Discover Centmin Mod today
Register Now

PHP-FPM PHP crashing after switching to SSL/SPDY

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by deltahf, Feb 26, 2015.

  1. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    I just finished moving my site over to SSL after following the Nginx/SSL/SPDY Centminmod guide.

    Everything appears to be working great, but I've had PHP-FPM crash on me several times within a few minutes after the switch. It just hangs, while Nginx reports 502s. The first time, I wasn't sure what triggered it, the second time, I realized it crashed when I loaded the memcache stat page. Subsequent attempts to load the memcache stat page also crash PHP-FPM, requiring the service to be restarted.

    I have checked /var/log/php-fpm/www-php.error.log, but there are no recent entries. How else can I troubleshoot this?

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    5:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    post the entire Nginx vhost domain .conf file contents for us (wrap in CODE tags) so we can see. There shouldn't be any reason for PHP-FPM to crash.
     
  3. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    Thanks for the quick response! Here it is with my domain name replaced:
    Code:
    server
    {
        listen        80;
        server_name    mydomain.net www.mydomain.net mydomain.com www.mydomain.com assets.mydomain.net;
        return         301 https://www.mydomain.net$request_uri;
    }
    
    server
    {
            listen          443 ssl spdy;
            server_name     www.mydomain.net;
        access_log      /var/log/nginx/mydomain.access.log;
            error_log       /var/log/nginx/mydomain.error.log error;
            root            /home/mydomain/public;
    
        ssl_dhparam        /usr/local/nginx/conf/ssl/mydomain/dhparam.pem;
        ssl_certificate        /usr/local/nginx/conf/ssl/mydomain/ssl-unified.crt;
        ssl_certificate_key    /usr/local/nginx/conf/ssl/mydomain/www_mydomain_net.key;
        ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout    10m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
            ssl_prefer_server_ciphers    on;
            add_header    Alternate-Protocol    443:npn-spdy/3;
            add_header    Strict-Transport-Security "max-age=31536000; includeSubdomains;";
        add_header    X-Content-Type-Options "nosniff";
        add_header    X-Frame-Options DENY;
        spdy_headers_comp    0;
        ssl_buffer_size        4k;
       
        resolver        8.8.8.8;
        ssl_stapling        on;
        ssl_stapling_verify    on;
        ssl_trusted_certificate    /usr/local/nginx/conf/ssl/mydomain/ssl-trusted.crt;
    
            location /
            {
                    try_files       $uri $uri/ /index.php?$uri&$args;
    
                    # block spiders
            if ($http_user_agent ~* (baidu|yandex|ahref|seomoz|exabot|majestic12|ezooms|boardreader|mail.ru))
                    {
                            return 403;
                    }
    
        }
    
            location /forums
            {
                    rewrite ^ /forum/ permanent;
            }
    
            location /premium
            {
                    rewrite ^ /forum/account/upgrades permanent;
            }
    
        location /guides
            {
                    # specific old game pages
                    rewrite ~*^/guides/index.php/games([0-9])(.*)$ /library/games-$1/ permanent;
    
                    # catch all other requests to the guides directory
                    rewrite ~*^/guides(.*)$ /library/ permanent;
            }
    
        #### XENFORO  ####
        location /forum
            {
                    # friendly urls
                    try_files $uri $uri/ /forum/index.php?$uri&$args;
            }
        location /forum/internal_data
        {
            internal;
        }
        location /forum/library
        {
            internal;
        }
    
        #############################
        #### PRIVATE DIRECTORIES ####
        ############################# # protects WordPress admin
        location ~* /wp-login.php
        {
            auth_basic        "Restricted";
            auth_basic_user_file    /home/mydomain/htpasswd-xf;
    
            include /usr/local/nginx/conf/php.conf;
        }
    
        # protect XenForo public login
        location ~* /forum/admin.php
        {
            auth_basic        "Restricted";
            auth_basic_user_file    /home/mydomain/htpasswd-xf;
    
            include    /usr/local/nginx/conf/php.conf;
        }
    
        # protects the book manager's php files
        location ^~ /misc/bookmanager
        {
            # authentication code
            auth_basic        "Restricted";
            auth_basic_user_file    /home/mydomain/htpasswd-bookmanager;
    
            include /usr/local/nginx/conf/php.conf;
        }
    
    
        #####################
        #### MAINTENANCE ####
        #####################
        error_page      503     /maintenance/503.htm;
    
        location = /maintenance/503.htm
        {
            internal;
        }
    
        location ^~ /blocktest/
        {
            error_page 403 =503 /maintenance/503.htm;
            allow 10.0.0.1;
            deny all;
       
            include /usr/local/nginx/conf/php.conf;
        }
    
    
        #####################
        #### DEVELOPMENT ####
        #####################
    
        #### PROTECTED DEV DIRECTORY ####
        location ^~ /misc/dev
        {
            # protected with primary password file
            auth_basic        "Restricted";
            auth_basic_user_file    /home/mydomain/htpasswd-xf;
           
