Php
Debian Stretch 上的 Apache 不斷出現分段錯誤
我有幾台執行 Debian Stretch 的伺服器,我一直遇到一個問題,即程序會遇到分段錯誤並停止。在我手動執行之前,它不會恢復服務
service apache2 restart
。我試圖找出是什麼原因造成的,這樣我就可以讓伺服器保持正常執行,但我一直無法做到。伺服器正在執行兩個 Wordpress 實例(一個是公共站點,另一個是用於內容目的的私有暫存站點)。兩者都受到 Let’s Encrypt via Certbot 的保護(由於
[ssl:warn]
下面的錯誤日誌中,我將其包括在內)。發生這種情況時,我們沒有觀察到任何記憶體或磁碟空間問題。這些伺服器上的交換幾乎從未使用過。這是
service apache2 status
段錯誤後的輸出:# service apache2 status ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: inactive (dead) since Sun 2018-07-08 15:50:24 MST; 29min ago Process: 11833 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS) Process: 11828 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Main PID: 883 (code=exited, status=0/SUCCESS) Jul 08 15:50:24 hostname systemd[1]: Starting The Apache HTTP Server... Jul 08 15:50:24 hostname apachectl[11828]: httpd (pid 11770) already running Jul 08 15:50:24 hostname systemd[1]: Started The Apache HTTP Server.
這是輸出
/var/log/apache2/error.log
:[Sat Jul 07 17:04:51.693795 2018] [core:notice] [pid 29385] AH00052: child pid 18866 exit signal Segmentation fault (11) [Sat Jul 07 17:04:51.693918 2018] [mpm_prefork:notice] [pid 29385] AH00169: caught SIGTERM, shutting down [Sat Jul 07 17:04:52.484310 2018] [ssl:warn] [pid 19421] AH01906: bb7f602e547898d78a02b844d49c34bc.4210997990497fe5b452e5c6c4250620.acme.invalid:443:0 server certificate is a C A certificate (BasicConstraints: CA == TRUE !?) /page/8/ [Sat Jul 07 17:04:51.693795 2018] [core:notice] [pid 29385] AH00052: child pid 18866 exit signal Segmentation fault (11) [Sat Jul 07 17:04:51.693918 2018] [mpm_prefork:notice] [pid 29385] AH00169: caught SIGTERM, shutting down [Sat Jul 07 17:04:52.484310 2018] [ssl:warn] [pid 19421] AH01906: bb7f602e547898d78a02b844d49c34bc.4210997990497fe5b452e5c6c4250620.acme.invalid:443:0 server certificate is a C A certificate (BasicConstraints: CA == TRUE !?) [Sat Jul 07 17:04:52.495766 2018] [ssl:warn] [pid 19422] AH01906: bb7f602e547898d78a02b844d49c34bc.4210997990497fe5b452e5c6c4250620.acme.invalid:443:0 server certificate is a C A certificate (BasicConstraints: CA == TRUE !?) [Sat Jul 07 17:04:52.498208 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations [Sat Jul 07 17:04:52.498230 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2' [Sat Jul 07 17:04:58.754662 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart [Sat Jul 07 17:04:58.766272 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations [Sat Jul 07 17:04:58.766290 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2' [Sat Jul 07 17:05:00.039384 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist [Sat Jul 07 17:05:00.050665 2018] [ssl:warn] [pid 19422] AH01906: 2af61f923209309052c60f342e6a0578.4287ae6d0b1c48707d1262e562b6250a.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Jul 07 17:05:00.051519 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations [Sat Jul 07 17:05:00.051528 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2' [Sat Jul 07 17:05:06.063638 2018] [core:error] [pid 19422] AH00546: no record of generation 0 of exiting child 19423 [Sat Jul 07 17:05:06.420374 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart [Sat Jul 07 17:05:06.431243 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations [Sat Jul 07 17:05:06.431264 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2' [Sat Jul 07 17:05:07.965690 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart [Sat Jul 07 17:05:07.976624 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations [Sat Jul 07 17:05:07.976636 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2' [Sat Jul 07 17:05:07.977526 2018] [core:error] [pid 19422] AH00546: no record of generation 0 of exiting child 19550 [Sat Jul 07 17:05:08.211152 2018] [core:notice] [pid 19422] AH00052: child pid 19531 exit signal Segmentation fault (11) [Sat Jul 07 17:05:08.211291 2018] [mpm_prefork:notice] [pid 19422] AH00169: caught SIGTERM, shutting down
對於上述日誌,我們有以下軟體和硬體(我可以提供任何其他可能有用的東西):
- apache2 2.4.25-3+deb9u4
- Debian 伸展 9.4
- PHP 7.0.27-0+deb9u1 與 FPM
- mariadb 10.1.26-0+deb9u1
- 4x 核心 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
- 8G記憶體
- 512MB 交換
- 95G固態硬碟
該問題是由 Certbot 嘗試更新證書引起的。如果我跑了
certbot renew
,我會遇到這些錯誤(我已經對日誌進行了一些清理以刪除域和 IP):Encountered vhost ambiguity when trying to find a vhost for domain2.com but was unable to ask for user guidance in non-interactive mode. Certbot may need vhosts to be explicitly labelled with ServerName or ServerAlias directives. Falling back to default vhost *:443... Waiting for verification... Cleaning up challenges Attempting to renew cert (domain2.com) from /etc/letsencrypt/renewal/domain2.com.conf produced an unexpected error: Failed authorization procedure. domain2.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 942e8fc859beda1b41152fddc9579a1e.feafe6d59b7b25a33c08bca3c4be00e4.acme.invalid from 0.0.0.0:443. Received 2 certificate(s), first certificate had names "www.domain.com". Skipping. ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.domain.com.conf ------------------------------------------------------------------------------- Cert not yet due for renewal All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/domain2.com/fullchain.pem (failure)
之後,執行
service apache2 status
導致● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: inactive (dead) since Sun 2018-07-08 18:13:00 MST; 6s ago Process: 22401 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS) Process: 22396 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Main PID: 13700 (code=exited, status=0/SUCCESS) Jul 08 18:13:00 hostname systemd[1]: Starting The Apache HTTP Server... Jul 08 18:13:00 hostname apachectl[22396]: httpd (pid 22323) already running Jul 08 18:13:00 hostname systemd[1]: Started The Apache HTTP Server.
我啟用了有問題的虛擬主機,重新啟動了 Apache,然後重新執行
certbot renew
,一切正常。它經常崩潰,因為 certbot 預設每天嘗試更新兩次。