goaccess: Real time web log not work after update to 1.5.2 SSL

Hi developer,I have this problem, please help.

I have two servers, before I upgrade, everything is alright, after both servers upgrade to 1.5.2, the websocket real-time web log not work anymore, I didn’t touch anything, just upgrade the version, the page left corner green light turns off,

and the page become to static page,I need to reload the page update the data. let me describe the settings in details.

I use this option to compile 1.5.2

./configure --enable-utf8 --enable-geoip=mmdb --enable-debug --with-getline --with-openssl

two servers os also use ubuntu 21.04

I make goaccess as systemd service run in background：

root@ubuntu:/etc/nginx# cat /etc/systemd/system/goaccess.service
[Unit]
Description=Goaccess Web log report.
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
User=root
Group=root
Restart=always
RestartSec=1800
ExecStart=/usr/local/bin/goaccessreport
StandardInput=tty
StandardOutput=tty
StandardError=tty
TTYPath=/dev/tty7

[Install]
WantedBy=multi-user.target

here is the /usr/local/bin/goaccessreport

#!/bin/bash
zcat -f /var/log/nginx/*access.log.* | /usr/local/bin/goaccess /var/log/nginx/*access.log - -o /var/www/goaccess.mysite.com/index.html --ws-url=wss://goaccess.mysite.com --ssl-cert=/root/cert/ecc384.crt --ssl-key=/root/cert/ecc384.key --log-format='%h %^[%d:%t %^] %K/%k "%r" %s %b "%R" "%u"' --date-format=%d/%b/%Y --time-format=%T --real-time-html

nginx.conf log settings：

         log_format proxy '$proxy_protocol_addr - $remote_user [$time_local] '
                     '$ssl_protocol/$ssl_cipher '
                     '"$request" $status $body_bytes_sent '
                     '"$http_referer" "$http_user_agent"';

        access_log /var/log/nginx/access.log proxy;
        error_log /var/log/nginx/error.log;

goaccess service can run without error, and it also LISTEN 7890

When I stop the goaccess service, run it in command:

root@ubuntu:/usr/local/bin# ./goaccessreport
==Using TLS/SSL==
 [PARSING -] {43650} @ {3357/s}.log] {5320} @ {5320/s}
WebSocket server ready to accept new client connections

after I access my sites, and check back the goaccess status, it show the following errors

root@ubuntu:/usr/local/bin# ./goaccessreport
==Using TLS/SSL==
 [PARSING -] {43650} @ {3357/s}.log] {5320} @ {5320/s}
WebSocket server ready to accept new client connections
Accepted: 14 8.21.11.38
SSL: SSL_accept -> SSL_ERROR_WANT_READ
SSL: incomplete, data available for reading
SSL: SSL_accept -> failed fatal error code: 1
SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
SSL: SSL_read -> SSL_ERROR_ZERO_RETURN
SSL: TLS/SSL connection has been closed
SSL: SSL_write -> SSL_ERROR_ZERO_RETURN
SSL: TLS/SSL connection has been closed
SSL: SSL_write -> SSL_ERROR_ZERO_RETURN
SSL: TLS/SSL connection has been closed
SSL: SSL_shutdown -> failed fatal error code: 1
SSL: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
Active: 0

SSL Error？so I check my certificate, ecc384.crt / ecc384.key, It don’t have any problem

I don’t know why this happened. There was no problem before the update, but the problem appeared after the update.

Thanks for help first.

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 25 (12 by maintainers)

Most upvoted comments

It seems that this issue maybe isolated to your environment. My guess is it could be the network or some missing configuration. Either way, thanks for giving me the heads up, and good to know you found a workaround. Feel free to reopen it if you need to.

allinurl on Jan 9, 2024

I’m trying to reproduce this, not sure yet exactly what’s triggering it, rt.goaccess.io is running v1.5.2 and seems to work fine using a Let’s Encrypt certificate. A few questions for everyone:

Can anyone confirm if this was working fine on a previous version, e.g., v1.5 (please build from source)?

If using Let’s Encrypt, can I ask you to please try renewing the certificate with --preferred-chain "ISRG Root X1" to exclude expired root from the trust chains.

Please try if the following works (If you see a similar issue then it is Let’s Encrypt related and you need to remove expired Root CA)
     $ curl https://curl.se
Please take a look at this post and let me know if that helps solve the issue.

Thanks everyone!

Hi Developer,

We also need to say thank you, thanks for your patiently help,

Can anyone confirm if this was working fine on a previous version, e.g., v1.5 (please build from source)?

I’ve tried downgrade to 1.5, it’s working fine, please see the screen capture.

===============================

Very strange, I just tried to test your suggestion 1.), after I finished the test, I upgrade to 1.5.2 again, and restart the service, It unexpectedly works again (the screen capture below is 1.5.2 and the green light on again)

Here is what I did:

1.)delete /usr/local/bin/goaccess, (1.5.2)，and download 1.5 from source and compile it

2.)restart goaccess

3.)visit my goaccess site and take a screen capture

4.)delete /usr/local/bin/goaccess, (1.5) and download 1.5.2 from source and re-compile it

5.)restart goaccess

6.)then 1.5.2 real time web log works again 😳

I don’t know why, I didn’t touch any certificate stuff.

When a problem occurs, I use the version of ubuntu is 21.04. In the test I just did, my version of ubuntu has been updated to 21.10. The problem was solved inadvertently. Is this related to the version of ubuntu?

I will continue to pay attention to see the problem is really gone or not.

I didn’t test 2, 3, 4 because it seems solved my problem.

cwyin7788 on Nov 18, 2021