lordraiden
commented
1 year ago @maxlerebourg so this merge will fix the issue? when the fix will be release more or less?
Closed lordraiden closed 1 year ago
lordraiden
commented
1 year ago @maxlerebourg so this merge will fix the issue? when the fix will be release more or less?
mathieuHa
commented
1 year ago Hi,
We are still looking if that leak can come from the plugin.
Yet we have not observed high usage like 2G for Traefik.
We have Traefik using arround 30M to 200M on our systems with the same setup.
We may release soon a beta version to test if it improves memory usage, we will let you know so you can confirm.
lordraiden
commented
1 year ago @maxlerebourg In the merge I see some changes related with simpleredis. I am using redis in my installation with this configuration, 1st a section of the compose, then a section of my configfile (middleware) Could this be related with the leak? or maybe my leaks are more aggressive because I'm using redis?
## CrowdSec ###################################################
crowdsec:
image: crowdsecurity/crowdsec
container_name: ProxyDMZ-CrowdSec
restart: unless-stopped
networks:
br2:
ipv4_address: 10.10.50.11
dns: 10.10.50.5
ports:
- 8080:8080
#- 6060:6060 # PROMETEUS
volumes:
- /mnt/user/Docker/WebProxyDMZ/CrowdSec/data:/var/lib/crowdsec/data
- /mnt/user/Docker/WebProxyDMZ/CrowdSec:/etc/crowdsec
- /mnt/user/Docker/WebProxyDMZ/Traefik/logs:/var/log/traefik:ro
- /mnt/user/Docker/HomeAssistant:/var/log/homeassistant:ro
environment:
TZ:
COLLECTIONS: "crowdsecurity/traefik crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
#GID: "${GID-1000}"
PUID:
PGID:
CUSTOM_HOSTNAME: CrowdSecDMZ
DISABLE_LOCAL_API: "false" # True Only after successfully registering and validating remote agent below.
labels:
- "com.centurylinklabs.watchtower.enable=true"
## CrowdSec - Redis ###########################################
redis-cs:
image: redis:alpine
container_name: ProxyDMZ-CrowdSec-Redis
restart: unless-stopped
depends_on:
- crowdsec
command: [ "sh", "-c", "exec redis-server --requirepass $REDIS_PASSWORD" ] # redis-cli -a "password" --stat # select 1 # dbsize
networks:
- wp-netredis
dns: 10.10.50.5
volumes:
- /mnt/user/Docker/Nextcloud/redis:/data
environment:
- TZ
labels:
- "com.centurylinklabs.watchtower.enable=true" traefik-csbouncer:
plugin:
crowdsec-bouncer-traefik-plugin:
enabled: true
logLevel: INFO
updateIntervalSeconds: 30 # stream mode only
#defaultDecisionSeconds: 60 # live mode only
crowdsecMode: stream
crowdsecLapiKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa# Api key for 'traefik'
crowdsecLapiHost: 10.10.50.11:8080
crowdsecLapiScheme: http
crowdsecLapiTLSInsecureVerify: false
#forwardedHeadersTrustedIPs: # List of IPs of trusted Proxies that are in front of traefik (ex: Cloudflare)
clientTrustedIPs:
- 10.10.10.1/24
forwardedHeadersCustomName: X-Forwarded-For
redisCacheEnabled: true
redisCacheHost: redis-cs:6379
redisCachePassword: teaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
redisCacheDatabase: 1
We've released version v1.1.13-beta-fix-104.
Can you look to see if that works better ?
Yes, @maxlerebourg has changed something in the simple redis dependancy and believe it help reduce a bit the memory usage of Traefik.
however we haven't finished testing completely this new version.
lordraiden
commented
1 year ago I'm running now the new version, and restarted everything, I will keep you posted in the following days
experimental:
plugins:
crowdsec-bouncer-traefik-plugin:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.1.13-beta-fix-104"Thanks
lordraiden
commented
1 year ago For now seems stable 4 days uptime 68Mb, so this probably fixed it.
mathieuHa
commented
1 year ago Thanks for the feedback, I will release a new version without the beta suffix.
I will close this for now, please don't hesitate to reopen if you observe the issue again
The issue is described in detail here
https://github.com/traefik/traefik/issues/9959
If you require any other information I will post it here.
Thanks