Alexey's questions

Assume we have the following config ($branch is set before this snippet, but it's not related, I guess):

# If the request origin ends in .domain.com
set $allowed_origin "";
if ($http_origin ~* ^(.+\.)?domain\.com$) {
  set $allowed_origin $http_origin;
}

add_header Access-Control-Allow-Origin "$allowed_origin" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Accept, Authorization, Content-Type, Cookie, Some-Custom-Header, Another-Custom-Header, X-And-Another-One" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;

root /var/path/www/$branch/www;
index index.php index.html;
error_page 404 = /notfound.php;

location ~ ^/v\d+/ {
  root /var/path/www/$branch/www;
  try_files $uri_lower $uri_lower/ /some.php?$query_string;
}

location / {
  root /var/path/www/$branch/www;
  try_files $uri_lower $uri_lower/ =404;
}

location ~ \.php$ {
  try_files $uri_lower $uri_lower/ $uri $uri/ =404;
  include fastcgi-params;
}

This works fine (returns 200) for the following request:

OPTIONS https://some.domain.com/v1/graphql HTTP/1.1
Host: some.domain.com
Origin: https://another.domain.com

However, when I just add an empty if (no add_header modifications, just an empty if) into the first location making it:

location ~ ^/v\d+/ {
  if ($http_origin ~* ^(.+\.)?domain\.com$) {
  }
  root /var/path/www/$branch/www;
  try_files $uri_lower $uri_lower/ /some.php?$query_string;
}

it starts responding with

HTTP/1.1 405 Not Allowed

Does anyone know why and how I can add an if condition here. Potentially, I'd like to manipulate headers inside this if setting certain CORS one only for allowed origin.

I'm trying to proxy_pass the whole request coming to my nginx to certain base URL to another upstream server removing server cookie. All other cookies, HTTP headers, the URL itself should be kept as is, sent to the upstream and response passed back to my client.

So far what I have tried is following this guide on nginx forum. Here is how my location directives look like:

set $new_cookie $http_cookie;

if ($http_cookie ~ "(.*)(?:^|;)\s*server=[^;]+(.*)") {
  set $new_cookie $1$2;
}

location  ~ ^/d/application(.*)$ {
  # here we serve this from another container running locally, no proxy_pass
  resolver 127.0.0.11;
  proxy_pass         http://application:8080/d/application$1;
  proxy_redirect     off;
  proxy_set_header   Host $host;
}

location  ~ ^/d/(.*)$ {
  # any other URL NOT starting with /d/application we would like to proxy_pass to another backend and remove server cookie
  resolver 127.0.0.11;
  proxy_pass         https://anotherapp.mydomain.com/d/$1;
  proxy_redirect     off;
  proxy_set_header Cookie $new_cookie;
  proxy_set_header   Host $host;
}

The problem. Now for just one request to /d/somethingelse the logs look like this:

proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 101 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 400 106 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 2020/04/17 09:56:45 [error] 9#0: *10 upstream sent too big header while reading response header from upstream, client: 10.18.6.15, server: , request: "GET /d/somethingelse HTTP/1.1", upstream: "https://10.18.16.1:443/d/somethingelse", host: "anotherapp.mydomain.com"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"
proxy_1        | 10.18.6.15 - - [17/Apr/2020:09:56:45 -0400] "GET /d/somethingelse HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"

UPDATE: adding

      proxy_buffer_size          128k;
      proxy_buffers              4 256k;
      proxy_busy_buffers_size    256k;

to the location with proxy_pass removes the too big header error, but still there are many requests sent to the upstream at the same moment for just one request from the browser

Now I'm struggling with just the forwarding to the upstream host. If I comment out proxy_set_header Cookie $new_cookie; and cookie regexp and setting $new_cookie, I'm still seeing many requests to the upstream.

Added proxy_ssl_verify off; to the second location - still seeing the same issue.

I have an URL like ^/d/something/(.*)$, what I want to do is rewrite it internally, with no permanent or temporary HTTP redirect, so that $_SERVER['REQUEST_URI'] will have just $1 and not the whole ^/d/something/(.*)$. Using nginx.

