Apache 正在启动多个端口 80 和 443 侦听器,直到服务器崩溃

Apache 正在启动多个端口 80 和 443 侦听器,直到服务器崩溃

当我在 Amazon Linux 2 上启动 httpd (Apache) 服务器时,它会在端口 80 和 443 上创建大量重复的端口侦听器。每隔几分钟,它就会添加另一组侦听器。原来的80和443端口以root身份启动,其他端口以apache用户启动。基本上,如果我让它继续运行,它会不断添加侦听器,直到资源完全被淹没并且服务器速度慢得像爬行一样。运行一晚后,端口 80 上有 256 个侦听器,端口 443 上有 256 个侦听器。(服务器直到 2 天前都运行良好 - 可能在我重新启动服务器或进行基本 yum 更新时启动。但我不确定是什么否则要检查。)这是正常行为吗? (刚接触apache,我的经验主要是IIS)

我删除了所有额外的站点配置(自定义标头),但即使在重新启动 httpd 之后,我也得到:(每隔几分钟,最后两行就会重复,并将新的 pid 添加到正在运行的侦听器中)

我不知道是什么原因导致了重复的听众。但每隔几分钟就会添加更多内容。

# sudo lsof -i -P -n | grep LISTEN

rpcbind  2717      rpc    8u  IPv4  17600      0t0  TCP *:111 (LISTEN)
rpcbind  2717      rpc   11u  IPv6  17603      0t0  TCP *:111 (LISTEN)
vsftpd   3082     root    4u  IPv6  18895      0t0  TCP *:21 (LISTEN)
master   3176     root   13u  IPv4  19485      0t0  TCP 127.0.0.1:25 (LISTEN)
sshd     3339     root    3u  IPv4  20872      0t0  TCP *:22 (LISTEN)
sshd     3339     root    4u  IPv6  20874      0t0  TCP *:22 (LISTEN)
httpd    4731     root    4u  IPv6  41913      0t0  TCP *:80 (LISTEN)
httpd    4731     root    6u  IPv6  41923      0t0  TCP *:443 (LISTEN)
httpd    4732   apache    4u  IPv6  41913      0t0  TCP *:80 (LISTEN)
httpd    4732   apache    6u  IPv6  41923      0t0  TCP *:443 (LISTEN)
httpd    4733   apache    4u  IPv6  41913      0t0  TCP *:80 (LISTEN)
httpd    4733   apache    6u  IPv6  41923      0t0  TCP *:443 (LISTEN)
httpd    4734   apache    4u  IPv6  41913      0t0  TCP *:80 (LISTEN)
httpd    4734   apache    6u  IPv6  41923      0t0  TCP *:443 (LISTEN)
httpd    4735   apache    4u  IPv6  41913      0t0  TCP *:80 (LISTEN)
httpd    4735   apache    6u  IPv6  41923      0t0  TCP *:443 (LISTEN)
httpd    4736   apache    4u  IPv6  41913      0t0  TCP *:80 (LISTEN)
httpd    4736   apache    6u  IPv6  41923      0t0  TCP *:443 (LISTEN)

# ps -aux

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.4 125604  4656 ?        Ss   19:39   0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
root         2  0.0  0.0      0     0 ?        S    19:39   0:00 [kthreadd]
root         4  0.0  0.0      0     0 ?        I<   19:39   0:00 [kworker/0:0H]

... more services...

root      3764  0.0  1.4 325392 14632 ?        Ss   19:52   0:00 php-fpm: master process (/etc/php-fpm.conf)
apache    3765  0.3  7.5 463876 76388 ?        S    19:52   0:12 php-fpm: pool www
apache    3766  0.3  8.8 476208 89352 ?        S    19:52   0:10 php-fpm: pool www
apache    3767  0.7  6.2 449888 62856 ?        S    19:52   0:25 php-fpm: pool www
apache    3768  1.1  7.2 459748 72844 ?        S    19:52   0:39 php-fpm: pool www
apache    3769  0.6  8.0 468352 80712 ?        S    19:52   0:20 php-fpm: pool www
apache    3776  0.5  6.3 449896 63620 ?        S    19:52   0:18 php-fpm: pool www
apache    3828  0.4  7.8 466048 78588 ?        S    19:52   0:16 php-fpm: pool www
apache    3830  0.2  6.7 455328 67944 ?        S    19:52   0:09 php-fpm: pool www
apache    3831  0.9  7.6 463524 76724 ?        S    19:52   0:31 php-fpm: pool www
root      4396  0.0  0.0      0     0 ?        I    20:24   0:00 [kworker/0:1]
postfix   4685  0.0  0.5  81752  5672 ?        S    20:36   0:00 pickup -l -t unix -u
root      4713  0.0  0.0      0     0 ?        I    20:41   0:00 [kworker/0:2]
root      4722  0.0  0.0      0     0 ?        I    20:46   0:00 [kworker/0:0]
root      4795  0.4  1.5 278012 15268 ?        Ss   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4796  0.0  1.0 319136 10276 ?        Sl   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4797  0.0  1.0 319136 10276 ?        Sl   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4798  0.0  1.0 515816 10288 ?        Sl   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4799  0.0  1.0 319136 10276 ?        Sl   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4800  0.0  1.0 319136 10276 ?        Sl   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
ec2-user  4842  0.0  0.3 164364  3796 pts/0    R+   20:49   0:00 ps -aux

