我最近在 Debian 10 VPS 上安装了 Nextcloud 作为快照。我希望通过 nextcloud.mysite.com 上的反向代理使用 Apache 来提供此实例。
我有一个在端口 80 和 443 上提供服务的网站,因此我按照说明将 Nextcloud snap 的 http 端口更改为 81 sudo snap set nextcloud ports.http=81。
这使我能够按预期访问 nextcloud.mysite.com。然而,htop向我表明多个php-fpm进程正在运行,导致我的 CPU 使用率稳定在 100% 左右。这些额外的进程从何而来?为什么更改端口会导致这种情况发生?我已经验证只有当 snap 监听 81 而不是 80 时才会发生这种情况。
我不确定问题是否出在我的 Apache 站点配置、snap 实例或其他方面。
系统/包信息
$ uname -a
Linux mysite.com 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
$ snap version
snap 2.49.2
snapd 2.49.2
series 16
debian 10
kernel 4.19.0-16-amd64
$ sudo apache2 -v
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
阿帕奇站点配置
ServerName mysite.com
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<VirtualHost *:80>
ServerName mysite.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/mysite
RewriteEngine on
RewriteCond %{SERVER_NAME} =mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options: DENY
Header always set X-Content-Type-Options: nosniff
Header always set Content-Security-Policy "[...]"
<Directory /var/www/mysite>
Options -Indexes
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options: DENY
Header always set X-Content-Type-Options: nosniff
Header always set Content-Security-Policy "[...]"
<Directory /var/www/mysite>
Options -Indexes
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName nextcloud.mysite.com
Redirect Permanent / https://nextcloud.mysite.com
</VirtualHost>
<VirtualHost *:443>
ServerName nextcloud.mysite.com
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1
ProxyPass / http://127.0.0.1:81/
ProxyPassReverse / http://127.0.0.1:81/
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
</IfModule>
</VirtualHost>
SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
顶部
答案1
我的本地rclone尝试将大量新文件同步到我的 Nextcloud 实例。这些文件仅在实例可通过端口 81 访问时传输,因此一旦侦听端口更改为 80(并且无法建立连接),CPU 峰值会再次下降。