最近,我为我们的 Ubuntu LoCo 团队的 WordPress 博客设置了一个 Ubuntu 12.04 VPS,配备 512mb/1ghz CPU、Nginx + php-fpm + Varnish + APC + Percona 的 MySQL 服务器 + CloudFlare Pro。该博客每天的点击量约为 3~4k,使用约 180MB 和 8~20% 的 CPU。一切似乎都运行得非常快……页面加载速度非常好,比我们的任何竞争对手都快 16 倍……但有一个问题。
当我们上传图片时,WordPress 不会调整其大小,因此我们所能做的就是将完整图片插入帖子中。如果图片有 30kb,它可以调整大小……但如果图片有 100kb+,则不会……
在 nginx 错误日志中我看到以下内容:
upstream timed out (110: Connection timed out) while reading response header from upstream, client: 150.162.216.64, server: www.ubuntubrsc.com, request: "POST /wp-admin/async-upload.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.ubuntubrsc.com", referrer: "http://www.ubuntubrsc.com/wp-admin/media-upload.php?post_id=2668&"
这似乎与问题有关,但我不知道。当发生超时时,当我尝试查看帖子时,我也开始遇到这种情况:
upstream timed out (110: Connection timed out) while reading response header from upstream, client: 150.162.216.64, server: www.ubuntubrsc.com, request: "GET /tutoriais-gimp-6-adicionando-aplicando-novos-pinceis.html HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.ubuntubrsc.com", referrer: "http://www.ubuntubrsc.com/"
只需重新启动 php5-fpm 即可解决此问题。
我尝试增加一些超时和其他东西,但没有奏效,所以我猜这是我还没有想到的某种限制。有人能帮我解决吗?
/etc/nginx/nginx.conf:
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 15;
keepalive_requests 2000;
types_hash_max_size 2048;
server_tokens off;
server_name_in_redirect off;
open_file_cache max=1000 inactive=300s;
open_file_cache_valid 360s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_body_buffer_size 128K;
client_header_buffer_size 1k;
client_max_body_size 2m;
large_client_header_buffers 4 8k;
client_body_timeout 10m;
client_header_timeout 10m;
send_timeout 10m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
error_log /var/log/nginx/error.log;
access_log off;
##
# CloudFlare's IPs (uncomment when site goes live)
##
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
real_ip_header CF-Connecting-IP;
set_real_ip_from 127.0.0.1/32;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_buffers 32 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
在/etc/nginx/fastcgi_params中:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
在/etc/nginx/sites-avaiable/默认:
##
# DEFAULT HANDLER
# ubuntubrsc.com
##
server {
listen 8080;
# Make site available from main domain
server_name www.ubuntubrsc.com;
# Root directory
root /var/www;
index index.php index.html index.htm;
include /var/www/nginx.conf;
access_log off;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* ^/wp-content/uploads/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
error_page 404 = @wordpress;
log_not_found off;
location @wordpress {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (-f $request_filename) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
server {
listen 8080;
server_name ubuntubrsc.* www.ubuntubrsc.net www.ubuntubrsc.org www.ubuntubrsc.com.br www.ubuntubrsc.info www.ubuntubrsc.in;
return 301 $scheme://www.ubuntubrsc.com$request_uri;
}
/var/www/nginx.conf:
# BEGIN W3TC Minify cache
location ~ /wp-content/w3tc/min.*\.js$ {
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
}
location ~ /wp-content/w3tc/min.*\.css$ {
types {}
default_type text/css;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
}
location ~ /wp-content/w3tc/min.*js\.gzip$ {
gzip off;
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header Content-Encoding gzip;
}
location ~ /wp-content/w3tc/min.*css\.gzip$ {
gzip off;
types {}
default_type text/css;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header Content-Encoding gzip;
}
# END W3TC Minify cache
# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location ~ \.(css|js|htc)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
}
location ~ \.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
expires 3600s;
add_header Pragma "public";
add_header Cache-Control "max-age=3600, public, must-revalidate, proxy-revalidate";
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
}
# END W3TC Browser Cache
# BEGIN W3TC Minify core
rewrite ^/wp-content/w3tc/min/w3tc_rewrite_test$ /wp-content/w3tc/min/index.php?w3tc_rewrite_test=1 last;
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc .gzip;
}
if (-f $request_filename$w3tc_enc) {
rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/wp-content/w3tc/min/(.+\.(css|js))$ /wp-content/w3tc/min/index.php?file=$1 last;
