Php

Debian Stretch 上的 Apache 不斷出現分段錯誤

  • July 9, 2018

我有幾台執行 Debian Stretch 的伺服器,我一直遇到一個問題,即程序會遇到分段錯誤並停止。在我手動執行之前,它不會恢復服務service apache2 restart。我試圖找出是什麼原因造成的,這樣我就可以讓伺服器保持正常執行,但我一直無法做到。

伺服器正在執行兩個 Wordpress 實例(一個是公共站點,另一個是用於內容目的的私有暫存站點)。兩者都受到 Let’s Encrypt via Certbot 的保護(由於[ssl:warn]下面的錯誤日誌中,我將其包括在內)。發生這種情況時,我們沒有觀察到任何記憶體或磁碟空間問題。這些伺服器上的交換幾乎從未使用過。

這是service apache2 status段錯誤後的輸出:

# service apache2 status
● apache2.service - The Apache HTTP Server
  Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Active: inactive (dead) since Sun 2018-07-08 15:50:24 MST; 29min ago
 Process: 11833 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
 Process: 11828 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 883 (code=exited, status=0/SUCCESS)

Jul 08 15:50:24 hostname systemd[1]: Starting The Apache HTTP Server...
Jul 08 15:50:24 hostname apachectl[11828]: httpd (pid 11770) already running
Jul 08 15:50:24 hostname systemd[1]: Started The Apache HTTP Server.

這是輸出/var/log/apache2/error.log

[Sat Jul 07 17:04:51.693795 2018] [core:notice] [pid 29385] AH00052: child pid 18866 exit signal Segmentation fault (11)
[Sat Jul 07 17:04:51.693918 2018] [mpm_prefork:notice] [pid 29385] AH00169: caught SIGTERM, shutting down
[Sat Jul 07 17:04:52.484310 2018] [ssl:warn] [pid 19421] AH01906: bb7f602e547898d78a02b844d49c34bc.4210997990497fe5b452e5c6c4250620.acme.invalid:443:0 server certificate is a C
A certificate (BasicConstraints: CA == TRUE !?)
/page/8/
[Sat Jul 07 17:04:51.693795 2018] [core:notice] [pid 29385] AH00052: child pid 18866 exit signal Segmentation fault (11)
[Sat Jul 07 17:04:51.693918 2018] [mpm_prefork:notice] [pid 29385] AH00169: caught SIGTERM, shutting down
[Sat Jul 07 17:04:52.484310 2018] [ssl:warn] [pid 19421] AH01906: bb7f602e547898d78a02b844d49c34bc.4210997990497fe5b452e5c6c4250620.acme.invalid:443:0 server certificate is a C
A certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 07 17:04:52.495766 2018] [ssl:warn] [pid 19422] AH01906: bb7f602e547898d78a02b844d49c34bc.4210997990497fe5b452e5c6c4250620.acme.invalid:443:0 server certificate is a C
A certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 07 17:04:52.498208 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations
[Sat Jul 07 17:04:52.498230 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jul 07 17:04:58.754662 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart
[Sat Jul 07 17:04:58.766272 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations
[Sat Jul 07 17:04:58.766290 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jul 07 17:05:00.039384 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
[Sat Jul 07 17:05:00.050665 2018] [ssl:warn] [pid 19422] AH01906: 2af61f923209309052c60f342e6a0578.4287ae6d0b1c48707d1262e562b6250a.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 07 17:05:00.051519 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations
[Sat Jul 07 17:05:00.051528 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jul 07 17:05:06.063638 2018] [core:error] [pid 19422] AH00546: no record of generation 0 of exiting child 19423
[Sat Jul 07 17:05:06.420374 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart
[Sat Jul 07 17:05:06.431243 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations
[Sat Jul 07 17:05:06.431264 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jul 07 17:05:07.965690 2018] [mpm_prefork:notice] [pid 19422] AH00171: Graceful restart requested, doing restart
[Sat Jul 07 17:05:07.976624 2018] [mpm_prefork:notice] [pid 19422] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations
[Sat Jul 07 17:05:07.976636 2018] [core:notice] [pid 19422] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jul 07 17:05:07.977526 2018] [core:error] [pid 19422] AH00546: no record of generation 0 of exiting child 19550
[Sat Jul 07 17:05:08.211152 2018] [core:notice] [pid 19422] AH00052: child pid 19531 exit signal Segmentation fault (11)
[Sat Jul 07 17:05:08.211291 2018] [mpm_prefork:notice] [pid 19422] AH00169: caught SIGTERM, shutting down

對於上述日誌,我們有以下軟體和硬體(我可以提供任何其他可能有用的東西):

  • apache2 2.4.25-3+deb9u4
  • Debian 伸展 9.4
  • PHP 7.0.27-0+deb9u1 與 FPM
  • mariadb 10.1.26-0+deb9u1
  • 4x 核心 Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
  • 8G記憶體
  • 512MB 交換
  • 95G固態硬碟

該問題是由 Certbot 嘗試更新證書引起的。如果我跑了certbot renew,我會遇到這些錯誤(我已經對日誌進行了一些清理以刪除域和 IP):

Encountered vhost ambiguity when trying to find a vhost for domain2.com but was unable to ask for user guidance in non-interactive mode. Certbot may need vhosts to be explicitly labelled with ServerName or ServerAlias directives.
Falling back to default vhost *:443...
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (domain2.com) from /etc/letsencrypt/renewal/domain2.com.conf produced an unexpected error: Failed authorization procedure. domain2.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 942e8fc859beda1b41152fddc9579a1e.feafe6d59b7b25a33c08bca3c4be00e4.acme.invalid from 0.0.0.0:443. Received 2 certificate(s), first certificate had names "www.domain.com". Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.domain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
 /etc/letsencrypt/live/domain2.com/fullchain.pem (failure)

之後,執行service apache2 status導致

● apache2.service - The Apache HTTP Server
  Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Active: inactive (dead) since Sun 2018-07-08 18:13:00 MST; 6s ago
 Process: 22401 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
 Process: 22396 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 13700 (code=exited, status=0/SUCCESS)

Jul 08 18:13:00 hostname systemd[1]: Starting The Apache HTTP Server...
Jul 08 18:13:00 hostname apachectl[22396]: httpd (pid 22323) already running
Jul 08 18:13:00 hostname systemd[1]: Started The Apache HTTP Server.

我啟用了有問題的虛擬主機,重新啟動了 Apache,然後重新執行certbot renew,一切正常。它經常崩潰,因為 certbot 預設每天嘗試更新兩次。

引用自:https://serverfault.com/questions/920035