Назад | Перейти на главную страницу

Слишком много процессов apache, убивая процессор

Я заметил, что слишком много процессов apache убивают процессор на моем выделенном сервере.

14193 (Trace) (Kill)    nobody  0     66.1  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14128 (Trace) (Kill)    nobody  0     65.9  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14136 (Trace) (Kill)    nobody  0     65.9  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14129 (Trace) (Kill)    nobody  0     65.8  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13419 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13421 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13426 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13428 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13429 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
12173 (Trace) (Kill)    nobody  0     65.5  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14073 (Trace) (Kill)    nobody  0     65.5  0.0 /usr/local/apache/bin/httpd -k start -DSSL

Я получаю уведомление по электронной почте от cpanel в течение дня.

С httpd.conf

Include "/usr/local/apache/conf/includes/pre_main_global.conf"
Include "/usr/local/apache/conf/includes/pre_main_2.conf"



LoadModule bwlimited_module modules/mod_bwlimited.so

LoadModule h264_streaming_module /usr/local/apache/modules/mod_h264_streaming.so
AddHandler h264-streaming.extensions .mp4

Include "/usr/local/apache/conf/php.conf"
Include "/usr/local/apache/conf/includes/errordocument.conf"


ErrorLog "logs/error_log"
ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
ScriptAliasMatch ^/?webmail/?$ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi

RewriteEngine on
AddType text/html .shtml

Alias /akopia /usr/local/cpanel/3rdparty/interchange/share/akopia/
Alias /bandwidth /usr/local/bandmin/htdocs/
Alias /img-sys /usr/local/cpanel/img-sys/
Alias /interchange /usr/local/cpanel/3rdparty/interchange/share/interchange/
Alias /interchange-5 /usr/local/cpanel/3rdparty/interchange/share/interchange-5/
Alias /java-sys /usr/local/cpanel/java-sys/
Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/


ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/


<Directory "/">
    AllowOverride All
    Options All
</Directory>

<Directory "/usr/local/apache/htdocs">
    Options All
    AllowOverride None
    Require all granted
</Directory>

<Files ~ "^error_log$">
    Order allow,deny
    Deny from all

    Satisfy All
</Files>

<Files ".ht*">
    Require all denied
</Files>

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    CustomLog "logs/access_log" common

    <IfModule logio_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

    </IfModule>

</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

</IfModule>

<Directory "/usr/local/apache/cgi-bin">
    AllowOverride None
    Options All
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

</IfModule>

<IfModule prefork.c>
    Mutex default mpm-accept

</IfModule>

<IfModule mod_log_config.c>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent

    CustomLog logs/access_log common

</IfModule>

<IfModule worker.c>
    Mutex default mpm-accept

</IfModule>

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#   Direct modifications to the Apache configuration file may be lost upon subsequent regeneration of the       #
#   configuration file. To have modifications retained, all modifications must be checked into the              #
#   configuration system by running:                                                                            #
#       /usr/local/cpanel/bin/apache_conf_distiller --update                                                    #
#   To see if your changes will be conserved, regenerate the Apache configuration file by running:              #
#       /usr/local/cpanel/bin/build_apache_conf                                                                 #
#   and check the configuration file for your alterations. If your changes have been ignored, then they will    #
#   need to be added directly to their respective template files.                                               #
#                                                                                                               #
#   It is also possible to add custom directives to the various "Include" files loaded by this httpd.conf       #
#   For detailed instructions on using Include files and the apache_conf_distiller with the new configuration   #
#   system refer to the documentation at: http://www.cpanel.net/support/docs/ea/ea3/customdirectives.html       #
#                                                                                                               #
#   This configuration file was built from the following templates:                                             #
#     /var/cpanel/templates/apache2/main.default                                                                #
#     /var/cpanel/templates/apache2/main.local                                                                  #
#     /var/cpanel/templates/apache2/vhost.default                                                               #
#     /var/cpanel/templates/apache2/vhost.local                                                                 #
#     /var/cpanel/templates/apache2/ssl_vhost.default                                                           #
#     /var/cpanel/templates/apache2/ssl_vhost.local                                                             #
#                                                                                                               #
#  Templates with the '.local' extension will be preferred over templates with the '.default' extension.        #
#  The only template updated by the apache_conf_distiller is main.default.                                      #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #


PidFile logs/httpd.pid
# Defined in /var/cpanel/cpanel.config: apache_port
Listen 0.0.0.0:80
User nobody
Group nobody
ExtendedStatus On
ServerAdmin utkudalmaz@gmail.com
ServerName server.powerlabel.net
LogLevel warn

# These can be set in WHM under 'Apache Global Configuration'
Timeout 300

ServerSignature On



<IfModule prefork.c>


</IfModule>







RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
Mutex file:/usr/local/apache/logs rewrite-map

<IfModule !mod_ruid2.c>
UserDir public_html
</IfModule>
<IfModule mod_ruid2.c>
UserDir disabled
</IfModule>

# DirectoryIndex is set via the WHM -> Service Configuration -> Apache Setup -> DirectoryIndex Priority
DirectoryIndex index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.php index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html

# SSLCipherSuite can be set in WHM under 'Apache Global Configuration'

SSLPassPhraseDialog  builtin

SSLUseStapling on
SSLStaplingCache shmcb:/usr/local/apache/logs/stapling_cache_shmcb(256000)
SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data_shmcb(1024000)

SSLSessionCacheTimeout  300
Mutex                   file:/usr/local/apache/logs ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



    # Defined in /var/cpanel/cpanel.config: apache_ssl_port
    Listen 0.0.0.0:443
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl


AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
AddType text/html .shtml
AddType application/x-tar .tgz
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc

<Location /whm-server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>



# SUEXEC is supported

Include "/usr/local/apache/conf/includes/pre_virtualhost_global.conf"
Include "/usr/local/apache/conf/includes/pre_virtualhost_2.conf"

Что может вызвать это и как это исправить?

Прежде чем вносить массовые изменения, попробуйте выяснить, допустима ли эта нагрузка.

У меня была аналогичная проблема, когда боты злоупотребляли страницей входа в систему, вызывая нагрузку на мой сервер и, в конечном итоге, убийца OOM убивал детей apache. Я начал отслеживать журнал apache с помощью fail2ban, чтобы добавить правило DROP iptables после 6 запросов POST в php-скрипте входа в систему. Нагрузка упала с 30-40 запросов в секунду до 2-6 запросов в секунду (что было фактическим допустимым трафиком).