# END W3TC Minify core
# BEGIN W3TC Skip 404 error handling by WordPress for static files
if (-f $request_filename) {
break;
}
if (-d $request_filename) {
break;
}
if ($request_uri ~ "(robots\.txt|sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?)") {
break;
}
if ($request_uri ~* \.(css|js|htc|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$) {
return 404;
}
# END W3TC Skip 404 error handling by WordPress for static files
# BEGIN Better WP Security
location ~ /\.ht {
deny all;
}
location ~ wp-config.php {
deny all;
}
location ~ readme.html {
deny all;
}
location ~ readme.txt {
deny all;
}
location ~ /install.php {
deny all;
}
set $susquery 0;
set $rule_2 0;
set $rule_3 0;
rewrite ^wp-includes/(.*).php /not_found last;
rewrite ^/wp-admin/includes(.*)$ /not_found last;
if ($request_method ~* "^(TRACE|DELETE|TRACK)"){
return 403;
}
set $rule_0 0;
if ($request_method ~ "POST"){
set $rule_0 1;
}
if ($uri ~ "^(.*)wp-comments-post.php*"){
set $rule_0 2$rule_0;
}
if ($http_user_agent ~ "^$"){
set $rule_0 4$rule_0;
}
if ($rule_0 = "421"){
return 403;
}
if ($args ~* "\.\./") {
set $susquery 1;
}
if ($args ~* "boot.ini") {
set $susquery 1;
}
if ($args ~* "tag=") {
set $susquery 1;
}
if ($args ~* "ftp:") {
set $susquery 1;
}
if ($args ~* "http:") {
set $susquery 1;
}
if ($args ~* "https:") {
set $susquery 1;
}
if ($args ~* "(<|%3C).*script.*(>|%3E)") {
set $susquery 1;
}
if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") {
set $susquery 1;
}
if ($args ~* "base64_encode") {
set $susquery 1;
}
if ($args ~* "(%24&x)") {
set $susquery 1;
}
if ($args ~* "(\[|\]|\(|\)|<|>|ê|\"|;|\?|\*|=$)"){
set $susquery 1;
}
if ($args ~* "("|'|<|>|\|{|||%24&x)"){
set $susquery 1;
}
if ($args ~* "(%0|%A|%B|%C|%D|%E|%F|127.0)") {
set $susquery 1;
}
if ($args ~* "(globals|encode|localhost|loopback)") {
set $susquery 1;
}
if ($args ~* "(request|select|insert|concat|union|declare)") {
set $susquery 1;
}
if ($http_cookie !~* "wordpress_logged_in_" ) {
set $susquery "${susquery}2";
set $rule_2 1;
set $rule_3 1;
}
if ($susquery = 12) {
return 403;
}
# END Better WP Security
/etc/php5/fpm/php-fpm.conf:
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
emergency_restart_threshold = 3
emergency_restart_interval = 1m
process_control_timeout = 10s
events.mechanism = epoll
/etc/php5/fpm/php.ini(仅限我更改的选项):
open_basedir ="/var/www/"
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,dl,system,shell_exec,fsockopen,parse_ini_file,passthru,popen,proc_open,proc_close,shell_exec,show_source,symlink,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec ,highlight_file,escapeshellcmd,define_syslog_variables,posix_uname,posix_getpwuid,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellarg,posix_uname,ftp_exec,ftp_connect,ftp_login,ftp_get,ftp_put,ftp_nb_fput,ftp_raw,ftp_rawlist,ini_alter,ini_restore,inject_code,syslog,openlog,define_syslog_variables,apache_setenv,mysql_pconnect,eval,phpAds_XmlRpc,phpA ds_remoteInfo,phpAds_xmlrpcEncode,phpAds_xmlrpcDecode,xmlrpc_entity_decode,fp,fput,virtual,show_source,pclose,readfile,wget
expose_php = off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
display_errors = Off
post_max_size = 2M
allow_url_fopen = off
default_socket_timeout = 60
APC设置:
[APC]
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 64M
apc.optimization = 0
apc.num_files_hint = 4096
apc.ttl = 60
apc.user_ttl = 7200
apc.gc_ttl = 0
apc.cache_by_default = 1
apc.filters = ""
apc.mmap_file_mask = "/tmp/apc.XXXXXX"
apc.slam_defense = 0
apc.file_update_protection = 2
apc.enable_cli = 0
apc.max_file_size = 10M
apc.stat = 1
apc.write_lock = 1
apc.report_autofilter = 0
apc.include_once_override = 0
apc.localcache = 0
apc.localcache.size = 512
apc.coredump_unmap = 0
apc.stat_ctime = 0
/etc/php5/fpm/pool.d/www.conf
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 3s;
pm.max_requests = 50
如果我使用 W3 Total Cache 的页面缓存(磁盘增强型),首页也会开始出现 404 错误。几天前它一直运行良好,然后,突然间,它开始出现。今晚我将禁用我的移动插件并仅激活 W3 Total Cache,看看它是否与它们冲突...
为了完成所有这些,我收到了这个错误:
PHP Warning: apc_store(): Unable to allocate memory for pool. in /var/www/wp-content/plugins/w3-total-cache/lib/W3/Cache/Apc.php on line 41
我已经修改了我的 APC 设置,但没有成功。所以...有人能帮我解决这些问题吗?
噢...如果有帮助的话,我会像这样安装 PHP:
sudo apt-get install php5-fpm php5-suhosin php-apc php5-gd php5-imagick php5-curl
还有来自官方 PPA 的 Nginx。抱歉我的英语不好,谢谢大家的时间!(:
答案1
错误表明 PHP 后端未能在合理的时间内回复。虽然您直接在 php-fpm 中没有任何限制,max_execution_time
但这max_input_time
是我的第一猜测。