HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

2.8 - editor file uploads globally lock up PHP

jamesincjamesinc Sydney ✭✭
edited June 2019 in Feedback

I had this issue in older versions of Vanilla too.

As I understand it, the issue is that the upload function call in editor initialises a session, and session resource locks are global, so if a user with a slow connection initiates an upload, while that upload is in progress the whole site becomes unresponsive for all other users.

This is very much in areas of php that I don't understand very well and given that many forums probably allow file uploads, surely there's a workaround. My server config is Ubuntu 18.04 LTS with Apache running PHP 7.2 via FPM. While PHP is locked up, static resources remain available as normal.

This Stack Overflow question is describing the same issue: https://stackoverflow.com/questions/5705211/apache-uploading-a-file-freezes-my-website

Happy to dump more info on request, just not sure what is relevant here.

Comments

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    The solution here is to allow more than 1 PHP-FPM process and set a timeout value for nginx to cut off overlying long connections.

    Vanilla cloud tend have multiple application servers behind load balancer, but you can definitely configure a single web server to handle more than 1 concurrent request.

  • jamesincjamesinc Sydney ✭✭

    @charrondev you're referring to the max_children setting? Mine is set to 30. I'll have a look at dropping long-running connections

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    Is recommend sharing some more information and about your web-server setup.

    Nginx conf + PHP.ini would be helpful, as well as versions of each.

    Otherwise we’re kind of shooting in the dark. Another option is set a maximum upload size. This can be easily done with a Vanilla config setting. I don’t remember the name, but it should be in the default config.

Sign In or Register to comment.