Apache 进程过多,导致 CPU 耗尽

Apache 进程过多,导致 CPU 耗尽

我注意到我的专用服务器中有太多的 Apache 进程消耗了 CPU。

14193 (Trace) (Kill)    nobody  0     66.1  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14128 (Trace) (Kill)    nobody  0     65.9  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14136 (Trace) (Kill)    nobody  0     65.9  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14129 (Trace) (Kill)    nobody  0     65.8  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13419 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13421 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13426 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13428 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
13429 (Trace) (Kill)    nobody  0     65.7  0.0 /usr/local/apache/bin/httpd -k start -DSSL
12173 (Trace) (Kill)    nobody  0     65.5  0.0 /usr/local/apache/bin/httpd -k start -DSSL
14073 (Trace) (Kill)    nobody  0     65.5  0.0 /usr/local/apache/bin/httpd -k start -DSSL

我白天收到来自 cpanel 的高负载电子邮件通知。

来自 httpd.conf

Include "/usr/local/apache/conf/includes/pre_main_global.conf"
Include "/usr/local/apache/conf/includes/pre_main_2.conf"



LoadModule bwlimited_module modules/mod_bwlimited.so

LoadModule h264_streaming_module /usr/local/apache/modules/mod_h264_streaming.so
AddHandler h264-streaming.extensions .mp4

Include "/usr/local/apache/conf/php.conf"
Include "/usr/local/apache/conf/includes/errordocument.conf"


ErrorLog "logs/error_log"
ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
ScriptAliasMatch ^/?webmail/?$ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi

RewriteEngine on
AddType text/html .shtml

Alias /akopia /usr/local/cpanel/3rdparty/interchange/share/akopia/
Alias /bandwidth /usr/local/bandmin/htdocs/
Alias /img-sys /usr/local/cpanel/img-sys/
Alias /interchange /usr/local/cpanel/3rdparty/interchange/share/interchange/
Alias /interchange-5 /usr/local/cpanel/3rdparty/interchange/share/interchange-5/
Alias /java-sys /usr/local/cpanel/java-sys/
Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/


ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/


<Directory "/">
    AllowOverride All
    Options All
</Directory>

<Directory "/usr/local/apache/htdocs">
    Options All
    AllowOverride None
    Require all granted
</Directory>

<Files ~ "^error_log$">
    Order allow,deny
    Deny from all

    Satisfy All
</Files>

<Files ".ht*">
    Require all denied
</Files>

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    CustomLog "logs/access_log" common

    <IfModule logio_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

    </IfModule>

</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

</IfModule>

<Directory "/usr/local/apache/cgi-bin">
    AllowOverride None
    Options All
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

</IfModule>

<IfModule prefork.c>
    Mutex default mpm-accept

</IfModule>

<IfModule mod_log_config.c>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent

    CustomLog logs/access_log common

</IfModule>

<IfModule worker.c>
    Mutex default mpm-accept

</IfModule>

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#   Direct modifications to the Apache configuration file may be lost upon subsequent regeneration of the       #
#   configuration file. To have modifications retained, all modifications must be checked into the              #
#   configuration system by running:                                                                            #
#       /usr/local/cpanel/bin/apache_conf_distiller --update                                                    #
#   To see if your changes will be conserved, regenerate the Apache configuration file by running:              #
#       /usr/local/cpanel/bin/build_apache_conf                                                                 #
#   and check the configuration file for your alterations. If your changes have been ignored, then they will    #
#   need to be added directly to their respective template files.                                               #
#                                                                                                               #
#   It is also possible to add custom directives to the various "Include" files loaded by this httpd.conf       #
#   For detailed instructions on using Include files and the apache_conf_distiller with the new configuration   #
#   system refer to the documentation at: http://www.cpanel.net/support/docs/ea/ea3/customdirectives.html       #
#                                                                                                               #
#   This configuration file was built from the following templates:                                             #
#     /var/cpanel/templates/apache2/main.default                                                                #
#     /var/cpanel/templates/apache2/main.local                                                                  #
#     /var/cpanel/templates/apache2/vhost.default                                                               #
#     /var/cpanel/templates/apache2/vhost.local                                                                 #
#     /var/cpanel/templates/apache2/ssl_vhost.default                                                           #
#     /var/cpanel/templates/apache2/ssl_vhost.local                                                             #
#                                                                                                               #
#  Templates with the '.local' extension will be preferred over templates with the '.default' extension.        #
#  The only template updated by the apache_conf_distiller is main.default.                                      #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #


PidFile logs/httpd.pid
# Defined in /var/cpanel/cpanel.config: apache_port
Listen 0.0.0.0:80
User nobody
Group nobody
ExtendedStatus On
ServerAdmin [email protected]
ServerName server.powerlabel.net
LogLevel warn

# These can be set in WHM under 'Apache Global Configuration'
Timeout 300

ServerSignature On



<IfModule prefork.c>


</IfModule>







RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
Mutex file:/usr/local/apache/logs rewrite-map

<IfModule !mod_ruid2.c>
UserDir public_html
</IfModule>
<IfModule mod_ruid2.c>
UserDir disabled
</IfModule>

# DirectoryIndex is set via the WHM -> Service Configuration -> Apache Setup -> DirectoryIndex Priority
DirectoryIndex index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.php index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html

# SSLCipherSuite can be set in WHM under 'Apache Global Configuration'

SSLPassPhraseDialog  builtin

SSLUseStapling on
SSLStaplingCache shmcb:/usr/local/apache/logs/stapling_cache_shmcb(256000)
SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data_shmcb(1024000)

SSLSessionCacheTimeout  300
Mutex                   file:/usr/local/apache/logs ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



    # Defined in /var/cpanel/cpanel.config: apache_ssl_port
    Listen 0.0.0.0:443
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl


AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
AddType text/html .shtml
AddType application/x-tar .tgz
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc

<Location /whm-server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>



# SUEXEC is supported

Include "/usr/local/apache/conf/includes/pre_virtualhost_global.conf"
Include "/usr/local/apache/conf/includes/pre_virtualhost_2.conf"

什么原因造成此问题?如何解决?

答案1

在进行大规模更改之前,请尝试弄清楚此负载是否有效。

我遇到过类似的问题,机器人滥用登录页面,导致我的服务器负载过大,最终导致 OOM 杀手杀死了 apache 子进程。我开始使用 fail2ban 监控 apache 日志,以便在登录 php 脚本的 6 个 POST 请求后添加 iptables DROP 规则。负载从大约 30-40 个请求/秒下降到 2-6 个请求/秒(这是实际有效流量)

相关内容