memory leak maybe? Has anyone noticed this?
-
Pre-Attempted solution
Not sure what exactly is going on .. but the site is fine .. until an hour or two (after a fresh restart) . then it becomes so slow, and im talking 20s-30s per request, until I
forever restart {nodebb-proccess}then it immediately becomes fast again. I am not restartingnginxnorredisjust the nodebb process.No obvious errors in the logs, except for some of these here
Temp Solution
crontab -e0 */1 * * * forever restartallAttempted Permanent Solution
so what I did so far was upgrading express version in
package.jsonper @julian's suggestion"dependencies": { ... "express": "~3.4.7", ...Post-Attempted Permanent solution
No crashes yet. And I shut off the crontab for now maybe I can either reproduce the issue, or figure out if it's fixed
I will feedback with results soon.BUT I'm still seeing some of these Forbidden errors in the logs
Error: Forbidden at Object.exports.error (/var/www/forums.afraidtoask.com/NodeBB/node_modules/express/node_modules/connect/lib/utils.js:63:13) at createToken (/var/www/forums.afraidtoask.com/NodeBB/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55) at Object.handle (/var/www/forums.afraidtoask.com/NodeBB/node_modules/express/node_modules/connect/lib/middleware/csrf.js:48:24) at next (/var/www/forums.afraidtoask.com/NodeBB/node_modules/express/node_modules/connect/lib/proto.js:193:15) at next (/var/www/forums.afraidtoask.com/NodeBB/node_modules/express/node_modules/connect/lib/middleware/session.js:315:9) at /var/www/forums.afraidtoask.com/NodeBB/node_modules/express/node_modules/connect/lib/middleware/session.js:339:9 at /var/www/forums.afraidtoask.com/NodeBB/node_modules/connect-redis/lib/connect-redis.js:102:14 at try_callback (/var/www/forums.afraidtoask.com/NodeBB/node_modules/redis/index.js:532:9) at RedisClient.return_reply (/var/www/forums.afraidtoask.com/NodeBB/node_modules/redis/index.js:614:13) at HiredisReplyParser.<anonymous> (/var/www/forums.afraidtoask.com/NodeBB/node_modules/redis/index.js:266:14)What's next
if the issue reoccurs, i will try to monitor the heap, or use some tool to detect memory leaks.. but I am not even sure that's why the forum gets so slow after a while.
Worth Noting
# some things are getting deprecated in Express and Connect .... connect.multipart() will be removed in connect 3.0 visit https://github.com/senchalabs/connect/wiki/Connect-3.0 for alternatives connect.limit() will be removed in connect 3.0 .... # and now my logs are spammed with hundreds of these. # so NodeBB will need a quick patch if the Express module gets upgraded req.session._csrf is deprecated, use req.csrfToken() instead req.session._csrf is deprecated, use req.csrfToken() instead req.session._csrf is deprecated, use req.csrfToken() instead -
I upgraded my dev to express 3.4.7 and changed
res.locals.csrf_token = req.session._csrf;to
res.locals.csrf_token = req.csrfToken()But still getting the warnings about req.session._csrf.
Only removing
app.use(express.csrf());gets rid of them. Weird.Undocumented: `req.csrfToken()` 路 Issue #1741 路 expressjs/express
With the latest express, I get the message "req.session._csrf is deprecated, use req.csrfToken([callback]) instead". However, I can't seem to find any documentation on this method on either of the docs sites for express or connect. Perha...
GitHub (github.com)
-
This whole CSRF business is getting silly. The thing I hate is that the connect and express docs are horribly out of date (not to mention sparse to begin with).
In fact, they changed the CSRF token stuff, but they hadn't updated the docs, and now they're changing the CSRF stuff again, but the docs are still old.
This is sort of a showstopper we'll have to resolve before 0.3.0 lands
