質問編集履歴
3
自己解決したのでタイトル変更
test
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Nginx+Wordpress、502エラー
|
1
|
+
Nginx+Wordpress、502エラー多発。原因はDDOS攻撃でした。
|
test
CHANGED
File without changes
|
2
書式を修正、デフォルトの設定ファイルを追加しました
test
CHANGED
File without changes
|
test
CHANGED
@@ -46,7 +46,7 @@
|
|
46
46
|
|
47
47
|
|
48
48
|
|
49
|
-
###
|
49
|
+
###まず確認してみたこと
|
50
50
|
|
51
51
|
|
52
52
|
|
@@ -64,70 +64,372 @@
|
|
64
64
|
|
65
65
|
> [error] 4247#0: *573 connect() to unix:/var/run/php-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: unix:, server: _, request: "GET / HTTP/1.0", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "xxx.com"
|
66
66
|
|
67
|
+
|
68
|
+
|
69
|
+
**◆「php-fpm.sock」とやらに問題があるのでは**
|
70
|
+
|
71
|
+
|
72
|
+
|
73
|
+
**htopでサーバー確認**
|
74
|
+
|
75
|
+
|
76
|
+
|
77
|
+
- uptime 約15分
|
78
|
+
|
79
|
+
- Cpuは、徐々に上がり始めほぼ100%
|
80
|
+
|
81
|
+
- Mem 約70〜95%
|
82
|
+
|
83
|
+
- Load average はどんどん溜まって30台まで
|
84
|
+
|
85
|
+
- 複数のphp-fpmが実行中
|
86
|
+
|
87
|
+
|
88
|
+
|
89
|
+
**◆リソースが足りなくなってエラーが発生してるよう**
|
90
|
+
|
91
|
+
|
92
|
+
|
93
|
+
###PHP-FPMの設定
|
94
|
+
|
95
|
+
|
96
|
+
|
97
|
+
■エラー発生時設定
|
98
|
+
|
99
|
+
|
100
|
+
|
101
|
+
**/var/log/php-fpm/error.log**の確認
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
> WARNING [pool www] server reached pm.max_children setting (5), consider raising it
|
106
|
+
|
107
|
+
|
108
|
+
|
109
|
+
□/etc/php-fpm.d/www.conf ※デフォルト
|
110
|
+
|
67
111
|
```
|
68
112
|
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
113
|
+
listen = /var/run/php-fpm.sock
|
114
|
+
|
115
|
+
listen.owner = nginx
|
116
|
+
|
117
|
+
listen.group = nginx
|
118
|
+
|
119
|
+
listen.mode = 0666
|
120
|
+
|
121
|
+
|
122
|
+
|
123
|
+
user = nginx
|
124
|
+
|
125
|
+
group = nginx
|
126
|
+
|
127
|
+
|
128
|
+
|
129
|
+
pm = dynamic
|
130
|
+
|
131
|
+
pm.max_children = 5
|
132
|
+
|
133
|
+
pm.start_servers = 1
|
134
|
+
|
135
|
+
pm.min_spare_servers = 1
|
136
|
+
|
137
|
+
pm.max_spare_servers = 4
|
138
|
+
|
139
|
+
pm.max_requests = 200
|
140
|
+
|
141
|
+
|
142
|
+
|
143
|
+
rlimit_files = 131072
|
144
|
+
|
145
|
+
rlimit_core = unlimited
|
146
|
+
|
147
|
+
|
148
|
+
|
149
|
+
request_terminate_timeout = 90
|
150
|
+
|
151
|
+
request_slowlog_timeout = 60
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
slowlog = /var/log/php-fpm/www-slow.log
|
156
|
+
|
157
|
+
|
158
|
+
|
159
|
+
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
|
160
|
+
|
161
|
+
php_admin_flag[log_errors] = on
|
162
|
+
|
163
|
+
php_admin_value[upload_max_filesize] = 200M
|
164
|
+
|
165
|
+
php_admin_value[post_max_size] = 200M
|
166
|
+
|
167
|
+
php_admin_value[max_execution_time] = 90
|
168
|
+
|
169
|
+
```
|
170
|
+
|
171
|
+
|
172
|
+
|
173
|
+
|
174
|
+
|
175
|
+
**■/etc/php-fpm.d/www.conf**の修正
|
176
|
+
|
177
|
+
|
178
|
+
|
179
|
+
> [nginxとphp-fpmがタイムアウトしたり子プロセスがいっぱいになっているので設定を見直してみた。 | rhasm.net/blog](http://blog.rhasm.net/tune-nginx-and-php-fpm/)
|
180
|
+
|
181
|
+
|
182
|
+
|
183
|
+
参考にさせて頂きました。
|
184
|
+
|
185
|
+
|
186
|
+
|
187
|
+
> pm.max_children = 5 ※5=>100に変更してみる。
