gnutls_handshake() failed: The TLS connection was non-properly terminated

[somera]

Description

After upgrade to 1.20.1 I see some of this

Failed to update mirror repository '/var/lib/gitea/repositories/raviyasas/spring-boot-hibernate-demo.git': fatal: unable to access 'https://github.com/raviyasas/spring-boot-hibernate-demo.git/': gnutls_handshake() failed: The TLS connection was non-properly terminated.

I run 1.20.0 for some days and I didn't see this error. My mirrors will be updated every 4h.

error after update mirrors.

Gitea Version

1.20.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.41.0

Operating System

Ubuntu 20.04.6

How are you running Gitea?

Precompiled gitea-1.20.1-linux-amd64

Database

PostgreSQL

[techknowlogick]

Are you able to clone that repo on the server with just your Unix user account? That feels like it might be a git error that's floating up into Gitea

[somera]

All affected repors are mirrored from Github. And I didn't see this error for months with other Gitea versions.

[somera]

Tje repo from the initial post is: https://github.com/raviyasas/spring-boot-hibernate-demo

[lafriks]

Does git clone work when running on that server for that repo?

[somera]

Yes, I can clone the project from github and my gitea instance.

I'm using gitea no for ~3 years. And I had less problems in this time. I have a lot of mirrors which. The cron is running every 4h and need 6-7 days for all mirrors.

With the 1.20.0 version I didn't saw

gnutls_handshake() failed: The TLS connection was non-properly terminated

but now with 1.20.1 7 times.

This is not a repo problem. But looks like a gitea problem.

[somera]

This

2023/07/22 22:02:50 ...irror/mirror_pull.go:290:runSync() [E] SyncMirrors [repo: <Repository 17079:muesli/gotable>]: failed to update mirror repository:
Stdout:
Stderr: fatal: unable to access 'https://github.com/muesli/gotable.git/': gnutls_handshake() failed: The TLS connection was non-properly terminated.

Err: exit status 128
        /source/services/mirror/mirror_pull.go:290 (0x24445de)
        /source/services/mirror/mirror_pull.go:432 (0x2446fe7)
        /source/services/mirror/mirror.go:28 (0x243eeae)
        /source/services/mirror/mirror.go:125 (0x243f884)
        /source/modules/queue/workerqueue.go:246 (0x1c8f05c)
        /source/modules/queue/workergroup.go:98 (0x1c9184d)
        /source/modules/queue/workergroup.go:162 (0x1c8ea68)
        /usr/local/go/src/runtime/asm_amd64.s:1598 (0x475380)
                goexit: BYTE    $0x90   // NOP

was the stacktrace.

Smetimes my IP will be blocked by Github and I have wait some time. But in this case I got every time othe error in gitea.

[somera]

After I updated to 1.20.0 I saw high CPU usage on my system comparing to 1.19.x. Cause you changed how the queues works.

In 1.19.x my configuration was

[queue.mirror]
LENGTH = 30000
WORKERS = 1

Now I changet it to

[queue]
MAX_WORKERS = 4

[queue.mirror]
LENGTH = 30000
WORKERS = 1
MAX_WORKERS = 1

[queue.repo_stats_update]
WORKERS = 1
MAX_WORKERS = 1

Cause MAX_WPRKERS is 10 as default. And in this case my system runs on 100% cpu usage.

When you change parameters, than this should be shown after the Gitea restart. For exampe on the first Gitea start in the browser or in the log.

[techknowlogick]

Could you run gnutls-cli -p 443 github.com -V? "gnutls_handshake() failed: The TLS connection was non-properly terminated." is an error that is reported to gitea from the git CLI. Is it possible you did an apt update/upgrade around the same time you updated gitea to 1.20?

[somera]

Could you run gnutls-cli -p 443 github.com -V? "gnutls_handshake() failed: The TLS connection was non-properly terminated." is an error that is reported to gitea from the git CLI. Is it possible you did an apt update/upgrade around the same time you updated gitea to 1.20?

Here the ouput:

github.com.txt

I didn't make any apt update at this time.

I tried to reproduce the problem. But I can't.

[wxiaoguang]

I can see two questions here.

1. "gnutls_handshake() failed: The TLS connection was non-properly terminated."
   • It indicates that the "https/tls" connection fails, it's usually a network problem (and some ratelimiter may also cause such problem)
2. Cause MAX_WPRKERS is 10 as default. And in this case my system runs on 100% cpu usage.
   • Do you have a lot of mirror tasks? Maybe we can low the default MAX_WORKERS to 1 or 2 in next release.
   • Update: ps: what's your hardware? How many CPU cores?

[somera]

I can see two questions here.

1. "gnutls_handshake() failed: The TLS connection was non-properly terminated."

   • It indicates that the "https/tls" connection fails, it's usually a network problem (and some ratelimiter may also cause such problem)

I didn't see this error again.

2. Cause MAX_WPRKERS is 10 as default. And in this case my system runs on 100% cpu usage.

   • Do you have a lot of mirror tasks? Maybe we can low the default MAX_WORKERS to 1 or 2 in next release.
   • Update: ps: what's your hardware? How many CPU cores?

My config is:

[queue]
MAX_WORKERS = 4

[queue.mirror]
LENGTH = 30000
WORKERS = 1
MAX_WORKERS = 1

[queue.repo_stats_update]
WORKERS = 1
MAX_WORKERS = 1

My hardware is an Intel NUC with Intel Pentium Silver J5005 (4) @ 2.800GHz. It's my Mini-Server where I run:

• Gitea
• Nexus
• PostgreSQL
• some docker containers

This


is the 20 last days of the CPU usage. On 16.07. I updated to 1.20.0. And than you see the increased CPU usage. Ans some days ago I chanched the config. And now it's better

[wxiaoguang]

I think we can do this:

Calculate MAX_WORKERS default value by CPU number #26177

On your system, the default MAX_WORKERS will be "2" then.

ps: the WORKERS = 1 is a no-op, only MAX_WORKERS is used