Memory leak in outgoing https connections
Maxim Dounin
mdounin at mdounin.ru
Thu Jul 21 21:58:44 UTC 2011
Hello!
On Thu, Jul 21, 2011 at 12:44:50PM -0400, knyar wrote:
> Hi!
>
> I believe, there is a memory leak in nginx somewhere in handling
> outgoing HTTPS connections. I am using it as a simple http-to-https
> proxy. My configuration is the following:
>
> resolver 8.8.8.8;
> server {
> listen 127.0.0.1:81;
> server_name localhost;
> access_log off;
> location / {
> proxy_pass $http_x_proxy_url;
> }
> }
>
> When I try to run something like:
> bash -c "while :; do curl -H 'X-Proxy-Url: https://any-https-site.tld/'
> http://localhost:81/; done"
>
> I see nginx eating more and more memory with each request.
Thank you for report, attached patch fixes the leak.
Workaround is "proxy_ssl_session_reuse off;".
Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1311285311 -14400
# Node ID 024d5976f5410e49fcbf4fc967bb0d0a28568c0f
# Parent 9b978fa3cd3356f633d83adb05bcdf5c55dd487a
Upstream: fix memory leak with resolved peers and ssl.
As round robin peers created with ngx_http_upstream_create_round_robin_peer()
are allocated from request pool saved ssl sessions leaked on request
destruction. Since saving sessions is useless here anyway (each peer is only
used once) - fix this by not saving sessions at all.
diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c
--- a/src/http/ngx_http_upstream_round_robin.c
+++ b/src/http/ngx_http_upstream_round_robin.c
@@ -15,6 +15,16 @@ static ngx_uint_t
ngx_http_upstream_get_peer(ngx_http_upstream_rr_peers_t *peers);
+#if (NGX_HTTP_SSL)
+
+static ngx_int_t ngx_http_upstream_dummy_set_session(ngx_peer_connection_t *pc,
+ void *data);
+static void ngx_http_upstream_dummy_save_session(ngx_peer_connection_t *pc,
+ void *data);
+
+#endif
+
+
ngx_int_t
ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
ngx_http_upstream_srv_conf_t *us)
@@ -343,10 +353,8 @@ ngx_http_upstream_create_round_robin_pee
r->upstream->peer.free = ngx_http_upstream_free_round_robin_peer;
r->upstream->peer.tries = rrp->peers->number;
#if (NGX_HTTP_SSL)
- r->upstream->peer.set_session =
- ngx_http_upstream_set_round_robin_peer_session;
- r->upstream->peer.save_session =
- ngx_http_upstream_save_round_robin_peer_session;
+ r->upstream->peer.set_session = ngx_http_upstream_dummy_set_session;
+ r->upstream->peer.save_session = ngx_http_upstream_dummy_save_session;
#endif
return NGX_OK;
@@ -688,6 +696,20 @@ ngx_http_upstream_free_round_robin_peer(
#if (NGX_HTTP_SSL)
+static ngx_int_t
+ngx_http_upstream_dummy_set_session(ngx_peer_connection_t *pc, void *data)
+{
+ return NGX_OK;
+}
+
+
+static void
+ngx_http_upstream_dummy_save_session(ngx_peer_connection_t *pc, void *data)
+{
+ return;
+}
+
+
ngx_int_t
ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data)
More information about the nginx
mailing list