoindex_module > --without-http_scgi_module --without-http_uwsgi_module > --without-http_fastcgi_module --without-http_limit_conn_module > --without-http_split_clients_module --without-http_limit_req_module > --with-http_stub_status_module --with-http_v2_module > > > and some variables values : > > > (gdb) p q > $1 = (ngx_queue_t *) 0x3fb0ab0 > (gdb) p * q > $2 = {prev = 0xd3210507e0f72630, next = 0x5f5ded63e9edd904} > (gdb) p h2c->waiting > $3 = {prev = 0x3ac6ea0, next = 0x3fb0ab0} > > > and here is the config > > nginx.conf: > > # SSL Proxy config for ************** > > user cdnuser cdnuser; > worker_processes auto; > pid /cdn/tmp/nginx_ssl_proxy.pid; > > #error_log logs/error.nginx.log debug; > error_log /dev/null error; > > worker_rlimit_nofile 73728; > worker_rlimit_core 10240M; > working_directory /cdn/tmp/ssl_proxy_cores/; > > events { > worker_connections 24576; > use epoll; > } > > http { > > include mime.types; > default_type application/octet-stream; > reset_timedout_connection on; > client_header_timeout 60s; > client_body_timeout 60s; > send_timeout 60s; > client_header_buffer_size 16k; > large_client_header_buffers 4 16k; > client_body_buffer_size 1k; > client_max_body_size 1k; > connection_pool_size 512; > server_names_hash_bucket_size 4096; > server_names_hash_max_size 4096; > request_pool_size 8k; > output_buffers 1 256k; > postpone_output 1460; > proxy_buffers 8 8k; > > sendfile on; > tcp_nopush off; > tcp_nodelay on; > keepalive_timeout 60 20; > keepalive_requests 256; > ignore_invalid_headers on; > recursive_error_pages on; > resolver **********; > resolver_timeout 5s; > > #------------------------ > # SSL > #------------------------ > > ssl_ciphers '*************************************'; > ssl_prefer_server_ciphers on; > ssl_session_timeout 15m; > ssl_session_cache shared:SSL:50m; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_session_tickets on; > ssl_stapling on; > ssl_dhparam /cdn/ssl_certs/common/dhparam2048.pem; > ssl_buffer_size 16k; > > #------------------------ > # GeoIP > #------------------------ > > geoip_country /usr/share/GeoIP/GeoIP.dat; > set_real_ip_from 127.0.0.1; > real_ip_header X-Forwarded-For; > > #------------------------ > # Dynamic config stuff > #------------------------ > > variables_hash_max_size 2048; > variables_hash_bucket_size 256; > > #------------------------ > # Log Formats > #------------------------ > > log_format cdn_ssl_log '``$connection``$connection_ > requests``$remote_addr``$geoip_city_country_code``$ > http_host``$request``$status``$request_method``$http_range`` > $bytes_sent``$body_bytes_sent``$request_time``$http_user_ > agent``$http_referer``$https``$http2``$sent_http_content_ > type``$sent_http_content_length``$sent_http_location``$ > sent_http_connection``$sent_http_keep_alive``$sent_http_ > transfer_encoding``$sent_http_cache_control``$sent_http_ > content_range``$sent_http_expires``$tcpinfo_rtt``$ > tcpinfo_rttvar``$tcpinfo_snd_cwnd``$tcpinfo_rcv_space``$ > upstream_addr``$upstream_connect_time``$upstream_cache_ > status``$upstream_status``$upstream_response_time``$ > upstream_response_length``$server_protocol``$ssl_cipher`` > $ssl_protocol``$ssl_server_name``$ssl_session_reused`'; > > access_log syslog:server=**********,tag=rp_ssl_log cdn_ssl_log; > > #------------------------ > # Default and Main Server > #------------------------ > > upstream local_rp { > server unix:/cdn/tmp/nginx.sock; > keepalive 16; > } > > > #------------------------ > # *.ssl.ucdn.com server block > #------------------------ > > server { > listen *:443 ssl http2; > server_name *.ssl.ucdn.com; > > ssl_certificate /cdn/ssl_certs/shared/ssl.ucdn.com.crt; > ssl_certificate_key /cdn/ssl_certs/shared/ssl.ucdn.com.key; > > proxy_http_version "1.1"; > proxy_set_header Connection ""; > proxy_intercept_errors on; > proxy_max_temp_file_size 0; > > proxy_connect_timeout 10s; > proxy_read_timeout 60s; > proxy_send_timeout 10s; > > proxy_set_header Host $http_host; > proxy_set_header X-Forwarded-For $remote_addr; > proxy_set_header X-CDN-Force-SSL "True"; > proxy_set_header X-CDN-HTTP2 "$http2"; > proxy_set_header X-CDN-HTTPS "$https"; > > location / { > proxy_pass http://local_rp; > error_page 301 302 307 = @redir; > } > > location @redir { > internal; > set $cdn_upstream_http_location $upstream_http_location; > proxy_pass $cdn_upstream_http_location; > } > > } > > # other equivalent server blocks > # . > # . > # . > # . > } > > > On Mon, Mar 13, 2017 at 3:17 PM, Valentin V. Bartenev <vb...@nginx.com> > wrote: > >> On Monday 13 March 2017 15:06:17 George . wrote: >> > Hi all, >> > >> > We've found two different coredumps in production machines running >> 1.10.3 >> > handing ssl and http v2 traffic. >> > >> > Here is the backtrace of version compiles with -O0 -g -ggdb >> > >> [..] >> >> Do you use any 3rd-party modules or patches? Could you show >> nginx -V output? >> >> wbr, Valentin V. Bartenev >> >> _______________________________________________ >> nginx-devel mailing list >> nginx-devel@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> > > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > > > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel >
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel