'Secure connection truncated' during long updates
66 views
Skip to first unread message
Christian Keydel
Jan 10, 2019, 11:56:52 AM1/10/19
to scmmanager
Whenever an svn update procedure takes very long, after between 8-15 minutes I always receive this error in TSVN:
Error REPORT of '/scm/svn/XXXXXX/!svn/vcc/default': Could not read chunk size: Error Secure connection truncated (https://mydomain.com) Completed!
Even though it says "completed", the update is of course not complete and I have to repeat the update a number of times until it finally succeeds. The server otherwise seems to work fine and stable and other than using SSL with a self-signed certificate for the server the configuration is pretty standard. Is there any configuration setting that could cause this to happen?
Christian Keydel
Jan 15, 2019, 7:02:23 AM1/15/19
to scmmanager
Update: It looks like I am hit by this problem:
http://subversion.apache.org/faq.html#secure-connection-truncated
It says: One workaround for this situation is to increase the amount of time Apache is willing to wait for a client to prove it is still listening to the network stream. You do this by adjusting upward the Apache Timeout configuration value.
In scm-manager, is there an equivalent timeout setting in the server configuration? Alternatively, where is it set in code?
http://subversion.apache.org/faq.html#secure-connection-truncated
It says: One workaround for this situation is to increase the amount of time Apache is willing to wait for a client to prove it is still listening to the network stream. You do this by adjusting upward the Apache Timeout configuration value.
In scm-manager, is there an equivalent timeout setting in the server configuration? Alternatively, where is it set in code?
Sebastian Sdorra
Jan 24, 2019, 3:29:59 PM1/24/19
to scmma...@googlegroups.com
Could you describe your setup? Do you use a reverse proxy like nginx or apache? How do you do ssl termination?
Sebastian
--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tab10id
Jan 24, 2019, 3:43:25 PM1/24/19
to scmma...@googlegroups.com
I've got similar errors even without ssl and reverse proxy. It's appear only on big repositories >25G
чт, 24 янв. 2019 г., 23:30 Sebastian Sdorra s.sd...@gmail.com:
Sebastian Sdorra
Jan 24, 2019, 4:05:22 PM1/24/19
to scmma...@googlegroups.com
Does the repository contain a lot of small files or large files? Does the timeout occur always on the same file?
Sebastian
Tab10id
Jan 24, 2019, 4:36:58 PM1/24/19
to scmma...@googlegroups.com
it doesn't happen all the time. Repository have both big files and many small files. Not sure but think that it happened because of small files (download speed is low down on small files).
пт, 25 янв. 2019 г., 0:05 Sebastian Sdorra s.sd...@gmail.com:
Дмитрий Лисичкин
Jan 25, 2019, 3:58:30 AM1/25/19
to scmmanager
Also I'm not sure that there is only one issue, last error that i've got looks like this:
REPORT of '/scm/svn/xxxxx/!svn/vcc/default': 200 OK
(http://localnetwork:9001)And problem is apear much more often with reverse proxy.
With nginx and slow client we have stable reproducing of this problem.
We tryed to fix this with "proxy_max_temp_file_size 0" in nginx but bug was still reproduceable (rare).
Maybe we had different problem after this.
I tryed to fix jetty timeouts but it does not work very well (maybe I did it wrong because i'm not from java world)
After all we completely disable nginx buffering (proxy_buffering off) but problem is still there.
it doesn't happen all the time. Repository have both big files and many small files. Not sure but think that it happened because of small files (download speed is low down on small files).
