Proftpd
proftpd 在達到一定數量的程序後鎖定
我們有一個在 centos6 上執行的 proftpd 伺服器(1.3.3g),當它似乎超過大約 150 個正在執行的程序時,它會鎖定並阻止更多的連接。
proftpd 伺服器連接到 MYSQL 以處理使用者身份驗證。
我已經執行了 proftpd 偏執日誌,並且看不到任何失敗,並且檢查了安全日誌中是否有任何登錄失敗,並且沒有任何問題。
監控顯示在它跌倒期間沒有 CPU/記憶體/磁碟/網路峰值,它似乎只是鎖定,直到連接再次下降。該機器應該可以處理超過 150 個並髮使用者(E3-1271v3 32GB RAM)。
PROFTPD 配置
# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "PROHIBITED FTP ACCESS" DeferWelcome off #ServerType standalone # Globbing UseGlobbing off TransferLog /var/log/ftpxferlog UseReverseDNS off IdentLookups off UseFtpUsers off WtmpLog off UseIPv6 off # Restrict the range of ports from which the server will select when sent the # PASV command from a client. Use IANA-registered ephemeral port range of # 49152-65534 PassivePorts 49152 65534 Port 21 Umask 022 TimeoutLogin 120 TimeoutIdle 300 TimeoutNoTransfer 300 TimeoutStalled 300 # Default to show dot files in directory listings ListOptions "-a +R" strict # ListOptions "" maxdepth 3 # ListOptions "" maxdirs 10 ListOptions "" maxfiles 2000 AllowOverride off # Set the user and group that the server normally runs as. User www Group www # Set path locations ScoreboardFile /var/run/proftpd.score #DefaultRoot /data/filesroot/ftproot/pub DefaultRoot /data/filesroot/ftproot # Log formats LogFormat default "%h %l %u %t \"%r\" %s %b" #LogFormat anonymous "%h %l %u %t \"%r\" %s %b" #LogFormat auth "%v [%P] %h %t \"%r\" %s" #LogFormat write "%h %l %u %t \"%r\" %s %b" # SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. <IfModule mod_dso.c> LoadModule mod_sql.c LoadModule mod_sql_mysql.c LoadModule mod_ifsession.c </IfModule> # Global settings <Global> AuthOrder mod_sql.c SQLEngine on SQLAuthenticate users groups SQLConnectInfo xxx@xxx:3306 USERNAME PASSWORD SQLAuthTypes Backend SQLUserInfo ftpusers username passwd uid gid NULL NULL SQLDefaultHomedir /data/filesroot/ftproot/ RequireValidShell off SQLGroupInfo ftpgroups groupname gid members SQLDefaultGID 65533 SQLDefaultUID 65533 SQLMinID 350 ServerIdent on "FTP Server ready." AllowOverwrite yes IdentLookups off DelayEngine off # Logging # file/dir access #ExtendedLog /var/log/proftpd/access.log WRITE,READ # Record all logins #ExtendedLog /var/log/proftpd/auth.log AUTH # Paranoia logging level.... #ExtendedLog /var/log/proftpd/paranoid.log ALL </Global> <Limit LOGIN> Order allow, deny DenyAll </Limit> # Deny writing to the base server... <Directory /data/filesroot/ftproot/pub/*> <Limit WRITE> DenyAll </Limit> </Directory> <Limit WRITE> DenyAll </Limit> <Directory /> HideNoAccess on <Limit WRITE> DenyAll </Limit> </Directory> <VirtualHost xxx.xxx.xxx.xxx> ServerAdmin xxx@xxx.com ServerName "FTP" DefaultRoot /data/filesroot/ftproot SQLDefaultHomedir /data/filesroot/ftproot/ TransferLog /data/logs/ftp/files/files.xferlog RequireValidShell off AllowOverwrite on AllowRetrieveRestart on AllowStoreRestart on MaxLoginAttempts 2 MaxClients 2000 "Sorry, maximum users reached." MaxClientsPerUser 5 MaxHostsPerUser 2 # How quickly do we kick someone out? TimeoutLogin 45 TimeoutIdle 15 TimeoutNoTransfer 300 # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # Set the user and group that the server normally runs at. User www Group www # Set Anonymous access controls <Anonymous /data/filesroot/ftproot/pub> User www Group www UserAlias anonymous www RequireValidShell off MaxClients 1 <Limit WRITE> DenyAll </Limit> # Don't write anonymous accesses to the system wtmp file (good idea!) WtmpLog off </Anonymous> </VirtualHost>
對於 FTP 伺服器來說,150 個並發連接似乎非常小。任何見解將不勝感激
問題原來是數據庫表是 MyISAM 而不是 InnoDB,所以當它忙時,整個表鎖定會導致級聯效應。將這些表更改為 INNODB 解決了這些問題,因為它現在只鎖定行。