View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007462 | Taler | libeufin (general) | public | 2022-11-16 10:31 | 2023-12-22 14:30 |
| Reporter | MS | Assigned To | Antoine A | ||
| Priority | normal | Severity | tweak | Reproducibility | have not tried |
| Status | assigned | Resolution | open | ||
| Target Version | post-1.0 | ||||
| Summary | 0007462: HTTP traffic on Unix domain socket fails due to wrong file permissions. | ||||
| Description | This was observed when Nginx tried to use the Unix domain socket opened by LibEuFin: 11:42:34.310 [main] DEBUG tech.libeufin.util - Listening on /home/demo/sockets/bank.http .. 16:08:56.861 [epollEventLoopGroup-3-1] INFO ktor.test - Autoreload is disabled because the development mode is off. 16:08:56.868 [epollEventLoopGroup-3-1] INFO ktor.test - Application started in 0.057 seconds. 16:08:57.142 [DefaultDispatcher-worker-1] DEBUG tech.libeufin.sandbox - 404 Not Found, GET /bad-request - thread (id/name/group): 23/DefaultDispatcher-worker-1/main 16:08:57.149 [epollEventLoopGroup-3-1] DEBUG tech.libeufin.sandbox - Application stopping: io.ktor.application.Application@3b430b91 16:08:57.149 [epollEventLoopGroup-3-1] DEBUG tech.libeufin.sandbox - Application stopped: io.ktor.application.Application@3b430b91 16:08:57.158 [epollEventLoopGroup-3-1] WARN i.n.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception. java.lang.NullPointerException: null at io.netty.buffer.Unpooled.wrappedBuffer(Unpooled.java:156) at LibeufinHttpHandler$channelRead0$1.invoke(UnixDomainSocket.kt:108) at LibeufinHttpHandler$channelRead0$1.invoke(UnixDomainSocket.kt:72) at io.ktor.server.testing.TestEngineKt$withTestApplication$1.invoke(TestEngine.kt:68) at io.ktor.server.testing.TestEngineKt$withTestApplication$1.invoke(TestEngine.kt:66) at io.ktor.server.testing.TestEngineKt.withApplication(TestEngine.kt:49) at io.ktor.server.testing.TestEngineKt.withApplication$default(TestEngine.kt:41) at io.ktor.server.testing.TestEngineKt.withTestApplication(TestEngine.kt:66) at LibeufinHttpHandler.channelRead0(UnixDomainSocket.kt:72) at LibeufinHttpHandler.channelRead0(UnixDomainSocket.kt:67) at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296) at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:280) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) at io.netty.channel.epoll.EpollDomainSocketChannel$EpollDomainUnsafe.epollInReady(EpollDomainSocketChannel.java:138) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:829) | ||||
| Tags | No tags attached. | ||||
|
|
The following file should be checked to address this problem: https://git.taler.net/libeufin.git/tree/util/src/main/kotlin/UnixDomainSocket.kt?id=f5e670cc0bb8dc8424eb1aa891fc0161064395ca In particular, the Unix domain socket open to accept HTTP traffic seems to lack the group permission to let Nginx use it. |
|
|
Our C HTTP servers have a configuration option for this: [merchant] UNIXPATH_MODE = 660 Something equivalent should be implemented for libeufin-bank, simply setting the permissions based on that configuration option. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-16 10:31 | MS | New Issue | |
| 2023-01-08 11:32 | Christian Grothoff | Target Version | => 0.9.4 |
| 2023-03-19 09:08 | MS | Relationship added | related to 0007726 |
| 2023-04-13 20:26 | Florian Dold | Project | libeufin => Taler |
| 2023-04-13 21:47 | Florian Dold | Category | other => libeufin (general) |
| 2023-09-23 15:47 | Christian Grothoff | Target Version | 0.9.4 => 0.11 |
| 2023-09-25 12:08 | MS | Note Added: 0020543 | |
| 2023-09-25 12:09 | MS | Summary | Unix domain sockets fails. => HTTP traffic on Unix domain socket fails due to wrong file permissions. |
| 2023-09-25 12:09 | MS | Description Updated | |
| 2023-10-13 09:07 | Christian Grothoff | Severity | minor => tweak |
| 2023-11-03 10:21 | Christian Grothoff | Note Added: 0020618 | |
| 2023-11-03 10:22 | Christian Grothoff | Assigned To | => Antoine A |
| 2023-11-03 10:22 | Christian Grothoff | Status | new => assigned |
| 2023-12-22 14:30 | Christian Grothoff | Target Version | 0.11 => post-1.0 |
