請求一個關於nginx+fastcgi遇到的問題
遇到一個很頭疼的問題.
公司現在的web伺服器是之前的系統管理員按照http://blog.s135.com/post/314.htm文章進行配置的.因為是內部測試,每天的流量也就2000多IP,同時在線最多也就一百多人.現在的問題是時不時的php-cgi進程突然從1到5、600。然後又迅速回到1.如果到5\600時,網站打開就會很慢或者打不開,查了很多資料,使用了php-fpm,但問題依然存在。快被折騰瘋了,不知道該從何入手
nginx配置
user www www;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
error_log logs/error.log;
pid logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
error_page 500 502 503 504 http://www.XXX.COM(為公司的網址);
default_type application/octet-stream;
#fastcgi_connect_timeout 60;
#fastcgi_send_timeout 180;
#fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
#fastcgi_busy_buffers_size 256k;
#fastcgi_temp_file_write_size 256k;
client_header_buffer_size 128k;
#large_client_header_buffers 4 256k;
keepalive_timeout 60;
gzip on;
gzip_min_length 1000;
gzip_buffers 4 8k;
gzip_types text/* text/css application/javascript application/x-javascript;
gzip_comp_level 9;
gzip_proxied any;
gzip_vary on;
output_buffers 4 32k;
postpone_output 1460;
php-fpm的配置
<?xml version="1.0" ?>
<configuration>
All relative paths in this config are relative to php's install prefix
<section name="global_options">
Pid file
<value name="pid_file">logs/php-fpm.pid</value>
Error log file
<value name="error_log">logs/php-fpm.log</value>
When this amount of php processes exited with SIGSEGV or SIGBUS ...
<value name="emergency_restart_threshold">10</value>
... in a less than this interval of time, a complete restart will be initiated.
Useful to work around accidental curruptions in accelerator's shared memory.
<value name="emergency_restart_interval">1m</value>
Time limit on waiting child's reaction on signals from master
<value name="process_control_timeout">5s</value>
Set to 'no' to debug fpm
<value name="daemonize">yes</value>
</section>
<workers>
<section name="pool">
Name of pool. Used in logs and stats.
<value name="name">main</value>
Address to accept fastcgi requests on.
Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'
<value name="listen_address">127.0.0.1:10080</value>
<value name="listen_options">
Set listen(2) backlog
<value name="backlog">-1</value>
Set permissions for unix socket, if one used.
In Linux read/write permissions must be set in order to allow connections from web server.
Many BSD-derrived systems allow connections regardless of permissions.
<value name="owner"></value>
<value name="group"></value>
<value name="mode">0666</value>
</value>
Additional php.ini defines, specific to this pool of workers.
<value name="php_defines">
<!-- <value name="sendmail_path">/usr/sbin/sendmail -t -i</value> -->
<!-- <value name="display_errors">0</value> -->
</value>
Unix user of processes
<value name="user">www</value>
Unix group of processes
<value name="group">www</value>
Process manager settings
<value name="pm">
Sets style of controling worker process count.
Valid values are 'static' and 'apache-like'
<value name="style">static</value>
Sets the limit on the number of simultaneous requests that will be served.
Equivalent to Apache MaxClients directive.
Equivalent to PHP_FCGI_CHILDREN environment in original php.fcgi
Used with any pm_style.
<value name="max_children">120</value>
Settings group for 'apache-like' pm style
<value name="apache_like">
Sets the number of server processes created on startup.
Used only when 'apache-like' pm_style is selected
<value name="StartServers">20</value>
Sets the desired minimum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MinSpareServers">5</value>
Sets the desired maximum number of idle server processes.
Used only when 'apache-like' pm_style is selected
<value name="MaxSpareServers">35</value>
</value>
</value>
Time limit on waiting execution of single request
Should be used when 'max_execution_time' ini option does not terminate execution for some reason
<value name="request_execution_timeout">31s</value>
Set open file desc rlimit
<value name="rlimit_files">51200</value>
Set max core size rlimit
<value name="rlimit_core">unlimited</value>
Chroot to this directory at the start
<value name="chroot"></value>
Chdir to this directory at the start
<value name="chdir"></value>
Redirect workers' stdout and stderr into main log.
If not set, they will be redirected to /dev/null, according to FastCGI specs
<value name="catch_workers_output">yes</value>
How much requests each process should execute before respawn.
Useful to work around memory leaks in 3rd party libraries.
For endless request processing please specify 0
Equivalent to PHP_FCGI_MAX_REQUESTS
<value name="max_requests">10240</value>
Comma separated list of ipv4 addresses of FastCGI clients that allowed to connect.
Equivalent to FCGI_WEB_SERVER_ADDRS environment in original php.fcgi (5.2.2+)
Makes sense only with AF_INET listening socket.
<value name="allowed_clients">127.0.0.1</value>
Pass environment variables like LD_LIBRARY_PATH
All $VARIABLEs are taken from current environment
<value name="environment">
<value name="HOSTNAME">$HOSTNAME</value>
<value name="PATH">/usr/local/bin:/usr/bin:/bin</value>
<value name="TMP">/tmp</value>
<value name="TMPDIR">/tmp</value>
<value name="TEMP">/tmp</value>
<value name="OSTYPE">$OSTYPE</value>
<value name="MACHTYPE">$MACHTYPE</value>
<value name="MALLOC_CHECK_">2</value>
</value>
</section>
</workers>
</configuration>
《解決方案》
先查是不是被攻擊