proftpd 在达到一定数量的进程后锁定

proftpd 在达到一定数量的进程后锁定

我们有一个在 centos6 上运行的 proftpd 服务器(1.3.3g),当它似乎运行超过大约 150 个进程时,它会锁定并阻止任何进一步的连接。

proftpd 服务器连接到 MYSQL 来处理用户身份验证。

我已经运行了 proftpd 偏执日志并且没有发现任何故障,同时检查了安全日志中是否存在任何登录失败,也没有发现任何问题。

监控显示,在宕机期间,CPU/内存/磁盘/网络没有出现峰值,只是似乎被锁定,直到连接再次下降。该机器应该可以很好地处理超过 150 个并发用户(E3-1271v3 32GB RAM)。

PROFTPD 配置

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "PROHIBITED FTP ACCESS"
DeferWelcome                     off
#ServerType                      standalone

# Globbing
UseGlobbing off

TransferLog /var/log/ftpxferlog
UseReverseDNS off
IdentLookups off
UseFtpUsers off 
WtmpLog off
UseIPv6 off


# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts                    49152 65534

Port                            21
Umask                           022

TimeoutLogin                    120
TimeoutIdle                     300
TimeoutNoTransfer               300
TimeoutStalled                  300

# Default to show dot files in directory listings
ListOptions "-a +R" strict
# ListOptions "" maxdepth 3
# ListOptions "" maxdirs 10
ListOptions "" maxfiles 2000
AllowOverride off

# Set the user and group that the server normally runs as.
User                            www
Group                           www

# Set path locations
ScoreboardFile                  /var/run/proftpd.score
#DefaultRoot                    /data/filesroot/ftproot/pub
DefaultRoot                     /data/filesroot/ftproot

# Log formats
LogFormat                      default "%h %l %u %t \"%r\" %s %b"
#LogFormat                      anonymous "%h %l %u %t \"%r\" %s %b"
#LogFormat                      auth    "%v [%P] %h %t \"%r\" %s"
#LogFormat                      write   "%h %l %u %t \"%r\" %s %b"

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
<IfModule mod_dso.c>
   LoadModule mod_sql.c
   LoadModule mod_sql_mysql.c
   LoadModule mod_ifsession.c
</IfModule>

# Global settings
<Global>

        AuthOrder               mod_sql.c

        SQLEngine               on
        SQLAuthenticate         users groups
        SQLConnectInfo          xxx@xxx:3306 USERNAME PASSWORD
        SQLAuthTypes            Backend
        SQLUserInfo             ftpusers username passwd uid gid NULL NULL

        SQLDefaultHomedir       /data/filesroot/ftproot/

        RequireValidShell       off
        SQLGroupInfo            ftpgroups groupname gid members
        SQLDefaultGID           65533
        SQLDefaultUID           65533
        SQLMinID                350

        ServerIdent on "FTP Server ready."
        AllowOverwrite          yes
        IdentLookups            off
        DelayEngine             off

        # Logging
        # file/dir access
        #ExtendedLog            /var/log/proftpd/access.log WRITE,READ

        # Record all logins
        #ExtendedLog            /var/log/proftpd/auth.log AUTH

        # Paranoia logging level....
        #ExtendedLog            /var/log/proftpd/paranoid.log ALL
</Global>

<Limit LOGIN>
      Order allow, deny
      DenyAll
</Limit>

# Deny writing to the base server...
<Directory /data/filesroot/ftproot/pub/*>
    <Limit WRITE>
    DenyAll
    </Limit>
</Directory>

<Limit WRITE>
DenyAll
</Limit>

<Directory />
        HideNoAccess on
        <Limit WRITE>
        DenyAll
        </Limit>
</Directory>


<VirtualHost xxx.xxx.xxx.xxx>

        ServerAdmin             [email protected]
        ServerName              "FTP"

        DefaultRoot             /data/filesroot/ftproot
        SQLDefaultHomedir       /data/filesroot/ftproot/

        TransferLog             /data/logs/ftp/files/files.xferlog

        RequireValidShell       off
        AllowOverwrite          on
        AllowRetrieveRestart    on
        AllowStoreRestart       on
        MaxLoginAttempts        2
        MaxClients              2000 "Sorry, maximum users reached."
        MaxClientsPerUser       5
        MaxHostsPerUser         2

        # How quickly do we kick someone out?
        TimeoutLogin            45
        TimeoutIdle             15
        TimeoutNoTransfer       300

        # Port 21 is the standard FTP port.
        Port                    21

        # Umask 022 is a good standard umask to prevent new dirs and files
        # from being group and world writable.
        Umask                   022

        # Set the user and group that the server normally runs at.
        User                    www
        Group                   www

        # Set Anonymous access controls
        <Anonymous /data/filesroot/ftproot/pub>
                User                    www
                Group                   www
                UserAlias               anonymous www
                RequireValidShell       off
                MaxClients              1

                <Limit WRITE>
                DenyAll
                </Limit>
                # Don't write anonymous accesses to the system wtmp file (good idea!)
                WtmpLog      off
        </Anonymous>            

</VirtualHost>

对于 FTP 服务器来说,150 个并发连接似乎太少了。任何见解都将不胜感激

答案1

问题原来是数据库表是 MyISAM 而不是 InnoDB,所以当它变得繁忙时,整个表锁定会引起级联效应。将这些表更改为 INNODB 解决了问题,因为它现在只锁定行。

相关内容