1.15.3 nginx core dumps -- with proxy_pass http://127.0.0.1:8080

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

1.15.3 nginx core dumps -- with proxy_pass http://127.0.0.1:8080

wld75
Any help much appreciated. This is my last closure step to move from apache
to nginx (using tomcat with proxy_pass.) Thanks in advance!

curl -v http://localhost:8080  or  curl -v http://127.0.0.1:8080  work. If I
remove proxy_pass statement, it works but goes to normal index.html

/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.1.0i  14 Aug 2018
TLS SNI support enabled
configure arguments: --add-module=../modsecurity-2.9.2/nginx/modsecurity
--with-cc-opt=-fno-optimize-sibling-calls


Here is the core dump

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `nginx: worker process      '.
Program terminated with signal 11, Segmentation fault.
#0  ngx_http_upstream_copy_allow_ranges (r=0xad66d0, h=0x7ffc3003a970,
offset=<optimized out>) at src/http/ngx_http_upstream.c:5176
5176        if (r->upstream->conf->force_ranges) {
Missing separate debuginfos, use: debuginfo-install
GeoIP-1.5.0-11.el7.x86_64 apr-1.4.8-3.el7_4.1.x86_64
apr-util-1.5.2-6.el7.x86_64 expat-2.1.0-10.el7_3.x86_64
glibc-2.17-222.el7.x86_64 libdb-5.3.21-24.el7.x86_64
libuuid-2.23.2-52.el7_5.1.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64
nss-softokn-freebl-3.36.0-5.el7_5.x86_64 pcre-8.32-17.el7.x86_64
xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) backtrace
#0  ngx_http_upstream_copy_allow_ranges (r=0xad66d0, h=0x7ffc3003a970,
offset=<optimized out>) at src/http/ngx_http_upstream.c:5176
#1  0x00000000004c5f66 in ngx_http_modsecurity_save_headers_out_visitor
(data=0xad66d0, key=<optimized out>, value=<optimized out>)
    at ../modsecurity-2.9.2/nginx/modsecurity/ngx_http_modsecurity.c:795
#2  0x00007fd2b216c1ad in apr_table_vdo () from /lib64/libapr-1.so.0
#3  0x00007fd2b216c26f in apr_table_do () from /lib64/libapr-1.so.0
#4  0x00000000004c7898 in ngx_http_modsecurity_save_headers_out
(r=0xad66d0)
    at ../modsecurity-2.9.2/nginx/modsecurity/ngx_http_modsecurity.c:737
#5  ngx_http_modsecurity_body_filter (r=<optimized out>, in=<optimized
out>)
    at ../modsecurity-2.9.2/nginx/modsecurity/ngx_http_modsecurity.c:1220
#6  0x000000000045843a in ngx_output_chain (ctx=ctx@entry=0xad8520,
in=in@entry=0x7ffc3003ad00) at src/core/ngx_output_chain.c:74
#7  0x00000000004b15ad in ngx_http_copy_filter (r=0xad66d0,
in=0x7ffc3003ad00) at src/http/ngx_http_copy_filter_module.c:152
#8  0x00000000004a8863 in ngx_http_range_body_filter (r=0xad66d0,
in=<optimized out>)
    at src/http/modules/ngx_http_range_filter_module.c:635
#9  0x0000000000489360 in ngx_http_output_filter (r=r@entry=0xad66d0,
in=in@entry=0x7ffc3003ad00)
    at src/http/ngx_http_core_module.c:1770
#10 0x000000000048ca94 in ngx_http_send_special (r=r@entry=0xad66d0,
flags=flags@entry=1) at src/http/ngx_http_request.c:3386
#11 0x000000000049bf13 in ngx_http_upstream_finalize_request
(r=r@entry=0xad66d0, u=u@entry=0xad7a70, rc=<optimized out>, rc@entry=0)
    at src/http/ngx_http_upstream.c:4436
#12 0x000000000049cc0d in ngx_http_upstream_process_request
(r=r@entry=0xad66d0, u=u@entry=0xad7a70)
    at src/http/ngx_http_upstream.c:4007
#13 0x000000000049cdd1 in ngx_http_upstream_process_upstream
(r=r@entry=0xad66d0, u=u@entry=0xad7a70)
    at src/http/ngx_http_upstream.c:3919
#14 0x000000000049e8cd in ngx_http_upstream_send_response (u=0xad7a70,
r=0xad66d0) at src/http/ngx_http_upstream.c:3232
#15 ngx_http_upstream_process_header (r=0xad66d0, u=0xad7a70) at
src/http/ngx_http_upstream.c:2429
#16 0x000000000049bf92 in ngx_http_upstream_handler (ev=<optimized out>) at
src/http/ngx_http_upstream.c:1281
#17 0x000000000047a914 in ngx_epoll_process_events (cycle=<optimized out>,
timer=<optimized out>, flags=<optimized out>)
    at src/event/modules/ngx_epoll_module.c:902
#18 0x0000000000471e39 in ngx_process_events_and_timers
(cycle=cycle@entry=0xad26c0) at src/event/ngx_event.c:242
#19 0x0000000000478cf4 in ngx_worker_process_cycle (cycle=0xad26c0,
data=<optimized out>) at src/os/unix/ngx_process_cycle.c:750
#20 0x0000000000477432 in ngx_spawn_process (cycle=cycle@entry=0xad26c0,
proc=proc@entry=0x478c83 <ngx_worker_process_cycle>,
    data=data@entry=0x0, name=name@entry=0x6a9fe5 "worker process",
respawn=respawn@entry=-3) at src/os/unix/ngx_process.c:199
#21 0x0000000000477fbb in ngx_start_worker_processes
(cycle=cycle@entry=0xad26c0, n=1, type=type@entry=-3)
    at src/os/unix/ngx_process_cycle.c:359
#22 0x00000000004793f1 in ngx_master_process_cycle
(cycle=cycle@entry=0xad26c0) at src/os/unix/ngx_process_cycle.c:131
#23 0x00000000004548e5 in main (argc=<optimized out>, argv=<optimized out>)
at src/core/nginx.c:382
(gdb)