apache 和 pool 的进程不断添加...

apache    4800  0.0  1.0 319136 10276 ?        Sl   20:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3831  0.9  7.6 463524 76724 ?        S    19:52   0:31 php-fpm: pool www

即使我的所有网站配置文件从启用的站点中删除,它仍然会以这些额外的端口运行来启动。

配置:基本上是来自 amazon-linux-extras 的 Amazon LAMP - MariaDB(禁用了 maria db,并且 php 升级到了 7.4。 - 我有一个单独的 MySQL 服务器) yum 安装: php-cli php-pdo php-fpm php-json php- mysqlnd php-gd vsftpd epel certbot python2-certbot-apache php-pear-SOAP.noarch php-soap.x86_64 php-mbstring php-bcmath php-xml php-pclzip.noarch php-pecl-zip pcre-devel gcc zlib zlib-开发

#sudo apachectl -M

 Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 allowmethods_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_anon_module (shared)
 authn_core_module (shared)
 authn_dbd_module (shared)
 authn_dbm_module (shared)
 authn_file_module (shared)
 authn_socache_module (shared)
 authz_core_module (shared)
 authz_dbd_module (shared)
 authz_dbm_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_owner_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cache_module (shared)
 cache_disk_module (shared)
 cache_socache_module (shared)
 data_module (shared)
 dbd_module (shared)
 deflate_module (shared)
 dir_module (shared)
 dumpio_module (shared)
 echo_module (shared)
 env_module (shared)
 expires_module (shared)
 ext_filter_module (shared)
 filter_module (shared)
 headers_module (shared)
 include_module (shared)
 info_module (shared)
 log_config_module (shared)
 logio_module (shared)
 macro_module (shared)
 mime_magic_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 remoteip_module (shared)
 reqtimeout_module (shared)
 request_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 slotmem_plain_module (shared)
 slotmem_shm_module (shared)
 socache_dbm_module (shared)
 socache_memcache_module (shared)
 socache_shmcb_module (shared)
 status_module (shared)
 substitute_module (shared)
 suexec_module (shared)
 unique_id_module (shared)
 unixd_module (shared)
 userdir_module (shared)
 version_module (shared)
 vhost_alias_module (shared)
 watchdog_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
 lua_module (shared)
 mpm_prefork_module (shared)
 proxy_module (shared)
 lbmethod_bybusyness_module (shared)
 lbmethod_byrequests_module (shared)
 lbmethod_bytraffic_module (shared)
 lbmethod_heartbeat_module (shared)
 proxy_ajp_module (shared)
 proxy_balancer_module (shared)
 proxy_connect_module (shared)
 proxy_express_module (shared)
 proxy_fcgi_module (shared)
 proxy_fdpass_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_hcheck_module (shared)
 proxy_scgi_module (shared)
 proxy_uwsgi_module (shared)
 proxy_wstunnel_module (shared)
 ssl_module (shared)
 systemd_module (shared)
 cgi_module (shared)
 http2_module (shared)
 proxy_http2_module (shared)

httpd.conf 是默认的,但有 2 个例外:我更改了 DocumentRoot 并添加了我的站点 conf 文件的路径:

IncludeOptional sites-enabled/*.conf

最后是 /etc/php-fpm.d 下的 www.conf (我删除了这篇文章的一些评论)

; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or @php_fpm_prefix@) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache

; The address on which to accept FastCGI requests.
listen = /run/php-fpm/www.sock

; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660

; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
listen.acl_users = apache,nginx
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1

; Choose how the process manager will control the number of child processes.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 50

