search

flomesh-io / ztm

ZTM (Zero Trust Mesh) is privacy first, open source, decentralized network software, based on HTTP/2 tunnel. Boundless connectivity. Mesh the world!
Apache License 2.0
266 stars 21 forks source link

If the agent fails to connect to the hub via nginx, the server will cause excessive memory usage. #35

Closed wujian0327 closed 4 days ago

wujian0327 commented 4 days ago

ztm version: v0.0.4 image

os: image

step:

  1. sudo ./ztm start ca

  2. sudo ./ztm start hub

  3. ./ztm invite root --bootstrap http://34.84.172.121/hub/ > permit.json (http://34.84.172.121/hub/ is nginx reverse proxy to hub) image

  4. sudo ./ztm start agent

  5. open the agent website and join the hub image image

  6. Wait five minutes, the server's memory will be used up and cause a crash image

naqvis commented 4 days ago

Thanks for bringing up this issue. Few questions to get a better understanding of the scenario:

  1. Issue is observed only when Hub is behind a reverse proxy (Nginx in this case)?
  2. Attempting to connect an agent to this hub causes huge memory consumption on hub? what behavior of agent is observed? i.e. do you observe similar high RAM consumption behavior on agent as well?
  3. Are you able to get the agent connected to hub successfully?
wujian0327 commented 4 days ago

Thanks for bringing up this issue. Few questions to get a better understanding of the scenario:

  1. Issue is observed only when Hub is behind a reverse proxy (Nginx in this case)?
  2. Attempting to connect an agent to this hub causes huge memory consumption on hub? what behavior of agent is observed? i.e. do you observe similar high RAM consumption behavior on agent as well?
  3. Are you able to get the agent connected to hub successfully?
  1. yes, Hub is behind Nginx, here is Nginx config. The hub is listening on port 8888.
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost;

     location ~ /agent/ {
          proxy_pass  http://127.0.0.1:7777;
         }

         location ~ /relay/ {
           proxy_pass  http://127.0.0.1:8001;
          }

          location ~ /proxy/ {
              proxy_pass  http://127.0.0.1:8887;
          }
      location ~/hub/ {
              proxy_pass  http://127.0.0.1:8888;
         }

 }
}

  1. I think it's the agent that's taking up too much resources, not the hub. Here are some logs from agent: image

  2. The agent failed to connect to the hub.

  3. I found that it was normal to go through http://34.84.172.121:8888, but it was not successful to go through http://34.84.172.121/hub/

you can try this permit file

permit2.json

naqvis commented 4 days ago

Thanks for the clarification. Please note that:

wujian0327 commented 4 days ago

Thank you for your instructions, I will use the hub as suggested.