Here is what I tried:

location /d/something/ {
  rewrite "^/d/something/(.*)$" /$1 last;
}

location / {
    include php-fcgi.conf;
    try_files $uri $uri/ /index.php$args;
}

in the php-fcgi.conf there is fastcgi_param REQUEST_URI $request_uri; and $request_uri remains the same, so when I hit /d/something/something2 symfony reouter, which relies on $_SERVER['REQUEST_URI'] shows /d/something/something2 while I expect it to be just /something2. I assume that's because $request_uri is not changed.

If I replace it with fastcgi_param REQUEST_URI $uri; then $_SERVER['REQUEST_URI'] becomes / , no matter what I send in something2 part, it's always just /. Why is that happening and how can I internally rewrite it to /$1?

Thanks!

UPDATE: here are the contents of php-fcgi.conf:

location ~ \.php {
  include fastcgi_params;
  fastcgi_pass   127.0.0.1:9000;
  fastcgi_read_timeout 60s;
}

Having an AWS EC2 instance in VPC, trying to add a secondary ENI to it. The interface has been successfully added with a security group I'm currently using for my primary instance ENI. Then a new Elastic IP has been added to the above mentioned newly created secondary interface. Private IP address is added and the new elastic IP is mapped to it. So it looks like 50.50.50.50 -> 10.0.120.1 . eth1 secondary interface is up:

eth1      Link encap:Ethernet  HWaddr 02:7e:51:91:9d:ed
          inet addr:10.0.120.1  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::7e:51ff:fe91:9ded/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:274 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:12390 (12.3 KB)  TX bytes:2362 (2.3 KB)

So far so good.

I have a local apache2 instance listening on all interfaces on both 80 and 443 ports. This can be verified by looking at netstat -apn output. Apache is there, really listening on all interfaces:

tcp6       0      0 :::80                   :::*                    LISTEN      13603/apache2

If I try to do telnet 10.0.120.1 80 where 10.0.120.1 is the local IP of the newly added interface, it responds just fine.

If I try, however, the same, but from an external network (my local machine, for example) : telnet 50.50.50.50 80 with tcpdump -i eth1 launched on the instance, it times out and here is what I see in tcpdump output:

21:46:31.907721 IP my.external.ip.61809 > 10.0.120.1.http: Flags [S], seq 3126348761, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0
21:46:34.910779 IP my.external.ip.61809 > 10.0.120.1.http: Flags [S], seq 3126348761, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0
21:46:40.902797 IP my.external.ip.61809 > 10.0.120.1.http: Flags [S], seq 3126348761, win 8192, options [mss 1360,nop,nop,sackOK], length 0
21:47:02.982563 IP my.external.ip.61817 > 10.0.120.1.http: Flags [S], seq 3180271658, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0
21:47:05.984170 IP my.external.ip.61817 > 10.0.120.1.http: Flags [S], seq 3180271658, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0
21:47:11.981669 IP my.external.ip.61817 > 10.0.120.1.http: Flags [S], seq 3180271658, win 8192, options [mss 1360,nop,nop,sackOK], length 0
21:47:14.042766 ARP, Request who-has 10.0.120.1 tell 10.0.0.1, length 42
21:47:15.040646 ARP, Request who-has 10.0.120.1 tell 10.0.0.1, length 42
21:47:16.040884 ARP, Request who-has 10.0.120.1 tell 10.0.0.1, length 42

so the kernel actually receives the incoming packets, which probably means that everything is fine with the security group, at least incoming connection. But apache doesn't receive anything and logs nothing to its access log. At the same time, it responds and works fine with all other vhosts, whose IPs mapped to old primary ENI.

This question started initially as disk space issue, however, we nailed it down to gearman problem. It bombs own logfile with the following message:

  ERROR 2015-10-29 13:05:37.000000 [  main ] accept(Too many open files) -> libgearman-server/gearmand.cc:
788

so that the log file can grow up to 70 Gb in a day. I checked the worker code: we use node-gearman and properly close both mongodb connection and gearman worker process:

db.close();
worker.end();

In the application we close gearman connection as well:

gearman.close();

This question is similar to the other one, but there is no solution except for increasing ulimit restrictions. Even if we increase them, we don't know if we overcome the new ones soon. Need to get the reason of this.

