Apache-2.2

Apache 越來越多地消耗資源,直到重新啟動

  • April 22, 2017

我的apache2( Ubuntu 12.04) 在某些(可變的)時間段內出現了異常的系統資源使用率。我很肯定我沒有那麼多流量,並且 dos/ddos 幾乎不在列表中,因為沒有 web 伺服器重新啟動可以對 dos/ddos 做任何事情。

有什麼症狀?

系統負載(uptime命令)顯示2- 2.5- 3。在 8 核機器上,通常的負載永遠不會超過,0.8除非發生其他事情,通常是0.1- 0.2

top命令證明apache是罪魁禍首。

為什麼我對可容忍的系統負載很重視?

似乎磁碟 I/O 也增加了(溫度上升 2-3 攝氏度),我寧願避免這種情況,因為兩個硬碟都有好幾年了。而且我不知道這是怎麼回事。

配置文件/etc/apache2/apache2.conf(刪除大註釋):

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile ${APACHE_LOCK_DIR}/accept.lock

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
   StartServers          5
   MinSpareServers       5
   MaxSpareServers      10
   MaxClients          150
   MaxRequestsPerChild   0
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
#              graceful restart. ThreadLimit can only be changed by stopping
#              and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
   StartServers          2
   MinSpareThreads      25
   MaxSpareThreads      75
   ThreadLimit          64
   ThreadsPerChild      25
   MaxClients          150
   MaxRequestsPerChild   0
</IfModule>

# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
   StartServers          2
   MinSpareThreads      25
   MaxSpareThreads      75
   ThreadLimit          64
   ThreadsPerChild      25
   MaxClients          150
   MaxRequestsPerChild   0
</IfModule>

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
   Order allow,deny
   Deny from all
   Satisfy all
</Files>

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
# It is also possible to omit any default MIME type and let the
# client's browser guess an appropriate action instead. Typically the
# browser will decide based on the file's extension then. In cases
# where no good assumption can be made, letting the default MIME type
# unset is suggested  instead of forcing the browser to accept
# incorrect  metadata.
#
DefaultType None


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf

# Include all the user configurations:
Include httpd.conf

# Include ports listing
Include ports.conf

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
Include conf.d/

# Include the virtual host configurations:
Include sites-enabled/



<IfModule mod_spamhaus.c>
 MS_METHODS POST,PUT,OPTIONS,CONNECT
 MS_WhiteList /etc/spamhaus.wl
 MS_CacheSize 256
</IfModule>

載入的模組:

core_module (static)
log_config_module (static)
logio_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
headers_module (shared)
mime_module (shared)
evasive20_module (shared)
negotiation_module (shared)
php5_module (shared)
qos_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
ssl_module (shared)
status_module (shared)
unique_id_module (shared)
Syntax OK

任何幫助表示讚賞。

由於沒有人回答這個問題,我會希望有人會發現這很有用。


mod_status在利用和觀察實時流量之前,我沒有解決這個問題。事實證明,幾個站點 - 幾個 apache對某些腳本vhosts有持久的、自初始化的 http 請求。phpphp腳本是一些 Wordpress 安全外掛 cron 腳本 - 他們正在進行站點掃描,並且有一些討厭的錯誤阻止掃描終止和成功退出(此資訊稍後建立)。我切斷了這些,問題立即消失了。


這個故事的寓意是,如果你遇到這樣的麻煩,除了所有其他檢查:

  • 總是首先懷疑腳本語言 - 它們是通常的嫌疑人
  • 利用mod_status.
  • 查找持久和/或掛起的腳本。看看你是否可以終止它們

引用自:https://serverfault.com/questions/807254