PHP-FPM Mysterious Layer 7 flooding

Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

I know 500 max_children is too high unless you have a 128+ cpu thread/core based server to service that config ! What's the web app using php-fpm ? forum software ? cms ? wordpress ? Server hardware configuration ?

Shared networks ? where more than one mobile user users the same IP simultaneously ? Is that even possible/the norm for simultaneously having more than one user on same IP ?

Tried using ngxtop Nginx - ngxtop real time metrics for Nginx | Centmin Mod Community ? See the later posts in the trhead for more examples of usage along with Blocking bad or aggressive bots | Centmin Mod Community

Nginx 502 or 504 Bad Gateway Errors

Bad gateway 502 /504 timeouts are usually related to Nginx timing out waiting on PHP-FPM to respond as PHP-FPM is overloaded or overwhelmed with requests, so may need to tune PHP-FPM values. It also maybe due to PHP-FPM in turn being queued and backed up waiting on MariaDB MySQL server to respond - so also need to look at MySQL.

You'll need to tune your PHP-FPM settings and this is left up to end user to do but here's a thread for starters to enable php status page output outlined at PHP-FPM - CentminMod.com LEMP Nginx web stack for CentOS and PHP-FPM - pm.max_children & PHP-FPM - WARNING: [pool www] server reached max_children setting (50), consider raising it | Centmin Mod Community which outlines the official PHP-FPM config documentation as well.

Checking PHP-FPM etc logs

You'll also need to check into your PHP-FPM, Nginx and MariaDB logs which you can find as outlined at How to troubleshoot Centmin Mod initial install issues

Server logs include Nginx, PHP-FPM, MariaDB MySQL error logs as well as others. You can find your Centmin Mod install/menu logs at FAQ 7 and server logs at FAQ 19 at Centmin Mod FAQ (most up to date info in FAQ so always read that first). Spoiler tag below has info too but may not be up to date.

Some of Centmin Mod's installed software will have their own access and error logs which maybe useful for diagnosing errors or give info, notes, or warning notices.

Note: There's no support provided by me for diagnosing such errors which may occur for various reasons including misconfiguration of installed php/mysql scripts or applications.

In SSH2 telnet you can use tail command to view the last X number of lines in the file.

For example for viewing last 10 lines in the file for:

For Nginx access and error logs:

Code:

tail -10 /usr/local/nginx/logs/access.log
tail -10 /usr/local/nginx/logs/error.log

For specific domainname.com access and error log:

Code:

tail -10 /home/nginx/domains/domainname.com/log/access.log
tail -10 /home/nginx/domains/domainname.com/log/error.log

For other system error logs located at /var/log:

list /var/log files in ascending time order so the most recently modified files are at the bottom

Code:

ls -lhrt /var/log

Code:

total 2.7M
-rw------- 1 root root 0 Aug 29 15:33 tallylog
-rw------- 1 root root 0 Aug 29 15:33 spooler
drwx------ 3 root root 4.0K Aug 29 15:35 samba
drwxr-xr-x 2 root root 4.0K Aug 29 15:35 mail
-rw-r--r-- 1 root 500 0 Oct 8 18:13 dmesg.old
-rw------- 1 root 500 0 Oct 8 18:13 boot.log
-rw-r--r-- 1 root 500 0 Oct 8 18:14 dmesg
drwx------ 2 root root 4.0K Oct 8 18:14 httpd
drwxr-xr-x 2 root root 4.0K Oct 8 19:08 php-fpm
-rw-rw---- 1 mysql root 2.3K Oct 9 12:38 mysqld.log
-rw------- 1 root root 9.2K Oct 26 10:48 yum.log
-rw------- 1 root utmp 94K Nov 7 22:59 btmp
drwxr-xr-x 2 root root 4.0K Nov 8 00:00 sa
-rw------- 1 root root 269K Nov 8 21:39 messages
-rw------- 1 root root 110K Nov 8 23:08 secure
-rw-rw-r-- 1 root utmp 43K Nov 8 23:08 wtmp
-rw-r--r-- 1 root root 144K Nov 8 23:08 lastlog
-rw------- 1 root root 69K Nov 8 23:08 lfd.log
-rw------- 1 root root 332K Nov 8 23:08 maillog
-rw------- 1 root 500 1.6M Nov 8 23:10 cron

For PHP-FPM error log:

Code:

tail -10 /var/log/php-fpm/www-error.log

and/or

Code:

/var/log/php-fpm/www-php.error.log

For MySQL / MariaDB error log:

Code:

tail -10 /var/log/mysqld.log

For CSF firewall LFD log:

Code:

tail -10 /var/log/lfd.log

For Mail log:

Code:

tail -10 /var/log/maillog

For Cron job logs:

Code:

tail -10 /var/log/cron

How to edit php.ini and php-fpm configuration files ?

Centmin Mod install created command short cuts outlined here to allow you to quickly edit your /usr/local/lib/php.ini file and your /usr/local/etc/php-fpm.conf file. Full list of command shortcuts below:

• Edit php.ini = phpedit ( /usr/local/lib/php.ini )
• Edit my.cnf = mycnf ( /etc/my.cnf )
• Edit php-fpm.conf = fpmconf ( /usr/local/etc/php-fpm.conf )
• Edit nginx.conf = nginxconf ( /usr/local/nginx/conf/nginx.conf )
• Edit (nginx) virtual.conf = vhostconf - only edits /usr/local/nginx/conf/conf.d/virtual.conf not the additional vhost domain.com.conf files added later
• Edit (nginx) php.conf = phpinc ( /usr/local/nginx/conf/php.conf )
• Edit (nginx) drop.conf = dropinc ( /usr/local/nginx/conf/drop.conf )
• Edit (nginx) staticfiles.conf = statfilesinc ( /usr/local/nginx/conf/staticfiles.conf )
• nginx stop/start/restart = ngxstop/ngxstart/ngxrestart
• php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart
• mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart
• nginx + php-fpm stop/start/restart = npstop/npstart/nprestart
• memcached stop/start/restart =memcachedstop/memcachedstart/memcachedrestart
• csf stop/start/restart = csfstop/csfstart/csfrestart

Troubleshooting Tools

However, there's many linux tools and scripts that can help you figure out what was causing the load issues and when.

Tools and commands you will want to read up on and learn for basic system admin tasks and troubleshooting.

• 20 Command Line Tools to Monitor Linux Performance
• 13 Linux Performance Monitoring Tools - Part 2
• 80 Linux Monitoring Tools for SysAdmins - Server Density Blog
• Amazing ! 25 Linux Performance Monitoring Tools
• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• My mysqlmymonlite.sh script can help with that mysqlmymonlite.sh Addon | Centmin Mod Community README text file has instructions for setting up a cronjob to email you reports i.e. every 10/15min or every hour.

Notes:

• Centmin Mod already installed Glances tool. It can be invoked from SSH command glances or top2. Official Glances site at nicolargo.github.io/glances/ and documentation here.

However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out

 

take a full read of thread at Redis - How to install Redis server on Centmin Mod LEMP stack and post regarding installing Xenforo Redis Cache addons for redis caching. I am using Redis cache for my Xenforo forums here as well

Also as posted above, PHP-FPM - WARNING: [pool www] server reached max_children setting (50), consider raising it | Centmin Mod Community is relevant too - full read

 

well centmin.sh menu option 22 auto installed wordpress auto disables XMLRPC so shouldn't be affected by the ping back reflection attacks