Chris,

Was just thinking if the file descriptors belonged to nginx why do they
disappear as soon as I restart tomcat ? I tried restarting nginx and the
open file descriptors don't disappear.

When I execute lsof -p <nginx pid> I do not see file descriptors in close
wait state

On Wed, 24 Jun 2020, 20:32 Ayub Khan, <ayub...@gmail.com> wrote:

> Chris,
>
> Ok, I will investigate nginx side as well. Thank you for the pointers
>
> On Wed, 24 Jun 2020, 19:45 Christopher Schultz, <
> ch...@christopherschultz.net> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>>
>> Ayub,
>>
>> On 6/24/20 11:05, Ayub Khan wrote:
>> > If some open file is owned by nginx why would it show up if I run
>> > the below command> sudo lsof -p $(cat /var/run/tomcat8.pid)
>>
>> Because network connections have two ends.
>>
>> - -chris
>>
>> > On Wed, Jun 24, 2020 at 5:53 PM Christopher Schultz <
>> > ch...@christopherschultz.net> wrote:
>> >
>> > Ayub,
>> >
>> > On 6/23/20 19:17, Ayub Khan wrote:
>> >>>> Yes we have nginx as reverse proxy, below is the nginx
>> >>>> config. We notice this issue only when there is high number
>> >>>> of requests, during non peak hours we do not see this issue.>
>> >>>> location /myapp/myservice{ #local machine proxy_pass
>> >>>> http://localhost:8080; proxy_http_version  1.1;
>> >>>>
>> >>>> proxy_set_header    Connection          $connection_upgrade;
>> >>>> proxy_set_header    Upgrade             $http_upgrade;
>> >>>> proxy_set_header    Host                $host;
>> >>>> proxy_set_header X-Real-IP           $remote_addr;
>> >>>> proxy_set_header X-Forwarded-For
>> >>>> $proxy_add_x_forwarded_for;
>> >>>>
>> >>>>
>> >>>> proxy_buffers 16 16k; proxy_buffer_size 32k; }
>> >
>> > You might want to read about tuning nginx to drop connections after
>> > a certain period of time, number of requests, etc. Looks like
>> > either a bug in nginx or a misconfiguration which allows
>> > connections to stick-around like this. You may have to ask the
>> > nginx people. I have no experience with nginx myself, while others
>> > here may have some experience.
>> >
>> >>>> location / { #  if using AWS Load balancer, this bit checks
>> >>>> for the presence of the https proto flag.  if regular http is
>> >>>> found, then issue a redirect
>> > to hit
>> >>>> the https endpoint instead if ($http_x_forwarded_proto !=
>> >>>> 'https') { rewrite ^ https://$host$request_uri? permanent; }
>> >>>>
>> >>>> proxy_pass          http://127.0.0.1:8080;
>> >>>> proxy_http_version 1.1;
>> >>>>
>> >>>> proxy_set_header    Connection          $connection_upgrade;
>> >>>> proxy_set_header    Upgrade             $http_upgrade;
>> >>>> proxy_set_header    Host                $host;
>> >>>> proxy_set_header X-Real-IP           $remote_addr;
>> >>>> proxy_set_header X-Forwarded-For
>> >>>> $proxy_add_x_forwarded_for;
>> >>>>
>> >>>>
>> >>>> proxy_buffers 16 16k; proxy_buffer_size 32k; }
>> >>>>
>> >>>> *below is the connector*
>> >>>>
>> >>>> <Connector port="8080"
>> >>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> >>>> connectionTimeout="2000" maxThreads="50000"
>> >>>> URIEncoding="UTF-8" redirectPort="8443" />
>> >
>> > 50k threads is a LOT of threads. Do you expect to handle 50k
>> > requests simultaneously?
>> >
>> >>>> these ports are random, I am not sure who owns the process.
>> >>>>
>> >>>> localhost:http-alt->localhost:55866 (CLOSE_WAIT) , here port
>> >>>> 55866 is a random port.
>> > I'm sure you'll find that 55866 is owned by nginx. netstat will
>> > tell you .
>> >
>> > I think you need to look at your nginx configuration. It would also
>> > be a great time to upgrade to a supported version of Tomcat. I
>> > would recommend 8.5.56 or 9.0.36.
