Overview: I am using nginx 1.6.2 with php-fpm 5.3.35 and enabled HTTPS. All installed on FreeBSD 10.1 / amd64. When I try to access the site using TLS1.0 or greater, the server worker crashes. Steps to Reproduce: I reproduced this bug successfully on the Virtual Machine. Here is the steps: - install FreeBSD (tested on 10.0 and 10.1) - install packages: nginx php5 curl - configure nginx to work with php-fpm (I used this tutorial: http://wiki.nginx.org/PHPFcgiExample) - create any .php page, I used simple index.php with phpinfo(): <?php phpinfo(); ?> - create self signed or get CA signed certificate (no matter for this) - launch the HTTPS enabled site - test with curl (see below) Actual Results: I tested this site using curl with several SSL parameters: 1. curl -k --sslv3 https://testpage.server.domain/ Result: - curl showed generated page from phpinfo() 2. curl -k --tlsv1.0 https://testpage.server.domain/ Result: - curl: (52) Empty reply from server - dmesg: pid 59695 (nginx), uid 80: exited on signal 11 3. curl -k --tlsv1.1 https://testpage.server.domain/ Result: - same as above 4. curl -k --tlsv1.2 https://testpage.server.domain/ Result: - same as above Expected Results: Any test mentioned above should not crash the nginx. Build Date & Hardware: FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 All packages from latest pkg repository: curl-7.39.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers nginx-1.6.2_1,2 Robust and small WWW server php5-5.4.35 PHP Scripting Language Additional Builds and Platforms: Virtual Machine on Microsoft Hyper-V. Same FreeBSD and the packages. Additional Information: 1. I was unable to get core, after nginx crashes. I tried to incerase worker_limit_core in nginx.conf to 20480M but with no success: worker_rlimit_core 20480M; working_directory /var/crash/; # fstat /var/crash USER CMD PID FD MOUNT INUM MODE SZ|DV R/W NAME www nginx 96008 wd /var/crash 4 drwxrwxrwx 2 r /var/crash After nginx worker crashes, there is no core in /var/crash 2. There is no access log or error log when nginx worker crashes. 3. The server works correctly with static html content (all the tests mentioned above have passed).
Auto-assigned to maintainer osa@FreeBSD.org
Hi, could you please show the nginx.conf file. Also, recently www/nginx has been upgraded to latest stable version 1.8.0, could you please try to reproduce the issue with new version.
Created attachment 156430 [details] nginx.conf
(In reply to Sergey A. Osokin from comment #2) Hi, I updated the system to latest version. Currently I have: OS: FreeBSD 10.1-RELEASE-p9 Packages: curl-7.42.1 nginx-1.8.0,2 php56-5.6.8 The problem still exists. The results are the same as above. Please check my nginx.conf
Thanks for report. Two questions here: 1) are you using third-party modules? Could you please provide nginx -V output? 2) is there any chance to compile nginx with debugging log and try to reproduce the issue?
Few days ago I've spent some time on debugging this (note to myself: use "master_process off" to get an usable core file), and it seems to be related to SSL session cache; it crashes somewhere in ssl_update_cache(). Basically, uncommenting this line in the server section of the default nginx.conf: ssl_session_cache shared:SSL:1m; ... uncommenting this seems to trigger the problem; when running without ssl_session_cache the crash doesn't seem to occur. This thread - http://comments.gmane.org/gmane.comp.web.haproxy/16402 - mentions a bug that looks similar, although for haproxy, not nginx. Might be a good idea to consult FreeBSD OpenSSL maintainer?
Hi Sergey, I updated packages and the problem disappeared (?). Currently I have: curl-7.43.0_2 nginx-1.8.0_3,2 php56-5.6.11 I tried to reproduce this problem on clean install on VM, but currently everything works correctly. Probably the problem was solved somewhere between nginx-1.8.0,2 and nginx-1.8.0_3,2 Answering to your questions: 1) This is standard instalation with default port options: # nginx -V nginx version: nginx/1.8.0 built with OpenSSL 1.0.1l-freebsd 15 Jan 2015 (running with OpenSSL 1.0.1j-freebsd 15 Oct 2014) TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-ipv6 --http-client-body-temp- path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/ tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module --with-pcre --with-http_ ssl_module 2) I did not do that, due to the problem was solved after package upgrade. Thank you for your support. Due to the fact that the problem has disappeared and cannot be reproduced, this bug can be closed.
Closed by originator request. Thanks for report!