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The access log format.
; The following syntax is allowed
;  %%: the '%' character
;  %C: %CPU used by the request
;      it can accept the following format:
;      - %{user}C for user CPU only
;      - %{system}C for system CPU only
;      - %{total}C  for user + system CPU (default)
;  %d: time taken to serve the request
;      it can accept the following format:
;      - %{seconds}d (default)
;      - %{miliseconds}d
;      - %{mili}d
;      - %{microseconds}d
;      - %{micro}d
;  %e: an environment variable (same as $_ENV or $_SERVER)
;      it must be associated with embraces to specify the name of the env
;      variable. Some exemples:
;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
;  %f: script filename
;  %l: content-length of the request (for POST request only)
;  %m: request method
;  %M: peak of memory allocated by PHP
;      it can accept the following format:
;      - %{bytes}M (default)
;      - %{kilobytes}M
;      - %{kilo}M
;      - %{megabytes}M
;      - %{mega}M
;  %n: pool name
;  %o: output header
;      it must be associated with embraces to specify the name of the header:
;      - %{Content-Type}o
;      - %{X-Powered-By}o
;      - %{Transfert-Encoding}o
;      - ....
;  %p: PID of the child that serviced the request
;  %P: PID of the parent of the child that serviced the request
;  %q: the query string
;  %Q: the '?' character if query string exists
;  %r: the request URI (without the query string, see %q and %Q)
;  %R: remote IP address
;  %s: status (response code)
;  %t: server time the request was received
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %T: time the log has been written (the request has finished)
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot = 

; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes

; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'. 
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or @prefix@)

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set the following data paths to directories owned by the FPM process user.
;
; Do not change the ownership of existing system directories, if the process
; user does not have write permission, create dedicated directories for this
; purpose.
;
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
;php_value[opcache.file_cache]  = /var/lib/php/opcache

我发现的唯一错误信息是:

ssl_error_log

[Tue Jun 09 21:19:06.680548 2020] [proxy_fcgi:error] [pid 4877] [client ###.###.###.###:56480] AH01071: Got error 'Primary script unknown'

error_log   (repeated entries for the following)

[Tue Jun 09 20:49:20.046026 2020] [mpm_prefork:notice] [pid 4731] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jun 09 20:49:21.126867 2020] [suexec:notice] [pid 4795] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 09 20:49:21.168981 2020] [lbmethod_heartbeat:notice] [pid 4795] AH02282: No slotmem from mod_heartmonitor
[Tue Jun 09 20:49:21.169053 2020] [http2:warn] [pid 4795] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
[Tue Jun 09 20:49:21.171476 2020] [mpm_prefork:notice] [pid 4795] AH00163: Apache/2.4.43 () OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Tue Jun 09 20:49:21.171494 2020] [core:notice] [pid 4795] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

答案1

Apache 服务器通过创建子进程来处理请求。如何管理这些子进程取决于所使用的 MPM 或多处理模块。您可以使用配置指令(例如MaxRequestWorkersThreadsPerChild和 )ServerLimit来控制用于服务请求的子进程和线程的数量。请参阅阿帕奇文档有关 MPM 的更多信息。

php-fpm模块的工作方式类似。根据您显示的配置,您已设置pm = dynamicpm.max_children = 50。这允许模块一次最多有 50 个子进程来处理请求。您可以在此处找到 php-fpm 模块的配置文档:https://www.php.net/manual/en/install.fpm.configuration.php


使用该ps命令,您可以验证进程计数是否仅在指定限制之间变化。您可能还想使用不同的视图(例如-e)来突出显示每个进程的父 PID。

关于 的使用lsof,您应该知道它lsof显示打开的文件描述符。这包括套接字,但每个子进程也继承相同的文件描述符。这就是同一个套接字对应重复条目的原因。在网络/接口级别,不可能有多个进程同时绑定到同一端口号。

答案2

如果您可以确认我的逻辑,请这样做...但我想我已经弄清楚了,我不认为它正在运行多个端口 80 和 443...我认为 lsof 命令显示了不同的内容。

当我这样做时,它会显示其中之一:

sudo netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1961/rpcbind
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2705/sshd
tcp        0      0 0.0.0.0:3000            0.0.0.0:*               LISTEN      2598/node /var/www/
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2492/master
tcp6       0      0 :::111                  :::*                    LISTEN      1961/rpcbind
tcp6       0      0 :::80                   :::*                    LISTEN      2349/httpd
tcp6       0      0 :::21                   :::*                    LISTEN      2351/vsftpd
tcp6       0      0 :::22                   :::*                    LISTEN      2705/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      2349/httpd
udp        0      0 0.0.0.0:859             0.0.0.0:*                           1961/rpcbind
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2184/dhclient
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1961/rpcbind
udp        0      0 127.0.0.1:323           0.0.0.0:*                           1968/chronyd
udp6       0      0 :::859                  :::*                                1961/rpcbind
udp6       0      0 :::111                  :::*                                1961/rpcbind
udp6       0      0 ::1:323                 :::*                                1968/chronyd
udp6       0      0 fe80::1f:48ff:fe35::546 :::*                                2302/dhclient

相关内容