>> >
>> > -chris
>> >
>> >>>> On Wed, Jun 24, 2020 at 12:48 AM Christopher Schultz <
>> >>>> ch...@christopherschultz.net> wrote:
>> >>>>
>> >>>> Ayub,
>> >>>>
>> >>>> On 6/23/20 16:23, Ayub Khan wrote:
>> >>>>>>> I executed  *sudo lsof -p $(cat /var/run/tomcat8.pid)
>> >>>>>>> *and I saw the below output, some in CLOSE_WAIT and
>> >>>>>>> others in ESTABLISHED. If there are 200 open file
>> >>>>>>> descriptors 160 are in CLOSE_WAIT state. When the count
>> >>>>>>> for CLOSE_WAIT increases I just have to restart
>> >>>>>>> tomcat.
>> >>>>>>>
>> >>>>>>> java    65189 tomcat8  715u     IPv6
>> >>>>>>> 237878311 0t0 TCP localhost:http-alt->localhost:43760
>> >>>>>>> (CLOSE_WAIT) java 65189 tomcat8  716u     IPv6
>> >>>>>>> 237848923       0t0 TCP
>> >>>>>>> localhost:http-alt->localhost:40568 (CLOSE_WAIT)
>> >>>>
>> >>>> These are connections from some process into Tomcat listening
>> >>>> on port 8080 (that's what localhost:http-alt is). So what
>> >>>> process owns the outgoing connection on port 40568 on the
>> >>>> same host?
>> >>>>
>> >>>> Are you using a reverse proxy?
>> >>>>
>> >>>>>>> most of the open files are in CLOSE_WAIT state I do not
>> >>>>>>> see anything related to database ip.
>> >>>>
>> >>>> Agreed. It looks like you have a reverse proxy who is
>> >>>> losing-track of connections, or who is (re)opening
>> >>>> connections when it may be unnecessar y.
>> >>>>
>> >>>> Can you share your <Connector> configuration from
>> >>>> server.xml? Remember to remove any secrets.
>> >>>>
>> >>>> -chris
>> >>>>
>> >>>>>>> On Mon, Jun 22, 2020 at 4:27 PM Felix Schumacher <
>> >>>>>>> felix.schumac...@internetallee.de> wrote:
>> >>>>>>>
>> >>>>>>>>
>> >>>>>>>> Am 22.06.20 um 13:22 schrieb Ayub Khan:
>> >>>>>>>>> Felix,
>> >>>>>>>>>
>> >>>>>>>>> I executed ls -l /proc/$(cat
>> >>>>>>>>> /var/run/tomcat8.pid)/fd/ and from the
>> >>>>>>>> output
>> >>>>>>>>> I see majority of them are related to sockets as
>> >>>>>>>>> shown below, some of
>> >>>>>>>> them
>> >>>>>>>>> point to the jar file of tomcat and others to the
>> >>>>>>>>> log file which is
>> >>>>>>>> created.
>> >>>>>>>>>
>> >>>>>>>>> socket:[2084570754] socket:[2084579487]
>> >>>>>>>>> socket:[2084578478] socket:[2084570167]
>> >>>>>>>>
>> >>>>>>>> Can you try the other command (lsof -p $(cat
>> >>>>>>>> ...tomcat.pid))? It should give a bit more details on
>> >>>>>>>> the used sockets that the proc directory.
>> >>>>>>>>
>> >>>>>>>> Felix
>> >>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> On Mon, Jun 22, 2020 at 1:28 PM Felix Schumacher <
>> >>>>>>>>> felix.schumac...@internetallee.de> wrote:
>> >>>>>>>>>
>> >>>>>>>>>> Am 22.06.20 um 11:41 schrieb Ayub Khan:
>> >>>>>>>>>>> Chris,
>> >>>>>>>>>>>
>> >>>>>>>>>>> I am using HikariCP for connection pooling. If
>> >>>>>>>>>>> the database is leaking connections then I
>> >>>>>>>>>>> should see connection not available exception.
>> >>>>>>>>>>>
>> >>>>>>>>>>> How do I find out which file descriptors are
>> >>>>>>>>>>> leaking ? these are not
>> >>>>>>>>>> files
>> >>>>>>>>>>> open on disk as there is no explicit disk file
>> >>>>>>>>>>> I/O in this application.
