我们有一个在 centos6 上运行的 proftpd 服务器(1.3.3g),当它似乎运行超过大约 150 个进程时,它会锁定并阻止任何进一步的连接。
proftpd 服务器连接到 MYSQL 来处理用户身份验证。
我已经运行了 proftpd 偏执日志并且没有发现任何故障,同时检查了安全日志中是否存在任何登录失败,也没有发现任何问题。
监控显示,在宕机期间,CPU/内存/磁盘/网络没有出现峰值,只是似乎被锁定,直到连接再次下降。该机器应该可以很好地处理超过 150 个并发用户(E3-1271v3 32GB RAM)。
PROFTPD 配置
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "PROHIBITED FTP ACCESS"
DeferWelcome off
#ServerType standalone
# Globbing
UseGlobbing off
TransferLog /var/log/ftpxferlog
UseReverseDNS off
IdentLookups off
UseFtpUsers off
WtmpLog off
UseIPv6 off
# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534
Port 21
Umask 022
TimeoutLogin 120
TimeoutIdle 300
TimeoutNoTransfer 300
TimeoutStalled 300
# Default to show dot files in directory listings
ListOptions "-a +R" strict
# ListOptions "" maxdepth 3
# ListOptions "" maxdirs 10
ListOptions "" maxfiles 2000
AllowOverride off
# Set the user and group that the server normally runs as.
User www
Group www
# Set path locations
ScoreboardFile /var/run/proftpd.score
#DefaultRoot /data/filesroot/ftproot/pub
DefaultRoot /data/filesroot/ftproot
# Log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
#LogFormat anonymous "%h %l %u %t \"%r\" %s %b"
#LogFormat auth "%v [%P] %h %t \"%r\" %s"
#LogFormat write "%h %l %u %t \"%r\" %s %b"
# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
<IfModule mod_dso.c>
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
LoadModule mod_ifsession.c
</IfModule>
# Global settings
<Global>
AuthOrder mod_sql.c
SQLEngine on
SQLAuthenticate users groups
SQLConnectInfo xxx@xxx:3306 USERNAME PASSWORD
SQLAuthTypes Backend
SQLUserInfo ftpusers username passwd uid gid NULL NULL
SQLDefaultHomedir /data/filesroot/ftproot/
RequireValidShell off
SQLGroupInfo ftpgroups groupname gid members
SQLDefaultGID 65533
SQLDefaultUID 65533
SQLMinID 350
ServerIdent on "FTP Server ready."
AllowOverwrite yes
IdentLookups off
DelayEngine off
# Logging
# file/dir access
#ExtendedLog /var/log/proftpd/access.log WRITE,READ
# Record all logins
#ExtendedLog /var/log/proftpd/auth.log AUTH
# Paranoia logging level....
#ExtendedLog /var/log/proftpd/paranoid.log ALL
</Global>
<Limit LOGIN>
Order allow, deny
DenyAll
</Limit>
# Deny writing to the base server...
<Directory /data/filesroot/ftproot/pub/*>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
<Directory />
HideNoAccess on
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<VirtualHost xxx.xxx.xxx.xxx>
ServerAdmin [email protected]
ServerName "FTP"
DefaultRoot /data/filesroot/ftproot
SQLDefaultHomedir /data/filesroot/ftproot/
TransferLog /data/logs/ftp/files/files.xferlog
RequireValidShell off
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
MaxLoginAttempts 2
MaxClients 2000 "Sorry, maximum users reached."
MaxClientsPerUser 5
MaxHostsPerUser 2
# How quickly do we kick someone out?
TimeoutLogin 45
TimeoutIdle 15
TimeoutNoTransfer 300
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Set the user and group that the server normally runs at.
User www
Group www
# Set Anonymous access controls
<Anonymous /data/filesroot/ftproot/pub>
User www
Group www
UserAlias anonymous www
RequireValidShell off
MaxClients 1
<Limit WRITE>
DenyAll
</Limit>
# Don't write anonymous accesses to the system wtmp file (good idea!)
WtmpLog off
</Anonymous>
</VirtualHost>
对于 FTP 服务器来说,150 个并发连接似乎太少了。任何见解都将不胜感激
答案1
问题原来是数据库表是 MyISAM 而不是 InnoDB,所以当它变得繁忙时,整个表锁定会引起级联效应。将这些表更改为 INNODB 解决了问题,因为它现在只锁定行。