Xdebug Timeout Question

1. 问题描述

如图所示,从反向代理Nginx请求一个简单的PHP脚本,告警提示:There was a problem sending 193 bytes on socket 7: Broken pipe

2. 检查端口连通性

由于Nginx和FPM都是基于Alpine自行构建的,在Nginx容器中,没有telnet工具,可以使用nc工具替代;

nc的安装,可以基于https://pkgs.alpinelinux.org/contents查询命令,其他Alpine包也可以通过检索安装;

fpm为fpm所在主机号,Docker中可以直接用服务名作为主机号

// 安装strace和nc
apk add strace netcat-openbsd

-z  Zero-I/O mode (scanning)
-v  Verbose

/etc/nginx # nc -zv fpm 9000
Connection to fpm 9000 port [tcp/*] succeeded!

3. 启用strace调试准备

由于strace在容器中默认是禁用的,如果单独的Doker命令run起来的,可以加上--privileged Give extended privileges to this container

docker-composer.yml配置中,通过加入SYS_PTRACE能力支持,更多可以参考:https://docs.docker.com/compose/compose-file/#cap_add-cap_drop

version: "3.7"
services:
    nginx:
        ports:
          - 86:86
        networks:
          phpfpm-net:
          proxy-net:
              aliases:
                - phpfpm-nginx
                - phpngx
        volumes:
          - /data/www:/data/www
          - /data/learn:/data/learn
        depends_on:
          - fpm
        restart: always
    fpm:
        cap_add:
            - SYS_PTRACE
        security_opt:
            - seccomp:unconfined
        build:
            context: ./fpm
        image: tkstorm/phpfpm
        networks:
          phpfpm-net:
        volumes:
          - /data/www:/data/www
          - /data/learn:/data/learn
        restart: always
networks:
    phpfpm-net:
        name: phpfpm-net
    proxy-net:
        external: true
        name: proxy-net

4. 进入fpm容器中跟踪调试

// 调试www相关进程
strace -s 1024 -p $(pgrep www|tr '\n' ','|sed 's/,$//')

通过curl请求phpinfo.php脚本页面时候,直接终止在recvfrom(7这个系统调用

[pid    15] writev(6, [{iov_base="[15] <- eval -i 12 -- KHN0cmluZy"..., iov_len=67}, {iov_base=NULL, iov_len=0}], 2) = 67
[pid    15] getpid()                    = 15
[pid    15] writev(6, [{iov_base="[15] -> <response xmlns=\"urn:deb"..., iov_len=223}, {iov_base=NULL, iov_len=0}], 2) = 223
[pid    15] write(7, "257\0<?xml version=\"1.0\" encoding"..., 262) = 262
[pid    15] recvfrom(7, "eval -i 13 -- KHN0cmluZykoJF9TRV"..., 128, 0, NULL, NULL) = 59
[pid    15] getpid()                    = 15
[pid    15] writev(6, [{iov_base="[15] <- eval -i 13 -- KHN0cmluZy"..., iov_len=67}, {iov_base=NULL, iov_len=0}], 2) = 67
[pid    15] getpid()                    = 15
[pid    15] writev(6, [{iov_base="[15] -> <response xmlns=\"urn:deb"..., iov_len=236}, {iov_base=NULL, iov_len=0}], 2) = 236
[pid    15] write(7, "270\0<?xml version=\"1.0\" encoding"..., 275) = 275
[pid    15] recvfrom(7, strace: Process 6 detached

再往上找这个文件描述符7,会发现是由于打开了一个192.168.65.2:9801的套接字

[pid    15] socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 7
[pid    15] fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
[pid    15] fcntl(7, F_SETFD, FD_CLOEXEC) = 0
[pid    15] connect(7, {sa_family=AF_INET, sin_port=htons(9801), sin_addr=inet_addr("192.168.65.2")}, 16) = -1 EINPROGRESS (Operation in progress)
[pid    15] poll([{fd=7, events=POLLIN|POLLPRI|POLLOUT}], 1, 200) = 1 ([{fd=7, revents=POLLOUT}])
[pid    15] getpeername(7, {sa_family=AF_INET, sin_port=htons(9801), sin_addr=inet_addr("192.168.65.2")}, [28->16]) = 0
[pid    15] fcntl(7, F_SETFL, O_RDONLY) = 0
[pid    15] setsockopt(7, SOL_TCP, TCP_NODELAY, "\1\0\0\0\0\0\0\0", 8) = 0

这个配置的端口其实就是xdebug扩展模块,配置的与jebrain应用的tcp通信调试端口,xdebug基于DBGp协议,所以才会往套接字中写入与协议相关的内容,参考,https://xdebug.org/docs/remote

Connect
<?xml version="1.0" encoding="iso-8859-1"?>
<init xmlns="urn:debugger_protocol_v1"
      xmlns:xdebug="http://xdebug.org/dbgp/xdebug"
      fileuri="file:///home/httpd/www.xdebug.org/html/docs/index.php"
      language="PHP"
      protocol_version="1.0"
      appid="13202"
      idekey="derick">
  <engine version="2.0.0RC4-dev"><![CDATA[Xdebug]]></engine>
  <author><![CDATA[Derick Rethans]]></author>
  <url><![CDATA[http://xdebug.org]]></url>
  <copyright><![CDATA[Copyright (c) 2002-2007 by Derick Rethans]]></copyright>
</init>
(cmd)

5. 排查xdebug配置

zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20180731/xdebug.so
xdebug.remote_autostart=1
xdebug.idekey=PHPSTORM
xdebug.remote_enable=on
xdebug.remote_host=host.docker.internal
xdebug.remote_port=9801
xdebug.remote_log=/tmp/xdebug.log

默认的xdebug的使用过程中,通常需要通过COOKIE或者GET,携带上相关的标识信息(或者利用相关插件,比如firebug之类的);

我不想使用这类插件,通信由希望与容器中的PHP进程进行调试,所以配置的默认远端调试自动启动;

xdebug.remote_autostart
Type: boolean, Default value: false

Normally you need to use a specific HTTP GET/POST variable to start remote debugging (see Remote Debugging). When this setting is set to 1, Xdebug will always attempt to start a remote debugging session and try to connect to a client, even if the GET/POST/COOKIE variable was not present.

到此,我才发现我开了的PHPSTORM已经默默阻塞了多个请求!!