>> >>>>>>>>>>>
>> >>>>>>>>>>> I just use the below command to check for open
>> >>>>>>>>>>> file descriptors:
>> >>>>>>>>>>>
>> >>>>>>>>>>> watch "sudo ls /proc/`cat
>> >>>>>>>>>>> /var/run/tomcat8.pid`/fd/ | wc -l"
>> >>>>>>>>>> You could have a look at the name of the files in
>> >>>>>>>>>> the pids proc
>> >>>>>>>> directory.
>> >>>>>>>>>>
>> >>>>>>>>>> $ ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/
>> >>>>>>>>>>
>> >>>>>>>>>> Or you could use the tool lsof to find the open
>> >>>>>>>>>> file descriptors.
>> >>>>>>>>>>
>> >>>>>>>>>> $ lsof -p $(cat /var/run/tomcat8.pid)
>> >>>>>>>>>>
>> >>>>>>>>>> For both calls you should first change to the uid
>> >>>>>>>>>> of the tomcat user or use sudo as in your
>> >>>>>>>>>> example.
>> >>>>>>>>>>
>> >>>>>>>>>> Felix
>> >>>>>>>>>>
>> >>>>>>>>>>> Thanks and Regards Ayub
>> >>>>>>>>>>>
>> >>>>>>>>>>> On Sun, Jun 21, 2020 at 8:18 PM Christopher
>> >>>>>>>>>>> Schultz < ch...@christopherschultz.net> wrote:
>> >>>>>>>>>>>
>> >>>>>>>>>>> Ayub,
>> >>>>>>>>>>>
>> >>>>>>>>>>> On 6/20/20 11:51, Ayub Khan wrote:
>> >>>>>>>>>>>>>> Sorry we are using  8.0.32 version of
>> >>>>>>>>>>>>>> tomcat.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> below is the configuration:
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Server version: Apache Tomcat/8.0.32
>> >>>>>>>>>>>>>> (Ubuntu) Server built:   Jan 24 2020
>> >>>>>>>>>>>>>> 16:24:30 UTC Server number: 8.0.32.0 OS
>> >>>>>>>>>>>>>> Name: Linux OS Version: 4.4.0-1087-aws
>> >>>>>>>>>>>>>> Architecture:   amd64 JVM Version:
>> >>>>>>>>>>>>>> 1.8.0_181-b13 JVM Vendor:     Oracle
>> >>>>>>>>>>>>>> Corporation
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> I use the below command to check the
>> >>>>>>>>>>>>>> file descriptors:
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> watch "sudo ls /proc/`cat
>> >>>>>>>>>>>>>> /var/run/tomcat8.pid`/fd/ | wc -l"
>> >>>>>>>>>>> So you know there is some kind of increase in
>> >>>>>>>>>>> file-handle use, but you don't know what types
>> >>>>>>>>>>> of file handles are increasing, right?
>> >>>>>>>>>>>
>> >>>>>>>>>>> Can you try to find out which kinds of file
>> >>>>>>>>>>> handles are increasing?
>> >>>>>>>>>>>
>> >>>>>>>>>>> I have a sneaking suspicion that it's your
>> >>>>>>>>>>> database connections and not actually files
>> >>>>>>>>>>> open on the disk.
>> >>>>>>>>>>>
>> >>>>>>>>>>> Are you using a database connection pool? If
>> >>>>>>>>>>> not, you should really use one and limit the
>> >>>>>>>>>>> number of connections to something sane. If you
>> >>>>>>>>>>> are using one, are you monitoring it to see how
>> >>>>>>>>>>> many connections are actually being used? Are
>> >>>>>>>>>>> you sure you are using proper resource
>> >>>>>>>>>>> management[1]? Even a single code-path that
>> >>>>>>>>>>> leaks connections can leak them quickly under
>> >>>>>>>>>>> load.
>> >>>>>>>>>>>
>> >>>>>>>>>>>>>> When there an issue related to broken
>> >>>>>>>>>>>>>> files, this value keeps increasing, the
>> >>>>>>>>>>>>>> only way to bring it down is to remove vm
>> >>>>>>>>>>>>>> instance from AWS load balancer.> Which
>> >>>>>>>>>>>>>> version of tomcat should I install ?
>> >>>>>>>>>>> Tomcat 8.0.x hasn't been supported since its
>> >>>>>>>>>>> last release on 29 June 2018. That was 8.0.53.