We're running a service that makes screenshots of URL supplied and posts it to our S3 bucket. Similar to manet, but our custom coded nodejs app. We don't store the screenshots on our local hard drive. We store them temporary for resize, then delete. The temp image folder is always empty.

The problem is: disk space is running lower and lower until server restart. For example, now df -h shows:

ubuntu@ip-10-0-1-94:~$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      118G   74G   40G  65% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            7.4G  8.0K  7.4G   1% /dev
tmpfs           1.5G  360K  1.5G   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            7.4G     0  7.4G   0% /run/shm
none            100M     0  100M   0% /run/user

However, du -sh / shows:

root@ip-10-0-1-94:~# du -sh /
du: cannot access ‘/proc/14440’: No such file or directory
du: cannot access ‘/proc/14520/task/14520/fd/4’: No such file or directory
du: cannot access ‘/proc/14520/task/14520/fdinfo/4’: No such file or directory
du: cannot access ‘/proc/14520/fd/4’: No such file or directory
du: cannot access ‘/proc/14520/fdinfo/4’: No such file or directory
du: cannot access ‘/proc/14521’: No such file or directory
7.0G    /

If I do du for all folders in root filesystem, it will sum up to 7 Gb, not 74. If I restart the server, once it's back up again, there will be 7 Gb as it should be, but in 10-12 hours 70+ again and counting.

We're using mongodb as our storage , so I'm assuming it can be it, however, I removed smallfiles config option that I placed earlier. Still the same thing.

Attaching lsof output here and ps aux here

Here is mount output:

ubuntu@ip-10-0-1-94:~$ mount
/dev/xvda1 on / type ext4 (rw,discard)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)

Restarting any of running services, like mongodb or supervisor doesn't change anything. Here is an example:

root@ip-10-0-1-94:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      118G   74G   40G  65% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            7.4G  8.0K  7.4G   1% /dev
tmpfs           1.5G  360K  1.5G   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            7.4G     0  7.4G   0% /run/shm
none            100M     0  100M   0% /run/user
root@ip-10-0-1-94:~# service mongod restart
mongod stop/waiting
mongod start/running, process 31590
root@ip-10-0-1-94:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      118G   74G   40G  65% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            7.4G  8.0K  7.4G   1% /dev
tmpfs           1.5G  360K  1.5G   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            7.4G     0  7.4G   0% /run/shm
none            100M     0  100M   0% /run/user

or supervisor controlling node processes (workers and application) :

root@ip-10-0-1-94:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      118G   74G   40G  65% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            7.4G  8.0K  7.4G   1% /dev
tmpfs           1.5G  360K  1.5G   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            7.4G     0  7.4G   0% /run/shm
none            100M     0  100M   0% /run/user
root@ip-10-0-1-94:~# service supervisor restart
Restarting supervisor: supervisord.
root@ip-10-0-1-94:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      118G   74G   40G  65% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            7.4G  8.0K  7.4G   1% /dev
tmpfs           1.5G  360K  1.5G   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            7.4G     0  7.4G   0% /run/shm
none            100M     0  100M   0% /run/user

UPDATE: as it turns out this happens because of gearman log with tons of

accept(Too many open files) -> libgearman-server/gearmand.cc:851

messages. Even though the file is deleted, it's still open by the gearman processes and therefore the space is not released. This is the proof:

root@ip-10-0-1-94:~# sudo lsof -s | awk '$5 == "REG"' | sort -n -r -k 7,7 | head -n 1
gearmand   4221           gearman    3w      REG              202,1 31748949650     143608 /var/log/gearman-job-server/gearman.log.1 (deleted)

(thanks to @Andrew Henle)

Now the next question is: why does gearman write that to the log. As stated here it's because of too many connections to gearman in TIME_WAIT state However, they are not in TIME_WAIT, they are in ESTABLISHED. Here they are.