|
188
|
+
|
189
|
+
|
190
|
+
|
191
|
+
> listen.backlog = 256 ※1行追加
|
192
|
+
|
193
|
+
|
194
|
+
|
195
|
+
###Nginxの設定
|
196
|
+
|
197
|
+
|
198
|
+
|
199
|
+
■エラー発生時設定
|
200
|
+
|
201
|
+
|
202
|
+
|
203
|
+
□/etc/nginx/nginx.conf ※デフォルト
|
204
|
+
|
205
|
+
|
206
|
+
|
207
|
+
```
|
208
|
+
|
209
|
+
user nginx nginx;
|
210
|
+
|
211
|
+
worker_processes 2;
|
212
|
+
|
213
|
+
worker_rlimit_nofile 10240;
|
214
|
+
|
215
|
+
|
216
|
+
|
217
|
+
error_log /var/log/nginx/error.log warn;
|
218
|
+
|
219
|
+
pid /var/run/nginx.pid;
|
220
|
+
|
221
|
+
|
222
|
+
|
223
|
+
events {
|
224
|
+
|
225
|
+
worker_connections 8192;
|
226
|
+
|
227
|
+
use epoll;
|
228
|
+
|
229
|
+
}
|
230
|
+
|
231
|
+
|
232
|
+
|
233
|
+
http {
|
234
|
+
|
235
|
+
include /etc/nginx/mime.types;
|
236
|
+
|
237
|
+
default_type application/octet-stream;
|
238
|
+
|
239
|
+
|
240
|
+
|
241
|
+
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
242
|
+
|
243
|
+
'$status $body_bytes_sent "$http_referer" '
|
244
|
+
|
245
|
+
'"$http_user_agent" "$http_x_forwarded_for"';
|
246
|
+
|
247
|
+
log_format backend '$http_x_forwarded_for - $remote_user [$time_local] "$request" '
|
248
|
+
|
249
|
+
'$status $body_bytes_sent "$http_referer" '
|
250
|
+
|
251
|
+
'"$http_user_agent"';
|
252
|
+
|
253
|
+
|
254
|
+
|
255
|
+
access_log /var/log/nginx/access.log main;
|
256
|
+
|
257
|
+
|
258
|
+
|
259
|
+
server_name_in_redirect off;
|
260
|
+
|
261
|
+
server_tokens off;
|
262
|
+
|
263
|
+
|
264
|
+
|
265
|
+
sendfile on;
|
266
|
+
|
267
|
+
tcp_nopush off;
|
268
|
+
|
269
|
+
|
270
|
+
|
271
|
+
keepalive_timeout 5;
|
272
|
+
|
273
|
+
|
274
|
+
|
275
|
+
client_max_body_size 200M;
|
276
|
+
|
277
|
+
client_body_buffer_size 256k;
|
278
|
+
|
279
|
+
"/etc/nginx/nginx.conf" 100L, 3234C
|
280
|
+
|
281
|
+
client_max_body_size 200M;
|
282
|
+
|
283
|
+
client_body_buffer_size 256k;
|
284
|
+
|
285
|
+
|
286
|
+
|
287
|
+
if_modified_since before;
|
288
|
+
|
289
|
+
|
290
|
+
|
291
|
+
gzip on;
|
292
|
+
|
293
|
+
gzip_http_version 1.0;
|
294
|
+
|
295
|
+
gzip_vary on;
|
296
|
+
|
297
|
+
gzip_comp_level 6;
|
298
|
+
|
299
|
+
gzip_types text/plain
|
300
|
+
|
301
|
+
text/xml
|
302
|
+
|
303
|
+
text/css
|
304
|
+
|
305
|
+
text/javascript
|
306
|
+
|
307
|
+
application/xhtml+xml
|
308
|
+
|
309
|
+
application/xml
|
310
|
+
|
311
|
+
application/rss+xml
|
312
|
+
|
313
|
+
application/atom_xml
|
314
|
+
|
315
|
+
application/javascript
|
316
|
+
|
317
|
+
application/x-javascript
|
318
|
+
|
319
|
+
application/x-httpd-php;
|
320
|
+
|
321
|
+
gzip_disable "MSIE [1-6]\.";
|
322
|
+
|
323
|
+
|
324
|
+
|
325
|
+
# proxy cache
|
326
|
+
|
327
|
+
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2
|
328
|
+
|
329
|
+
keys_zone=czone:32m max_size=256m inactive=1440m;
|
330
|
+
|
331
|
+
proxy_temp_path /var/cache/nginx/proxy_temp;
|
332
|
+
|
333
|
+
proxy_cache_key "$scheme://$host$request_uri";
|
334
|
+
|
335
|
+
proxy_set_header Host $host;
|
336
|
+
|
337
|
+
proxy_set_header X-Real-IP $remote_addr;
|
338
|
+
|
339
|
+
