Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The BOSH port denies the connection #218

Open
weiweipang opened this issue Mar 21, 2024 · 5 comments
Open

The BOSH port denies the connection #218

weiweipang opened this issue Mar 21, 2024 · 5 comments
Labels
question Further information is requested

Comments

@weiweipang
Copy link

weiweipang commented Mar 21, 2024
edited
Loading

The BOSH port refused the connection after 300 users connected to tigase,Other ports are accessed properly ,Is there an upper limit for connecting the BOSH port

Note: The BOSH port is brokered using nginx

Use the following default Settings

bosh { connections { 5280(){} } seeOtherHost {} }

Details (please complete the following information):

  • Tigase version: [e.g. 8.1.0]
  • JVM flavour and version [e.g. AdoptOpenJDK11]
  • Operating system/distribution/version [e.g. Linux Ubuntu 20.04]
@weiweipang weiweipang added the question Further information is requested label Mar 21, 2024
@hantu85
Copy link
Contributor

hantu85 commented Mar 22, 2024

There is no limit on max number of open connections for Bosh in Tigase (with exception of limits of the server, like CPU or memory).

However, each port of Tigase XMPP Server has a limit on number of connections established in each second. For Bosh that is 1000 new connections per second. However, as each Bosh XMPP stream consists of multiple HTTP connections (each stanza exchange is a separate connection), it might occur that you reached this limit with 300 users connecting very fast or exchanging a lot of data (ie. during XMPP connection establishment).

You could try to raise this limit to 2000 with following configuration:

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

@weiweipang
Copy link
Author

There is no limit on max number of open connections for Bosh in Tigase (with exception of limits of the server, like CPU or memory).

However, each port of Tigase XMPP Server has a limit on number of connections established in each second. For Bosh that is 1000 new connections per second. However, as each Bosh XMPP stream consists of multiple HTTP connections (each stanza exchange is a separate connection), it might occur that you reached this limit with 300 users connecting very fast or exchanging a lot of data (ie. during XMPP connection establishment).

You could try to raise this limit to 2000 with following configuration:

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

The CPU and memory are normal, but the phenomenon is that the BOSH port cannot be accessed for a short period of time, and it will heal itself after a while

@hantu85
Copy link
Contributor

hantu85 commented Mar 29, 2024

What you are describing would suggest that you are hitting throttling limits.

@weiweipang
Copy link
Author

What you are describing would suggest that you are hitting throttling limits.

I raised the limit on the number of connections, but the problem still persists,Does the value of this parameter represent the actual number of connected users?

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

The final configuration is as follows in config-dump.properties,are there any other parameters that need to be adjusted, for example, 'bosh-close-connection' = false


bosh (class: tigase.server.bosh.BoshConnectionManager) {
    'batch-queue-timeout' = 100L
    'bosh-close-connection' = false
    'bosh-extra-headers-file' = 'etc/bosh-extra-headers.txt'
    'bosh-session-close-delay' = 0L
    'client-access-policy-file' = 'etc/client-access-policy.xml'
    compId = 'bosh@zhongfa-im-server-6d478594b9-lssm7'
    'concurrent-requests' = 2
    connectionDelay = 2000L
    'cross-domain-policy-file' = 'etc/cross-domain-policy.xml'
    defHostname = 'zhongfa-im-server-6d478594b9-lssm7'
    'elements-number-limit' = 1000
    'hold-requests' = 1
    ifc = [ '*' ]
    'incoming-filters' = [
        tigase.server.filters.PacketCounter@4cd2e097
    ]
    last_minute_bin_limit = 20971520L
    last_minute_packets_limit = 2500L
    'max-batch-size' = 15
    'max-inactivity' = 10L
    'max-queue-size' = 75161
    'max-session-waiting-packets' = 100
    'max-wait' = 30L
    maxInactivityTime = 600000L
    'min-polling' = 10L
    'net-buffer' = 2048
    'net-buffer-limit' = 2097152
    'outgoing-filters' = [
        tigase.server.filters.PacketCounter@73581c54
    ]
    'packet-delivery-retry-count' = 15
    pipelining = false
    'priority-queue-implementation' = class tigase.util.workqueue.PriorityQueueRelaxed
    'processing-in-threads' = 32
    'processing-out-threads' = 32
    'scheduler-threads' = 2
    'scripts-dir' = 'scripts/admin'
    'send-node-hostname' = true
    'service-connected-timeout' = 60
    'sid-logger-level' = 'OFF'
    total_bin_limit = 0L
    total_packets_limit = 0L
    trafficThrottling = 'xmpp:2500:0:disc,bin:20m:0:disc'
    trusted = null
    'watchdog-delay' = 600000L
    'watchdog-ping-type' = WHITESPACE
    'watchdog-timeout' = 1740000L
    xmppLimitAction = DISCONNECT
    'client-trust-manager-factory' (class: tigase.server.xmppclient.ClientTrustManagerFactory) {
        clientCertCA = null
        clientCertRequired = false
    }
    commands {}
    connections (class: tigase.server.ConnectionManager$PortsConfigBean,
        exportable: true) {
        ports = [ 5280 ]        
        5280 (class: tigase.server.ConnectionManager$PortConfigBean) {
            ifc = null
            'new-connections-throttling' = 3000000L
            socket = plain
            type = accept
        }
    'disco-extensions' {}
    routingComputer (class: tigase.util.routing.RoutingsContainer$SingleMode) {}
    seeOtherHost (class: tigase.server.xmppclient.SeeOtherHost) {
        defaultHost = null
        phases = [
            OPEN
        ]
    }
    sslContextContainer (class: tigase.io.SSLContextContainer) {
        'ephemeral-key-size' = 4096
        'hardened-mode' = secure
        'tls-disable-tls13' = true
        'tls-disabled-ciphers' = null
        'tls-disabled-protocols' = null
        'tls-enabled-ciphers' = [
            'TLS_AES_128_GCM_SHA256',
            'TLS_AES_256_GCM_SHA384',
            'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
            'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384',
            'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',
            'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
            'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA',
            'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
            'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
            'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256',
            'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256',
            'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
            'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA',
            'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
            'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
            'TLS_EMPTY_RENEGOTIATION_INFO_SCSV'
        ]
        'tls-enabled-protocols' = [ 'TLSv1.2', 'TLSv1.1', 'TLSv1' ]
        'tls-jdk-nss-bug-workaround-active' = false
    }
    'stream-error-counter' (class: tigase.server.xmppclient.StreamErrorCounterIOProcessor,
        active: false) {}
    'urn:xmpp:sm:3' (class: tigase.server.xmppclient.StreamManagementIOProcessor) {
        'ack-request-count' = 10
        'ignore-undelivered-presence' = true
        'max-resumption-timeout' = 900
        'resumption-timeout' = 60
    }
}

@hantu85
Copy link
Contributor

hantu85 commented Apr 6, 2024

I raised the limit on the number of connections, but the problem still persists,Does the value of this parameter represent the actual number of connected users?

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

This would set limit of no. of new TCP connections to 2000 per second.

I wonder, as you mentioned that BOSH port is brokered by nginx, are you testing Tigase BOSH directly or with proxy/forwarding over nginx? Because maybe you are hitting some nginx limit?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hantu85 @weiweipang