If I do strace -p 4221, I'm seeing only this

write(22, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169649, 568914324}) = 0
gettimeofday({1446109467, 793708}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33010), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 874
write(17, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169659, 749954206}) = 0
gettimeofday({1446109477, 974726}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33060), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 875
write(32, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169659, 754505349}) = 0
gettimeofday({1446109477, 979307}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33062), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 876
write(27, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169664, 300399805}) = 0
gettimeofday({1446109482, 525209}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33134), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 877
write(22, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169666, 161035104}) = 0
gettimeofday({1446109484, 385826}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33165), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 878
write(17, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169668, 308112847}) = 0
gettimeofday({1446109486, 532900}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33186), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 879
write(32, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169671, 251265264}) = 0
gettimeofday({1446109489, 476077}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33218), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 880
write(27, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169672, 320483648}) = 0
gettimeofday({1446109490, 545274}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33232), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 881
write(22, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169676, 186686282}) = 0
gettimeofday({1446109494, 411486}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33303), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 882
write(17, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169684, 699748557}) = 0
gettimeofday({1446109502, 924549}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33320), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 883
write(32, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169687, 906830251}) = 0
gettimeofday({1446109506, 131601}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33348), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 884
write(27, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169701, 112588731}) = 0
gettimeofday({1446109519, 337387}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33386), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 885
write(22, "\3", 1)                      = 1
epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169707, 686312787}) = 0
gettimeofday({1446109525, 911113}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33420), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 886
write(17, "\3", 1)                      = 1

each portion of

epoll_wait(6, {{EPOLLIN, {u32=9, u64=9}}}, 32, -1) = 1
clock_gettime(CLOCK_MONOTONIC, {169707, 686312787}) = 0
gettimeofday({1446109525, 911113}, NULL) = 0
accept4(9, {sa_family=AF_INET, sin_port=htons(33420), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 886
write(17, "\3", 1)        

is added every 3-5 seconds. Nothing else for a few minutes.

I have a server with postfix MTA installed that accepts mail for my domain, hereinafter @example.com. I need to setup forwarding for certain [email protected] to other emails . e.g. @gmail.com and this needs to be done using SMTP transport via SES.

I have SES production access and login/password pair, that is active and has IAM permissions, I checked. I have confirmed certain From: address at SES. If I send email with these SMTP username/password directly via SES from a PHP script, everything works fine. This means that the login/password pair and From: are alright.

Now I need to rewrite From: for the emails that are going from outside and need to be forwarded. For example, an email is sent from @gmail.com -> [email protected]. The entry user is set up in virtual_alias_maps and should go to another @gmail.com. In order to rewrite From: header, the following smtp_header_checks is used:

smtp_header_checks = pcre:/etc/postfix/header_checks

the content of /etc/postfix/header_checks is following:

/^From:(.*)/ REPLACE From: "$1" <[email protected]>

[email protected] is confirmed at SES. This is the same email I'm using when testing with PHP script that uses SES directly, i.e. with no header rewrite.

When I send something from @gmail to [email protected], here is what's going on in the logs:

Apr  8 15:04:05 ip-10-191-106-25 postfix/smtpd[32545]: connect from mail-wg0-f42.google.com[74.125.82.42]
Apr  8 15:04:06 ip-10-191-106-25 postfix/smtpd[32545]: 3252A2415D: client=mail-wg0-f42.google.com[74.125.82.42]
Apr  8 15:04:06 ip-10-191-106-25 postfix/cleanup[32550]: 3252A2415D: message-id=<CADLOpCq4ZFR5=xqTNxPO73-tVkF63urLt_9ueGBDrLSggy29MQ@mail.gmail.com>
Apr  8 15:04:06 ip-10-191-106-25 postfix/qmgr[32192]: 3252A2415D: from=<[email protected]>, size=1687, nrcpt=1 (queue active)
Apr  8 15:04:06 ip-10-191-106-25 postfix/smtpd[32545]: disconnect from mail-wg0-f42.google.com[74.125.82.42]
Apr  8 15:04:07 ip-10-191-106-25 postfix/smtp[32551]: 3252A2415D: replace: header From: "User" <[email protected]>: From: " "User" <[email protected]>" <[email protected]>
Apr  8 15:04:07 ip-10-191-106-25 postfix/smtp[32551]: 3252A2415D: to=<[email protected]>, orig_to=<[email protected]>, relay=email-smtp.us-west-2.amazonaws.com[54.149.142.243]:25, delay=1.3, delays=0.22/0.03/0.57/0.43, dsn=5.0.0, status=bounced (host email-smtp.us-west-2.amazonaws.com[54.149.142.243] said: 554 Message rejected: Email address is not verified. (in reply to end of DATA command))
Apr  8 15:04:07 ip-10-191-106-25 postfix/cleanup[32550]: 7FD75243F8: message-id=<[email protected]>
Apr  8 15:04:07 ip-10-191-106-25 postfix/qmgr[32192]: 7FD75243F8: from=<>, size=3700, nrcpt=1 (queue active)
Apr  8 15:04:07 ip-10-191-106-25 postfix/bounce[32552]: 3252A2415D: sender non-delivery notification: 7FD75243F8
Apr  8 15:04:07 ip-10-191-106-25 postfix/qmgr[32192]: 3252A2415D: removed
Apr  8 15:04:08 ip-10-191-106-25 postfix/smtp[32551]: 7FD75243F8: to=<[email protected]>, relay=email-smtp.us-west-2.amazonaws.com[54.69.81.169]:25, delay=0.67, delays=0.01/0/0.59/0.07, dsn=5.0.0, status=bounced (host email-smtp.us-west-2.amazonaws.com[54.69.81.169] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))
Apr  8 15:04:08 ip-10-191-106-25 postfix/qmgr[32192]: 7FD75243F8: removed

That gives me an idea that the From: header was not actually rewritten. However, the line:

Apr  8 15:04:07 ip-10-191-106-25 postfix/smtp[32551]: 3252A2415D: replace: header From: "User" <[email protected]>: From: " "User" <[email protected]>" <[email protected]>

tells us it actually has been.

I realize that I need to view the rewritten whole mail body before it's sent to AWS server, but I have no idea how to debug it.

Here is the main.cf contents:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = example.com, ip-10-191-106-25.ec2.internal, localhost.ec2.internal, localhost, domain2.example.com
relayhost = email-smtp.us-west-2.amazonaws.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = smtp
relay_transport = relay

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtp_header_checks = pcre:/etc/postfix/header_checks

virtual_alias_maps = hash:/etc/postfix/virtual

sender_canonical_maps = hash:/etc/postfix/canonical

#debug_peer_list=email-smtp.us-west-2.amazonaws.com 127.0.0.1
#debug_peer_level=5

I own a t1.micro EC2 instance. After release upgrade of Ubuntu to saucy I got Apache 2.4.6 and I started noticing 100% CPU load like this

top - 19:37:58 up  2:55,  2 users,  load average: 3.90, 2.90, 1.82
Tasks:  95 total,   4 running,  91 sleeping,   0 stopped,   0 zombie
%Cpu(s):  3.9 us,  7.2 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si, 88.9 st
KiB Mem:    629976 total,   588412 used,    41564 free,    39412 buffers
KiB Swap:  2097144 total,        0 used,  2097144 free,   326932 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND
 6688 www-data  20   0  114m  17m  12m R  34.3  2.9   3:07.74 apache2
 6719 www-data  20   0  113m  10m 6052 R  33.3  1.8   3:16.99 apache2
 6721 www-data  20   0  113m 9.8m 5004 R  32.0  1.6   3:04.13 apache2

I decided to install another Apache version from this ppa, so I got 2.4.9 now, but the problem is still there.

