Forum: NGINX Nginx mod_security leaks file descriptors

35b3fa05e0be5105b0e8a066f00922dc?d=identicon&s=25 Kiril Kalchev (Guest)
on 2013-08-22 13:26
(Received via mailing list)
Attachment: smime.p7s (3 KB)
Hi,

I have a problem with nginx and mod_security module. After reloading
nginx configuration (kill -HUP <master-nginx-pid>) all files opened by
mod_security are opened once again without closing the old ones. That
means at some point we hit the limit of open file descriptors, in my
real life scenario I leak over 300 files on each reload.

Here are my sample configs just to illustrate the problem:
============================================================
nginx.conf
user www-data www-data;
worker_processes 6;
worker_rlimit_nofile 200000;

error_log /var/log/nginx/error.log debug;

events {
        worker_connections  16384;
        multi_accept on;
        use epoll;
}

http {
        server {
                listen 80;
                location / {
                        ModSecurityEnabled on;
                        ModSecurityConfig modsecurity.conf;
                        return 555;
                }
        }
}

============================================================
modsecurity.conf:

# Debug log
SecDebugLog /var/log/waf/events.log
============================================================

In this situation after each configuration reload I am leaking open
files:

www-data@dev03 ~ # lsof | grep nginx | wc -l; kill -HUP `ps aux | grep
'nginx: master process' | grep -v grep | awk '{print $2}'`; sleep 2;
lsof | grep nginx |  wc -l
361
368

I am using Ubuntu 12.04 LTS and nginx _openresty 1.4.2.1

(DEPLOY)www-data@dev03:~# nginx -V
nginx version: ngx_openresty/1.4.2.1
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled

Does someone else have the same problem?

I will be happy to provide other information if necessary.

Regards,
Kiril
5c9288bc69731638bbfb353205d812cc?d=identicon&s=25 Alan Silva (Guest)
on 2013-08-22 17:17
(Received via mailing list)
Hi Kiril,

I think the better place to make this question its on modsecurity users
list, because apparently its a problem in modsecurity module and don't
in NGINX.

Regards,

Alan
35b3fa05e0be5105b0e8a066f00922dc?d=identicon&s=25 Kiril Kalchev (Guest)
on 2013-08-22 17:21
(Received via mailing list)
Attachment: smime.p7s (3 KB)
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.