            # required for PHP to work in protected directory
            include /usr/local/nginx/conf/php.conf;
        }
    
         
        #### ESSENTIAL INCLUDES ####
            include /usr/local/nginx/conf/staticfiles.conf;
            include /usr/local/nginx/conf/php.conf;
            include /usr/local/nginx/conf/drop.conf;
        include /usr/local/nginx/conf/phpstatus.conf;
    }
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    5:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    Thanks for the tip, I will change spdy_header_comp now. I haven't enabled the status page but will also set that up and share the stats here.

    It just crashed again twice on me, still no errors. One time, though, I noticed it was triggered when I "previewed" a new blog post in WordPress, so it might have something in common with memcache.php.

    Is there any way I can get some more descriptive error logs?
     
  6. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    Here's the phpstatus:
    Code:
    pool: www
    process manager: static
    start time: 26/Feb/2015:08:35:20 +0000
    start since: 2002
    accepted conn: 35357
    listen queue: 0
    max listen queue: 78
    listen queue len: 128
    idle processes: 6
    active processes: 2
    total processes: 8
    max active processes: 8
    max children reached: 0
    slow requests: 0
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    5:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    for more descriptive logs you could change /usr/local/etc/php-fpm.conf error log level from warning to debug. But to be frank, would be up to you to diagnose, as I only provide Centmin Mod as is. Other members of course are free to help out :)

    Code:
                                                                              
    ; Log level
    ; Possible Values: alert, error, warning, notice, debug
    ; Default Value: notice
    log_level = warning
    change to

    Code:
    log_level = debug
    restart PHP-FPM after editing /usr/local/etc/php-fpm.conf
     
  8. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    Thanks for the tip, I changed it and restarted.

    Oddly enough, now I am able to view memcache stats and preview WordPress posts without PHP-FPM crashing... Hmmm...

    I'm happy, but afraid to go to bed! Let's hope it holds out through the night. :confused:
     
  9. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    Well, the server was up and down like a yo-yo all night. Despite logging set to debug, there were still no useful errors recorded in the PHP-FPM error log.

    However, thanks to NewRelic, I was able to find correlation between the crashes and long delays loading external resources through XenForo's image proxy. I've had problems with the XF image proxy before, and I've always noticed it has been having trouble, but it seems the SSL transition is causing serious problems.

    My forum is very high traffic and very image heavy, so I'm still not quite sure if the XF image proxy is up to the task. Really not sure what to do now, I will try out the XF support forums.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    5:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  11. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
  12. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    5:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You changed from static to dynamic pm ? as only max_children and max_requests apply to static pm. The other settings are for dynamic pm only. You can check your status via phpstatus output
     
  13. deltahf

    deltahf Premium Member Premium Member

    583
    264
    63
    Jun 8, 2014
    Ratings:
    +484
    Local Time:
    2:18 AM
    No, it's still static...I just didn't think about the fact the other settings would not apply and changed everything. :ROFLMAO:

    Current phpstatus:
    Code:
    pool: www
    process manager: static
    start time: 26/Feb/2015:21:02:05 +0000
    start since: 33391
    accepted conn: 527796
    listen queue: 0
    max listen queue: 129
    listen queue len: 128
    idle processes: 14
    active processes: 2
    total processes: 16
    max active processes: 16
    max children reached: 0
    slow requests: 0
     
  14. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    3:18 PM
    Mainline
    10.2
    @deltahf How many CPU core do you have on your server?
     
  15. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    3:18 PM
    Mainline
    10.2
    Use this config:
    Code:
    pm = dynamic
    pm.max_children = 16
    pm.start_servers = 6
    pm.min_spare_servers = 2
    pm.max_spare_servers = 10
    pm.max_requests = 500