WildFly 8.0.0.Final still leaking sockets with HTTPS?
shuminli Feb 23, 2014 10:02 PMThe issue I am about to report is very similar to Is WildFly leaking sockets when behind an HTTP proxy like nginx or lighttpd?. The difference is that was for HTTP, instead of HTTPS. Bernd Nigmann reported HTTPS was fixed, but HTTPS socket leaking is still happening.
The OS is "Red Hat Enterprise Linux Server release 6.5 (Santiago)". JDK is "Java(TM) SE Runtime Environment (build 1.7.0_45-b18)". WildFly is "wildfly-8.0.0.Final".
Here are the steps to reproduce the issue.
1. Install wildfly-8.0.0.Final. Everything in the subsequent steps assume the path relative to the installation.
2. Generate a self-signed certificate using Java's keytool following "Pure Java SSL-Setup using keytool" at "SSL setup guide - WildFly 8 - Project Documentation Editor". You have to use a real host name etc. For example, "foo.acme.com" is used as the name; "foo" as alias, "secret" as the password, "foo.keystore" as the keystore as in the document. Save foo.keystore to standalone/configuration/
3. Modify standalone/configuration/standalone.xml by adding following to the end of inside server/management/security-realms/
<security-realm name="UndertowRealm"> | |
<server-identities> | |
<ssl protocol="TLSv1"> | |
<keystore path="foo.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="longus" key-password="secret"/> | |
</ssl> | |
</server-identities> | |
</security-realm> |
4. Modify standalone/configuration/standalone.xml by adding following after server/profile/<subsystem xmlns="urn:jboss:domain:undertow:1.0">/server/http-listener
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
5. Start WildFly
./bin/standalone.sh -b 0.0.0.0 -Djboss.bind.address.management=0.0.0.0
Here is the output
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/local/wf
JAVA: java
JAVA_OPTS: -server -XX:+UseCompressedOops -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
=========================================================================
21:24:36,897 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.0.Final
21:24:37,380 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.0.Final
21:24:37,525 INFO [org.jboss.as] (MSC service thread 1-4) JBAS015899: WildFly 8.0.0.Final "WildFly" starting
21:24:39,408 INFO [org.jboss.as.server] (Controller Boot Thread) JBAS015888: Creating http management service using socket-binding (management-http)
21:24:39,435 INFO [org.xnio] (MSC service thread 1-1) XNIO version 3.2.0.Final
21:24:39,448 INFO [org.xnio.nio] (MSC service thread 1-1) XNIO NIO Implementation Version 3.2.0.Final
21:24:39,525 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 33) JBAS010280: Activating Infinispan subsystem.
21:24:39,581 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 41) JBAS011800: Activating Naming Subsystem
21:24:39,598 INFO [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 4.0.0.Final
21:24:39,616 INFO [org.jboss.as.security] (ServerService Thread Pool -- 46) JBAS013171: Activating Security Subsystem
21:24:39,617 INFO [org.jboss.as.connector.logging] (MSC service thread 1-3) JBAS010408: Starting JCA Subsystem (IronJacamar 1.1.3.Final)
21:24:39,654 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 28) JBAS010403: Deploying JDBC-compliant driver class org.h2.Driver (version 1.3)
21:24:39,662 INFO [org.jboss.as.jsf] (ServerService Thread Pool -- 39) JBAS012615: Activated the following JSF Implementations: [main]
21:24:39,683 INFO [org.jboss.as.webservices] (ServerService Thread Pool -- 50) JBAS015537: Activating WebServices Extension
21:24:39,742 INFO [org.jboss.as.security] (MSC service thread 1-2) JBAS013170: Current PicketBox version=4.0.20.Final
21:24:39,752 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 49) JBAS017502: Undertow 1.0.0.Final starting
21:24:39,760 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-4) JBAS010417: Started Driver service with driver-name = h2
21:24:39,776 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) JBAS017502: Undertow 1.0.0.Final starting
21:24:39,856 INFO [org.jboss.as.naming] (MSC service thread 1-4) JBAS011802: Starting Naming Service
21:24:39,858 INFO [org.jboss.as.mail.extension] (MSC service thread 1-3) JBAS015400: Bound mail session [java:jboss/mail/Default]
21:24:40,487 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 49) JBAS017527: Creating file handler for path /opt/local/wf/welcome-content
21:24:40,543 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) JBAS017525: Started server default-server.
21:24:40,570 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) JBAS017531: Host default-host starting
21:24:40,845 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) JBAS017519: Undertow HTTP listener default listening on /0.0.0.0:8080
21:24:41,366 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) JBAS015012: Started FileSystemDeploymentService for directory /opt/local/wf/standalone/deployments
21:24:41,383 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:jboss/datasources/ExampleDS]
21:24:41,658 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) JBAS017519: Undertow HTTPS listener https listening on /0.0.0.0:8443
21:24:41,934 INFO [org.jboss.ws.common.management] (MSC service thread 1-2) JBWS022052: Starting JBoss Web Services - Stack CXF Server 4.2.3.Final
21:24:42,015 INFO [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://0.0.0.0:9990/management
21:24:42,015 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://0.0.0.0:9990
21:24:42,016 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: WildFly 8.0.0.Final "WildFly" started in 5681ms - Started 188 of 237 services (82 services are lazy, passive or on-demand)
6. Open another terminal and execute following curl to get the home page.
curl -k https://foo.acme.com:8443
or
curl -k https://localhost:8443
7. use lsof to see the leaking sockets. Here is the result after 3 curl access to home page. Each access generates one leaking socket.
sudo lsof -u jboss|grep java |grep "identify protocol"
java 23509 jboss 316u sock 0,6 0t0 2610197115 can't identify protocol
java 23509 jboss 317u sock 0,6 0t0 2610197269 can't identify protocol
java 23509 jboss 318u sock 0,6 0t0 2610197336 can't identify protocol
Please help to resolve the issue. Thank you!