пт, 25 янв. 2019 г., 0:05 Sebastian Sdorra s.sd...@gmail.com:
Does the repository contain a lot of small files or large files? Does the timeout occur always on the same file?Sebastian
Am Do., 24. Jan. 2019 um 21:43 Uhr schrieb Tab10id <tabloid...@gmail.com>:
I've got similar errors even without ssl and reverse proxy. It's appear only on big repositories >25G
чт, 24 янв. 2019 г., 23:30 Sebastian Sdorra s.sd...@gmail.com:
Could you describe your setup? Do you use a reverse proxy like nginx or apache? How do you do ssl termination?Sebastian
Am Di., 15. Jan. 2019 um 13:02 Uhr schrieb Christian Keydel <christia...@gmail.com>:
Update: It looks like I am hit by this problem:--
http://subversion.apache.org/faq.html#secure-connection-truncated
It says: One workaround for this situation is to increase the amount of time Apache is willing to wait for a client to prove it is still listening to the network stream. You do this by adjusting upward the Apache Timeout configuration value.
In scm-manager, is there an equivalent timeout setting in the server configuration? Alternatively, where is it set in code?
On Thursday, January 10, 2019 at 5:56:52 PM UTC+1, Christian Keydel wrote:Whenever an svn update procedure takes very long, after between 8-15 minutes I always receive this error in TSVN:
Error REPORT of '/scm/svn/XXXXXX/!svn/vcc/default': Could not read chunk size: Error Secure connection truncated (https://mydomain.com) Completed!
Even though it says "completed", the update is of course not complete and I have to repeat the update a number of times until it finally succeeds. The server otherwise seems to work fine and stable and other than using SSL with a self-signed certificate for the server the configuration is pretty standard. Is there any configuration setting that could cause this to happen?
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+unsubscribe@googlegroups.com.
Christian Keydel
Jan 25, 2019, 4:22:43 AM1/25/19
to scmmanager
I'll answer to all questions here:
1. No reverse proxy, the server is directly connected to the Internet. In /opt/scm-server/conf/server-config.xml, I have added the following connector to use SSL with a self-signed certificate:
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>SSLv2Hello</Item>
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="Port">443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="requestHeaderSize">16384</Set>
<Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore_mine.jks</Set>
<Set name="password">**********</Set>
<Set name="keyPassword">*********</Set>
<Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore_mine.jks</Set>
<Set name="trustPassword">********</Set>
</New>
</Arg>
</Call>
2. The problem only appears in repositories that are larget (>1G) with lots of small files.
3. The timeout does never happen on the exact same file. I can normally clean-up, then repeat the procedure and it will continue where I left off, so eventually I will get through.
1. No reverse proxy, the server is directly connected to the Internet. In /opt/scm-server/conf/server-config.xml, I have added the following connector to use SSL with a self-signed certificate:
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>SSLv2Hello</Item>
<Item>SSLv3</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="Port">443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="requestHeaderSize">16384</Set>
<Set name="keystore"><SystemProperty name="basedir" default="." />/conf/keystore_mine.jks</Set>
<Set name="password">**********</Set>
<Set name="keyPassword">*********</Set>
<Set name="truststore"><SystemProperty name="basedir" default="." />/conf/keystore_mine.jks</Set>
<Set name="trustPassword">********</Set>
</New>
</Arg>
</Call>
2. The problem only appears in repositories that are larget (>1G) with lots of small files.
3. The timeout does never happen on the exact same file. I can normally clean-up, then repeat the procedure and it will continue where I left off, so eventually I will get through.
Message has been deleted
Christian Keydel
Jan 25, 2019, 7:43:37 AM1/25/19
to scmmanager
Update: Just increased the max. idle time to
<Set name="maxIdleTime">120000</Set>
and this seems to have fixed the issues.On Thursday, January 24, 2019 at 9:29:59 PM UTC+1, Sebastian Sdorra wrote:
Дмитрий Лисичкин
Feb 15, 2019, 1:25:01 AM2/15/19
to scmmanager
Still have "REPORT of '/scm/svn/xxxxx/!svn/vcc/default': 200 OK" after this. Can someone help me to debug this? I still not sure that it is not a different issue.пятница, 25 января 2019 г., 15:43:37 UTC+3 пользователь Christian Keydel написал:
Reply all
Reply to author
Forward
0 new messages