View Issue Details

IDProjectCategoryView StatusLast Update
0007462Talerlibeufin (general)public2023-12-22 14:30
ReporterMS Assigned ToAntoine A  
PrioritynormalSeveritytweakReproducibilityhave not tried
Status assignedResolutionopen 
Target Versionpost-1.0 
Summary0007462: HTTP traffic on Unix domain socket fails due to wrong file permissions.
DescriptionThis was observed when Nginx tried to use the Unix domain socket opened by LibEuFin:

11:42:34.310 [main] DEBUG tech.libeufin.util - Listening on /home/demo/sockets/bank.http ..
16:08:56.861 [epollEventLoopGroup-3-1] INFO ktor.test - Autoreload is disabled because the development mode is off.
16:08:56.868 [epollEventLoopGroup-3-1] INFO ktor.test - Application started in 0.057 seconds.
16:08:57.142 [DefaultDispatcher-worker-1] DEBUG tech.libeufin.sandbox - 404 Not Found, GET /bad-request - thread (id/name/group): 23/DefaultDispatcher-worker-1/main
16:08:57.149 [epollEventLoopGroup-3-1] DEBUG tech.libeufin.sandbox - Application stopping: io.ktor.application.Application@3b430b91
16:08:57.149 [epollEventLoopGroup-3-1] DEBUG tech.libeufin.sandbox - Application stopped: io.ktor.application.Application@3b430b91
16:08:57.158 [epollEventLoopGroup-3-1] WARN i.n.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.lang.NullPointerException: null
    at io.netty.buffer.Unpooled.wrappedBuffer(Unpooled.java:156)
    at LibeufinHttpHandler$channelRead0$1.invoke(UnixDomainSocket.kt:108)
    at LibeufinHttpHandler$channelRead0$1.invoke(UnixDomainSocket.kt:72)
    at io.ktor.server.testing.TestEngineKt$withTestApplication$1.invoke(TestEngine.kt:68)
    at io.ktor.server.testing.TestEngineKt$withTestApplication$1.invoke(TestEngine.kt:66)
    at io.ktor.server.testing.TestEngineKt.withApplication(TestEngine.kt:49)
    at io.ktor.server.testing.TestEngineKt.withApplication$default(TestEngine.kt:41)
    at io.ktor.server.testing.TestEngineKt.withTestApplication(TestEngine.kt:66)
    at LibeufinHttpHandler.channelRead0(UnixDomainSocket.kt:72)
    at LibeufinHttpHandler.channelRead0(UnixDomainSocket.kt:67)
    at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)
    at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296)
    at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:280)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
    at io.netty.channel.epoll.EpollDomainSocketChannel$EpollDomainUnsafe.epollInReady(EpollDomainSocketChannel.java:138)
    at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480)
    at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:829)

TagsNo tags attached.

Relationships

related to 0007726 assigneddvn sandcastle should run services on unix domain sockets instead of ports 

Activities

MS

2023-09-25 12:08

reporter   ~0020543

The following file should be checked to address this problem:
https://git.taler.net/libeufin.git/tree/util/src/main/kotlin/UnixDomainSocket.kt?id=f5e670cc0bb8dc8424eb1aa891fc0161064395ca

In particular, the Unix domain socket open to accept HTTP traffic seems to lack the group permission to let Nginx use it.

Christian Grothoff

2023-11-03 10:21

manager   ~0020618

Our C HTTP servers have a configuration option for this:
[merchant]
UNIXPATH_MODE = 660

Something equivalent should be implemented for libeufin-bank, simply setting the permissions based on that configuration option.

Issue History

Date Modified Username Field Change
2022-11-16 10:31 MS New Issue
2023-01-08 11:32 Christian Grothoff Target Version => 0.9.4
2023-03-19 09:08 MS Relationship added related to 0007726
2023-04-13 20:26 Florian Dold Project libeufin => Taler
2023-04-13 21:47 Florian Dold Category other => libeufin (general)
2023-09-23 15:47 Christian Grothoff Target Version 0.9.4 => 0.9.6
2023-09-25 12:08 MS Note Added: 0020543
2023-09-25 12:09 MS Summary Unix domain sockets fails. => HTTP traffic on Unix domain socket fails due to wrong file permissions.
2023-09-25 12:09 MS Description Updated
2023-10-13 09:07 Christian Grothoff Severity minor => tweak
2023-11-03 10:21 Christian Grothoff Note Added: 0020618
2023-11-03 10:22 Christian Grothoff Assigned To => Antoine A
2023-11-03 10:22 Christian Grothoff Status new => assigned
2023-12-22 14:30 Christian Grothoff Target Version 0.9.6 => post-1.0