>> >>>>>>>>>>> Your release is from 8 February 2016 and is
>> >>>>>>>>>>> dangerously out of date (unless you are using
>> >>>>>>>>>>> the Ubuntu-packaged version, in which case I
>> >>>>>>>>>>> hope they kept-up with security patches thee
>> >>>>>>>>>>> past 4 years).
>> >>>>>>>>>>>
>> >>>>>>>>>>> -chris
>> >>>>>>>>>>>
>> >>>>>>>>>>>>>> On Sat, Jun 20, 2020 at 6:28 PM
>> >>>>>>>>>>>>>> Christopher Schultz <
>> >>>>>>>>>>>>>> ch...@christopherschultz.net> wrote:
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Ayub,
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> On 6/19/20 16:46, Ayub Khan wrote:
>> >>>>>>>>>>>>>>>>> tomcat 8.5 broken pipe increases
>> >>>>>>>>>>>>>>>>> open files on ubuntu AWS
>> >>>>>>>>>>>>>> Which exact version of Tomcat 8.5? If
>> >>>>>>>>>>>>>> you aren't running the latest version
>> >>>>>>>>>>>>>> (8.5.56), please upgrade and re-test.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> If there is slow response from db I
>> >>>>>>>>>>>>>>>>> see this stack trace and the open
>> >>>>>>>>>>>>>>>>> files goes high and the only way to
>> >>>>>>>>>>>>>>>>> open files go down is to remove the
>> >>>>>>>>>>>>>>>>> instance from Amazon load
>> >>>>>>>>>>>>>>>>> balancer.
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> Is there a way to keep the open
>> >>>>>>>>>>>>>>>>> files low even when Broken pipe
>> >>>>>>>>>>>>>>>>> error is thrown ?
>> >>>>>>>>>>>>>> What is your evidence that file handles
>> >>>>>>>>>>>>>> are being left open?
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Which file handles are being left open?
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> -chris
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>> -------------------------------------------------------------
>> - ---
>> >
>> >>>>>>>>>>
>> - ---
>> >>>>>
>> >>>>>
>> >>>>>>>>>>
>> > ---------------------------------------------------------------------
>> >>>>>
>> >
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For
>> >>>>> additional commands, e-mail: users-h...@tomcat.apache.org
>> >>>>>
>> >>>>>
>> >>>>
>> >>
>> >> ---------------------------------------------------------------------
>> >>
>> >>
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> >> For additional commands, e-mail: users-h...@tomcat.apache.org
>> >>
>> >>
>> >
>> -----BEGIN PGP SIGNATURE-----
>> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7zgOIACgkQHPApP6U8
>> pFhnWQ//SBTsCR/g8cDgrC+ju6x3BA8kpEmNbA4BP5fY8I7nrDoiegsrZDbRsoWI
>> rNlH3i3pLlonTbbLQN/6AeWItmgM88bupy007cEcNrNivztkOPscmFOmPZP7lNaD
>> JfgXQvTF1q8LFL+R120GGVR+OKM06dZ4rYbWbu+Ju46lYX6q2iVlb+n8XmmPBIPg
>> 9dEE4kXNc+A3ZI+3JxLoWnxnDSxpG2Od2WDwt+dLV0E7XkHJCMKGqtzbPWcUtaUR
>> nh9rywiO4ODk57VbtU426yB6OrNxbwj2OOKpETKVfLpUsdwzvgEZgzbfeUqPpR4p
>> OpIXxjgBeGFhk+ssafvqOMIMI4EO/m/+uttyfQhAh05ozP99NLTZXbDcnY9gFEeY
>> Rk7Z7qnGey3erk83dfR3X56zovuiS6k6vHKLZcp6Js5ta1cQa9D8hOjxcVRaDWlz
>> AeKNEiwuuIo2tfsl2OCAxkoNpl+dooE2aXcvAWbrI7pGXMWwANzEGw4NmIUTOvpS
>> tjR4OqaOKiRo1TN66JZVeol0ZFlaz9InxHTEasHrdn80YJGMIFL7UmR6koZGUE2G
>> 7k0yukOUQCDLCPc3HwCCfOw/rkygLtxKShMEcZDp2gH3AZo0z1AKBDGWyi7XyMKa
>> MO4DkMHhp28aRZ84Dtsyvxh/HuxBt9Vl2hj/oOkBMVbfrIT+3bg=
>> =q6xp
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

Reply via email to