What I tried: 1. removed all modules and added only necessary ones. At the moment the loaded ones are:

lrwxrwxrwx  1 root root   36 Apr  9 19:16 access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx  1 root root   28 Apr  9 19:17 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx  1 root root   28 Apr  9 19:17 alias.load -> ../mods-available/alias.load
lrwxrwxrwx  1 root root   33 Apr  9 19:18 authz_core.load -> ../mods-available/authz_core.load
lrwxrwxrwx  1 root root   38 Apr  9 19:18 authz_groupfile.load -> ../mods-available/authz_groupfile.load
lrwxrwxrwx  1 root root   33 Apr  9 19:18 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx  1 root root   33 Apr  9 19:18 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx  1 root root   26 Apr  9 19:18 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx  1 root root   26 Apr  9 19:18 dir.load -> ../mods-available/dir.load
lrwxrwxrwx  1 root root   27 Apr  9 19:19 mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx  1 root root   27 Apr  9 19:19 mime.load -> ../mods-available/mime.load
lrwxrwxrwx  1 root root   34 Apr  9 19:11 mpm_prefork.conf -> ../mods-available/mpm_prefork.conf
lrwxrwxrwx  1 root root   34 Apr  9 19:11 mpm_prefork.load -> ../mods-available/mpm_prefork.load
lrwxrwxrwx  1 root root   27 Apr  9 14:39 php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx  1 root root   27 Apr  9 14:39 php5.load -> ../mods-available/php5.load
lrwxrwxrwx  1 root root   30 Apr  9 19:19 rewrite.load -> ../mods-available/rewrite.load
lrwxrwxrwx  1 root root   29 Apr  9 19:20 status.conf -> ../mods-available/status.conf
lrwxrwxrwx  1 root root   29 Apr  9 19:20 status.load -> ../mods-available/status.load

2. reinstalling Apache to a newer version (see above, I'm on 2.4.9 now and still it is there)

3. stopping and starting the instance (hoping it would get onto another hardware) - no luck

4. The site I'm testing with is WP-based with W3TC plugin installed, I disabled minification of W3TC static files. I decide to do so because I noticed that it stucks sometimes on minified files in status module.

5. upgrading WP to the latest version (3.8.2) - nothing changed

6. Looking now at status module output, I'm seeing that there is no pattern as to what requests are stuck - absolute random. For example: http://pastebin.com/JxLbbzCB - see that POST /wp-admin/admin-ajax.php has been stuck for 62 seconds in W (sending reply), 5-0 request is also in W status for 250 seconds.

All these "W" workers load CPU by 100% and last really long causing EC2 instance to start CPU throttle.

UPDATE: here is strace info for one of hanged processes:

select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999997})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})
send(16, "", 0, MSG_NOSIGNAL)           = 0
select(17, [16], [16], NULL, {1, 0})    = 1 (out [16], left {0, 999998})

and it lasts while the process is not killed

UPDATE: output of ps auxf|grep apache2 :

root@domU-12-31-39-02-26-E9:~# ps auxf|grep apache2
root      2761  0.0  0.1   4168   852 pts/1    S+   19:52   0:00                      \_ grep --color=auto apache2
root      2549  0.0  2.3 115720 15104 ?        Ss   19:50   0:00 /usr/sbin/apache2 -k start
www-data  2554  0.0  0.8 115800  5660 ?        S    19:50   0:00  \_ /usr/sbin/apache2 -k start
www-data  2555  0.2  3.6 117944 22872 ?        S    19:50   0:00  \_ /usr/sbin/apache2 -k start
www-data  2556  0.2  3.7 119252 23360 ?        S    19:50   0:00  \_ /usr/sbin/apache2 -k start
www-data  2557  9.9  1.2 115932  8068 ?        R    19:50   0:14  \_ /usr/sbin/apache2 -k start
www-data  2558  9.7  1.2 115932  8068 ?        R    19:50   0:14  \_ /usr/sbin/apache2 -k start
www-data  2562  0.0  0.8 115800  5660 ?        S    19:50   0:00  \_ /usr/sbin/apache2 -k start
www-data  2564  0.0  0.8 115800  5656 ?        S    19:50   0:00  \_ /usr/sbin/apache2 -k start
www-data  2566 20.7  1.2 115932  8044 ?        R    19:50   0:28  \_ /usr/sbin/apache2 -k start
www-data  2567 35.9  1.2 115932  8072 ?        R    19:50   0:49  \_ /usr/sbin/apache2 -k start
www-data  2568 10.8  1.2 115932  8080 ?        R    19:50   0:14  \_ /usr/sbin/apache2 -k start
www-data  2571  0.0  0.8 115800  5644 ?        S    19:51   0:00  \_ /usr/sbin/apache2 -k start
www-data  2572  0.0  0.8 115800  5644 ?        S    19:51   0:00  \_ /usr/sbin/apache2 -k start
www-data  2573  0.0  0.8 115800  5644 ?        S    19:51   0:00  \_ /usr/sbin/apache2 -k start
www-data  2574  0.0  0.7 115752  4900 ?        S    19:51   0:00  \_ /usr/sbin/apache2 -k start
root@domU-12-31-39-02-26-E9:~#