proxy_set_header Remote-Addr $remote_addr;
|
340
|
+
|
341
|
+
proxy_set_header X-Forwarded-Host $host;
|
342
|
+
|
343
|
+
proxy_set_header X-Forwarded-Server $host;
|
344
|
+
|
345
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
346
|
+
|
347
|
+
proxy_set_header X-Forwarded-Proto $scheme;
|
348
|
+
|
349
|
+
proxy_set_header X-UA-Detect $mobile;
|
350
|
+
|
351
|
+
proxy_set_header Accept-Encoding "";
|
352
|
+
|
353
|
+
proxy_set_header X-UA-Detect $mobile;
|
354
|
+
|
355
|
+
proxy_set_header Accept-Encoding "";
|
356
|
+
|
357
|
+
proxy_hide_header X-Pingback;
|
358
|
+
|
359
|
+
proxy_hide_header Link;
|
360
|
+
|
361
|
+
proxy_hide_header ETag;
|
362
|
+
|
363
|
+
proxy_connect_timeout 5;
|
364
|
+
|
365
|
+
proxy_send_timeout 10;
|
366
|
+
|
367
|
+
proxy_read_timeout 90;
|
368
|
+
|
369
|
+
proxy_cache_use_stale timeout invalid_header http_500 http_502 http_503 http_504;
|
370
|
+
|
371
|
+
proxy_cache_lock on;
|
372
|
+
|
373
|
+
proxy_cache_lock_timeout 5s;
|
374
|
+
|
375
|
+
proxy_buffers 8 32k;
|
376
|
+
|
377
|
+
proxy_buffer_size 64k;
|
378
|
+
|
379
|
+
|
380
|
+
|
381
|
+
# fastcgi cache
|
382
|
+
|
383
|
+
#fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2
|
384
|
+
|
385
|
+
# keys_zone=fastcgizone:32m inactive=60m;
|
386
|
+
|
387
|
+
#fastcgi_cache_key "$scheme$request_method$host$request_uri";
|
388
|
+
|
389
|
+
#fastcgi_cache_use_stale error timeout invalid_header http_500;
|
390
|
+
|
391
|
+
|
392
|
+
|
393
|
+
#limit_req_zone $request_method zone=method:1m rate=250r/s;
|
394
|
+
|
395
|
+
|
396
|
+
|
397
|
+
upstream backend {
|
398
|
+
|
399
|
+
server unix:/var/run/nginx-backend.sock;
|
400
|
+
|
401
|
+
}
|
402
|
+
|
403
|
+
|
404
|
+
|
405
|
+
upstream phpfpm {
|
406
|
+
|
407
|
+
server unix:/var/run/php-fpm.sock;
|
408
|
+
|
409
|
+
}
|
410
|
+
|
411
|
+
|
412
|
+
|
413
|
+
include /etc/nginx/conf.d/*.conf;
|
414
|
+
|
415
|
+
}
|
416
|
+
|
417
|
+
```
|
418
|
+
|
419
|
+
|
420
|
+
|
421
|
+
|
422
|
+
|
423
|
+
**■/etc/nginx/nginx.conf**の修正
|
424
|
+
|
425
|
+
> proxy_read_timeout 90; ※90=>300に変更してみる。
|
426
|
+
|
427
|
+
|
428
|
+
|
429
|
+
pfp-fpm、nginx再起動、
|
114
430
|
|
115
431
|
念のため、ec2も再起動
|
116
432
|
|
117
433
|
|
118
434
|
|
119
|
-
###htopでサーバー確認
|
120
|
-
|
121
|
-
uptime 約15分
|
122
|
-
|
123
|
-
Cpuは、徐々に上がり始めほぼ100%
|
124
|
-
|
125
|
-
Mem 約70〜95%
|
126
|
-
|
127
|
-
Load average はどんどん溜まって30台まで
|
128
|
-
|
129
|
-
複数のphp-fpmが実行中でした。
|
130
|
-
|
131
|
-
|
132
|
-
|
133
435
|
**少し設定を変更しましたが今のところ効果はなしです。**
|
1
記事修正
test
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Nginx+Wordpress
|
1
|
+
Nginx+Wordpress、502エラーが復旧せず、nginxやphp-fpmの設定をご教授下さい
|
test
CHANGED
@@ -100,10 +100,6 @@
|
|
100
100
|
|
101
101
|
|
102
102
|
|
103
|
-
**※上記の修正追加はエラーログがずっと出るので一時元に戻しました。**
|
104
|
-
|
105
|
-
|
106
|
-
|
107
103
|
**/etc/nginx/nginx.conf**の修正
|
108
104
|
|
109
105
|
> proxy_read_timeout 90;
|
@@ -113,8 +109,6 @@
|
|
113
109
|
90=>300に変更してみる。
|
114
110
|
|
115
111
|
|
116
|
-
|
117
|
-
**※上記の修正追加はエラーログがずっと出るので一時元に戻しました。**
|
118
112
|
|
119
113
|
pfp-fpm、nginx再起動
|
120
114
|
|