突然,今天上午10点左右,Nginx的活跃客户端请求数量急剧增加。
http://gyazo.com/a34263e00065b2c52d03b0c295b5cfa3
随着活动请求的增加,服务器的cpu使用率也会增加,并返回错误的响应。
http://gyazo.com/28ff3e4cfe73ebbc76eb74f225d91d3d
请教我在我的环境中发生了什么。
我的环境很低:
亚马逊ELB<->Nginx(版本1.4.3)<->php fpm(5.4.23版)<->WordPress(版本3.9.2)<->MySQL(第5.5.31版)
/etc/nginx/conf.d/default.conf:
server {
listen 80 default;
server_name example.com;
root /var/www/vhosts/example;
index index.html index.htm;
charset utf-8;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
include /etc/nginx/drop;
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
set $mobile '';
location ~* ^/wp-(content|admin|includes) {
index index.php index.html index.htm;
if ($request_filename ~ .*'.php) {
break;
proxy_pass http://backend;
}
include /etc/nginx/expires;
}
location / {
if ($request_filename ~ .*'.php) {
break;
proxy_pass http://backend;
}
include /etc/nginx/expires;
set $do_not_cache 0;
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}
if ($request_method = POST) {
set $do_not_cache 1;
}
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_redirect off;
proxy_cache czone;
proxy_cache_key "$scheme://$host$request_uri$mobile";
proxy_cache_valid 200 0m;
proxy_pass http://backend;
}
}
server {
listen unix:/var/run/nginx-backend.sock default;
server_name _;
root /var/www/vhosts/example;
index index.php index.html index.htm;
access_log /var/log/nginx/backend.access.log backend;
keepalive_timeout 25;
port_in_redirect off;
gzip off;
gzip_vary off;
include /etc/nginx/wp-multisite-subdir;
}
/etc/php-fpm.d/www.conf:
[www]
listen = /var/run/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
user = nginx
group = nginx
pm = dynamic
pm.max_children = 15
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 4
pm.max_requests = 200
rlimit_files = 131072
rlimit_core = unlimited
request_terminate_timeout = 90
request_slowlog_timeout = 60
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[upload_max_filesize] = 64M
php_admin_value[post_max_size] = 64M
php_admin_value[max_execution_time] = 60
服务器规格:
$ uname -a
Linux ip-172-31-1-34 3.4.82-69.112.amzn1.x86_64 #1 SMP Mon Feb 24 16:31:21 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/system-release
Amazon Linux AMI release 2013.09
它似乎得到了更多的点击,这可能是由搜索引擎抓取你的网站或潜在的攻击引起的。值得查看日志文件,看看访问量是否急剧增加,以及哪些文件正在被访问。
如果这是一种攻击,那么值得研究fail2ban之类的东西来自动阻止任何不可靠的连接。你还应该确保WordPress和插件保持最新的安全补丁(你说你使用的是v3.9.2,而v4可用)