Output of tail /var/log/apache2/error.log (error logs configured for other vhosts are empty at the moment):

[Mon Apr 21 19:50:22.201343 2014] [:notice] [pid 2552] FastCGI: process manager initialized (pid 2552)
[Mon Apr 21 19:50:22.692477 2014] [mpm_prefork:notice] [pid 2549] AH00163: Apache/2.4.9 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 PHP/5.5.3-1ubuntu2.3 configured -- resuming normal operations
[Mon Apr 21 19:50:22.692580 2014] [core:notice] [pid 2549] AH00094: Command line: '/usr/sbin/apache2'

free -m

             total       used       free     shared    buffers     cached
Mem:           615        596         18          0        217        142
-/+ buffers/cache:        236        378
Swap:         2047         22       2025

df -h

Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        30G   22G  6.1G  79% /
devtmpfs        299M   12K  299M   1% /dev
none             62M  208K   62M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            308M     0  308M   0% /run/shm
none            100M     0  100M   0% /run/user

I'm experiencing a problem described here: http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lots_of_data. If I use defaultroute in peer conf or manually add

route add default dev ppp0 

there are tons of traffic in TX: in ifconfig so perhaps it loops somehow. I'd like to set it up so that I run pon ru and it automatically routes all non-local traffic through ppp0.

Here are my current configs.

1. /etc/ppp/peers/ru:

connect /bin/true
plugin "/usr/local/lib/pppd/2.4.5/pptp.so"
pptp_server ru1.vpn.goldenfrog.com
user "username"
password "password"
noauth
nobsdcomp
nodeflate
remotename ru
ipparam ru
require-mppe-128
usepeerdns
nodefaultroute
persist
mtu 1528
mru 1528

2. ip-up scripts: http://pastebin.com/7d4wAe3a

3. ifplugd scripts: http://pastebin.com/e0NAsthY

4. here is how routing looks like after pon ru :

root@raspberrypi:/home/pi# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 ppp0
192.168.39.81   *               255.255.255.255 UH    0      0        0 ppp0
192.168.178.0   *               255.255.255.0   U     0      0        0 eth0

5. here is ifconfig after pon ru:

root@raspberrypi:/home/pi# ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:19:c2:bb
          inet addr:192.168.178.35  Bcast:192.168.178.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:56356 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54433 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7269518 (6.9 MiB)  TX bytes:8972796 (8.5 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:962 errors:0 dropped:0 overruns:0 frame:0
          TX packets:962 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:83039 (81.0 KiB)  TX bytes:83039 (81.0 KiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:31.6.12.130  P-t-P:192.168.39.81  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9436 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:84 (84.0 B)  TX bytes:13093786 (12.4 MiB)

wlan0     Link encap:Ethernet  HWaddr 00:c0:ca:72:6d:a4
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@raspberrypi:/home/pi# route

eth0 - my internal network interface going into AVM Frtiz!box router. wlan0 is not active at all. See huge numbers in TX in ppp0 which is the problem itself, this 12.4 mb is just a few seconds after the niterface is up.

UPDATE

Here is tcpdump output when I add default route thruogh ppp0: http://pastebin.com/7nUyLAex