Description
Hello @boazsegev,
Here is an issue related to TLS connections, I suppose lost or reset state while in use.
System Information
- OS: FreeBSD 12.1-RELEASE-p3 GENERIC amd64
- Ruby: 2.7.1p83
- Version: 0.7.40
- OpenSSL: 1.1.1d-freebsd 10 Sep 2019
Description
I launch Iodine with following command in a FreeBSD service (run as root):
$GEMDIR/iodine -b X.X.X.X -p 443 -w 1 -tls-cert $CERTDIR/cert.pem -tls-key $CERTDIR/privkey.pem -public $DIR/public -v 2>$DIR/log/iodine.log -verbosity 5 &
Observed behaviors explained here could not be reproduced in HTTP, without TLS.
Behavior with static files
Static path is set at Iodine launch, Ruby should not be involved in static files delivery.
On some static file requests, the TLS connection fails to finish sending data and the process overloads CPU. The connection seems to stop working and is closed with a TLS cleanup after about 1min 37sec.
Example:
First try to load 2.32db9452.chunk.js file, all seems to be okay.
DEBUG (fio_tls_openssl.c:868): Attaching TLS read/write hook for 0x100c (server mode).
DEBUG (fio_tls_openssl.c:345): TLS ALPN set to: http/1.1 for 0x100c
DEBUG (fio_tls_openssl.c:767): Completed TLS handshake for 0x100c
- - [Thu, 18 Jun 2020 13:16:57 GMT] "GET /webapp/static/js/2.32db9452.chunk.js HTTP/1.1" 200 200736b 0ms
- - [Thu, 18 Jun 2020 13:16:57 GMT] "GET /favicon.ico HTTP/1.1" 200 15406b 249ms
DEBUG (fio_tls_openssl.c:647): TLS cleanup for 0x110a
DEBUG (fio.c:327): FD 17 re-initialized (state: 0x110b-closed).
DEBUG (fio_tls_openssl.c:647): TLS cleanup for 0xf0e
DEBUG (fio.c:327): FD 15 re-initialized (state: 0xf0f-closed).
A couple more reloads work as well.
- - [Thu, 18 Jun 2020 13:17:13 GMT] "GET /webapp/static/js/2.32db9452.chunk.js HTTP/1.1" 200 200736b 443ms
- - [Thu, 18 Jun 2020 13:17:14 GMT] "GET /favicon.ico HTTP/1.1" 200 15406b 80ms
- - [Thu, 18 Jun 2020 13:17:17 GMT] "GET /webapp/static/js/2.32db9452.chunk.js HTTP/1.1" 200 200736b 237ms
- - [Thu, 18 Jun 2020 13:17:17 GMT] "GET /favicon.ico HTTP/1.1" 200 15406b 215ms
One more time, 2.32db9452.chunk.js file delivery is stopped with about one half of data sent, the process overloads the CPU at 100% for about 25-30 seconds:
- - [Thu, 18 Jun 2020 13:17:21 GMT] "GET /webapp/static/js/2.32db9452.chunk.js HTTP/1.1" 200 200736b 111ms
DEBUG (fio.c:327): FD 17 re-initialized (state: 0x110c-open).
DEBUG (fio_tls_openssl.c:868): Attaching TLS read/write hook for 0x110c (server mode).
DEBUG (fio_tls_openssl.c:345): TLS ALPN set to: http/1.1 for 0x110c
DEBUG (fio_tls_openssl.c:767): Completed TLS handshake for 0x110c
The log says that the file is delivered but it's incomplete.
The browser waits for the end of the file.
After 1 min and 37 sec, the connection seems to be reinitialized or closed:
- - [Thu, 18 Jun 2020 13:17:22 GMT] "GET /favicon.ico HTTP/1.1" 200 15406b 0ms
DEBUG (fio_tls_openssl.c:647): TLS cleanup for 0x100c
DEBUG (fio.c:327): FD 16 re-initialized (state: 0x100d-closed).
The browser stops waiting, shows a HTTP code 200 but received file is not complete.
It seems to occur on files bigger than 100-150kb maybe. The one in the example is 200kb.
I could not reproduce it with smaller files, but I could with larger ones, like images.
Behavior with Websockets
I observed something similar with websockets, so I add it to this issue.
I open a websocket, exchange a small amount of data and suddenly or after about 15 minutes, the process starts running 100% of the CPU forever.
The previously opened websocket does not seem to respond.
It's hard to say what is going on in the websocket. I activated Ruby logs in all events but they show no error.
There is nothing in Iodine logs, the server is not crashed but is very slow until I restart it.
I hope this information is enough to analyse the issue.
Don't hesitate to ask if I can help.
Kindly,
Franck