binhex / arch-privoxyvpn

Docker build script for Arch Linux base with Privoxy and OpenVPN
GNU General Public License v3.0
113 stars 25 forks source link

Maximum Number of Connections Reached #29

Closed Enuratique closed 1 year ago

Enuratique commented 1 year ago

With debug logs enabled, everything looks good from the log output. I am authenticated, DNS resolutions to Google are working etc.

When I try to use curl on the node itself (or within python Requests) I get a 503 too many connections reached error:

curl http://ipinfo.io -x http://localhost:8123 Maximum number of open connections reached.

Nothing is using the proxy in code or otherwise, so not sure where the maximum connections are being reached from

EDIT:

Enabling more verbose logging in privoxy's config file, this is the output of the privoxy log file when I try to run that curl command above:

2023-11-06 09:17:25.886 7f8f152b8b80 Info: Privoxy version 3.0.34 2023-11-06 09:17:25.886 7f8f152b8b80 Info: Program name: /usr/bin/privoxy 2023-11-06 09:17:25.886 7f8f152b8b80 Info: Loading filter file: /config/privoxy/default.filter 2023-11-06 09:17:25.891 7f8f152b8b80 Info: Loading filter file: /config/privoxy/user.filter 2023-11-06 09:17:25.891 7f8f152b8b80 Info: Loading actions file: /config/privoxy/match-all.action 2023-11-06 09:17:25.892 7f8f152b8b80 Info: Loading actions file: /config/privoxy/default.action 2023-11-06 09:17:25.894 7f8f152b8b80 Info: Loading actions file: /config/privoxy/user.action 2023-11-06 09:17:25.894 7f8f152b8b80 Info: Listening on port 8118 on all IP addresses 2023-11-06 09:18:12.649 7f8f152b8b80 Error: Unable to take any additional connections: Operation not permitted. Active threads: 0

Enuratique commented 1 year ago

This apparently is caused by using older versions of docker. After much debugging, apparently glibc added a clone3 wrapper for creating new threads that older versions of docker don't know about and the default security policy is to block unknown methods... The quick and dirty method is to tell docker to ignore those and allow unknown calls as a parameter to the docker run command:

--security-opt seccomp=unconfined

That is not a great solution... Better solution is to upgrade to a later version of docker... But for now I am unblocked and it looks like it is working.

More info here (which made the lightbulb click): https://medium.com/nttlabs/ubuntu-21-10-and-fedora-35-do-not-work-on-docker-20-10-9-1cd439d9921