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,281362,281362#msg-281362

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: 1.15.3 nginx core dumps -- with proxy_pass http://127.0.0.1:8080

Maxim Konovalov
Hello,

On 23/09/2018 21:37, ec2geek007 wrote:

> Any help much appreciated. This is my last closure step to move from apache
> to nginx (using tomcat with proxy_pass.) Thanks in advance!
>
> curl -v http://localhost:8080  or  curl -v http://127.0.0.1:8080  work. If I
> remove proxy_pass statement, it works but goes to normal index.html
>
> /usr/local/nginx/sbin/nginx -V
> nginx version: nginx/1.15.3
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
> built with OpenSSL 1.1.0i  14 Aug 2018
> TLS SNI support enabled
> configure arguments: --add-module=../modsecurity-2.9.2/nginx/modsecurity
> --with-cc-opt=-fno-optimize-sibling-calls
>
>
[...]

modsecurity-2.9.2 is a culprit.  Try to remove it from your build or
use modsec-3 instead

https://github.com/SpiderLabs/ModSecurity/tree/v3/master

--
Maxim Konovalov
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: 1.15.3 nginx core dumps -- with proxy_pass http://127.0.0.1:8080

wld75
Thanks Maxim.
However I also see
https://github.com/SpiderLabs/ModSecurity/issues/1697

Any one confirmed that a particular version in 3 modesecurity works?
Seems 3.0.4 modsecurity (which is not yet there) is most likely address all
known issues so far.
Hope I am wrong and a good version is out there.

Good day

-EC

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,281362,281367#msg-281367

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: 1.15.3 nginx core dumps -- with proxy_pass http://127.0.0.1:8080

Maxim Konovalov
On 24/09/2018 12:32, ec2geek007 wrote:
> Thanks Maxim.
> However I also see
> https://github.com/SpiderLabs/ModSecurity/issues/1697
>
> Any one confirmed that a particular version in 3 modesecurity works?
> Seems 3.0.4 modsecurity (which is not yet there) is most likely address all
> known issues so far.

There is a handful of outstanding bugs in modsec-3 and it is hard to
imagine that they all will be fixed in 3.0.4.

However, this is the only viable solution if you have to use
modsecurity.

Also, it is not clear whether your config is affected by the bug you
mentioned.  Hopefully not, check for this comment from Andrey

https://github.com/SpiderLabs/ModSecurity/issues/1697#issuecomment-382741141

--
Maxim Konovalov
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx