[WARNING] fpm_children_bury() php-fpm问题解决方法

centos 5.3 nginx-0.8.31-1.el5 php-fpm-5.2.11
# service php-fpm start
Jan 08 10:55:22.912284 [NOTICE] fpm_unix_init_main(), line 284: getrlimit(nofile): max:1024, cur:1024
Jan 08 10:55:22.913126 [NOTICE] fpm_event_init_main(), line 88: libevent: using epoll
Jan 08 10:55:22.913404 [NOTICE] fpm_init(), line 50: fpm is running, pid 2730
Jan 08 10:55:22.918493 [NOTICE] fpm_children_make(), line 352: child 2731 (pool default) started
Jan 08 10:55:22.922118 [NOTICE] fpm_children_make(), line 352: child 2732 (pool default) started
Jan 08 10:55:22.924813 [NOTICE] fpm_children_make(), line 352: child 2734 (pool default) started
Jan 08 10:55:22.927509 [NOTICE] fpm_children_make(), line 352: child 2735 (pool default) started
Jan 08 10:55:22.929378 [NOTICE] fpm_children_make(), line 352: child 2736 (pool default) started
Jan 08 10:55:22.930268 [NOTICE] fpm_event_loop(), line 107: libevent: entering main loop

# service php-fpm stop
php-fpm.log 会出现以下问题
Jan 08 10:56:22.516549 [NOTICE] fpm_got_signal(), line 56: received SIGTERM
Jan 08 10:56:22.516620 [NOTICE] fpm_pctl(), line 256: switching to ‘terminating’ state
Jan 08 10:56:22.516666 [NOTICE] fpm_pctl_kill_all(), line 172: sending signal 15 SIGTERM to child 2736 (pool default)
Jan 08 10:56:22.516707 [NOTICE] fpm_pctl_kill_all(), line 172: sending signal 15 SIGTERM to child 2735 (pool default)
Jan 08 10:56:22.516729 [NOTICE] fpm_pctl_kill_all(), line 172: sending signal 15 SIGTERM to child 2734 (pool default)
Jan 08 10:56:22.516747 [NOTICE] fpm_pctl_kill_all(), line 172: sending signal 15 SIGTERM to child 2732 (pool default)
Jan 08 10:56:22.516765 [NOTICE] fpm_pctl_kill_all(), line 172: sending signal 15 SIGTERM to child 2731 (pool default)
Jan 08 10:56:22.516778 [NOTICE] fpm_pctl_kill_all(), line 181: 5 children are still alive
Jan 08 10:56:22.517532 [NOTICE] fpm_got_signal(), line 48: received SIGCHLD
Jan 08 10:56:22.517620 [WARNING] fpm_children_bury(), line 215: child 2736 (pool default) exited on signal 15 SIGTERM after 59.588363 seconds from start
Jan 08 10:56:22.518131 [NOTICE] fpm_got_signal(), line 48: received SIGCHLD
Jan 08 10:56:22.518195 [WARNING] fpm_children_bury(), line 215: child 2735 (pool default) exited on signal 15 SIGTERM after 59.590726 seconds from start
Jan 08 10:56:22.518906 [NOTICE] fpm_got_signal(), line 48: received SIGCHLD
Jan 08 10:56:22.518969 [WARNING] fpm_children_bury(), line 215: child 2734 (pool default) exited on signal 15 SIGTERM after 59.594192 seconds from start
Jan 08 10:56:22.519518 [NOTICE] fpm_got_signal(), line 48: received SIGCHLD
Jan 08 10:56:22.519580 [WARNING] fpm_children_bury(), line 215: child 2732 (pool default) exited on signal 15 SIGTERM after 59.597517 seconds from start
Jan 08 10:56:22.520107 [NOTICE] fpm_got_signal(), line 48: received SIGCHLD
Jan 08 10:56:22.520159 [WARNING] fpm_children_bury(), line 215: child 2731 (pool default) exited on signal 15 SIGTERM after 59.601726 seconds from start
Jan 08 10:56:22.520193 [NOTICE] fpm_pctl_exit(), line 81: exiting, bye-bye!

# vi /etc/sysctl.conf
底部添加
fs.file-max=65535
#vi /etc/security/limits.conf
加上
* soft nofile 65535
* hard nofile 65535

make: *** [sapi/cli/php] Error 1 解决办法

ext/iconv/.libs/iconv.o: In function `php_iconv_stream_filter_ctor':
/home/king/php-5.2.13/ext/iconv/iconv.c:2491: undefined reference to `libiconv_open'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1
[root@test php-5.2.13]# vim Makefile

在安裝 PHP 到系统中时要是发生「undefined reference to libiconv_open'」之类的错误信息,那表示在「./configure 」沒抓好一些环境变数值。错误发生点在建立「-o sapi/cli/php」是出错,没給到要 link 的 iconv 函式库参数。 解决方法:编辑Makefile 大约77 行左右的地方: EXTRA_LIBS = ..... -lcrypt 在最后加上 -liconv,例如: EXTRA_LIBS = ..... -lcrypt -liconv 然后重新再次 make 即可。

或者用另一种办法

make ZEND_EXTRA_LIBS='-liconv'

ln -s /usr/local/lib/libiconv.so.2 /usr/lib64/

Zend-v3.3.9 下载

3.3.9-i386
http://downloads.zend.com/optimi ... glibc23-i386.tar.gz


v3.3.9-X86
http://downloads.zend.com/optimi ... ibc23-x86_64.tar.gz

让你的php打开fsockopen函数

1.  vi  php.ini
找到 allow_url_fopen 这个参数设置成 On,即
allow_url_fopen = On

2. 让你的php支持 opensll扩展。
默认,是没有openssl扩展的,只能重新编译安装。
yum  install openssl  openssl-devel
cd  /usr/local/src/php-5.2.14/ext/openssl
/usr/local/php/bin/phpize
./configure --with-openssl --with-php-config=/usr/local/bin/php-config
make && make install
看提示,把编译成的openssl.so 拷贝到你在php.ini 中指定的 extension_dir 下

3. vi  php.ini
加入
extension=openssl.so

4. 重启web server

memcached 内存溢出

近几天,发现一个问题。网站的应用中,出现的这样的情况:
一个帖子,第一次打开正常,但刷新几次后就找不到主题,只看到回复。偶尔还会出现,“未定义操作”的错误。经检测,发现是memcached的问题,我们怀疑是memcached刷新缓存过于频繁造成。几台服务器比较,唯有php版本与memcached版本不一样。

正常服务器 php 5.2.8  memcached 1.2.4
不正常服务器 php 5.2.11 memcached 1.2.8

首先我升级了memcached版本,升级成  1.4.0 ,可结果问题依旧。所以只好降低php版本,降低为 5.2.8 ,但memcached版本还是1.4.0. 问题此时解决。

得出结论:php-5.2.11 对memcached 支持不好。不知道更高版本的php是否会解决该问题。

php-5.2.14 下载

http://cn.php.net/distributions/php-5.2.14.tar.bz2   官方站点下载

http://mylinux.5d6d.com/userdirs/c/f/mylinux/attachments/month_1102/php-5.2.14.tar.bz2  本站下载

php.ini 中的mbstring设置编码问题

今天开发的同事,遇到问题。输入中文,总是显示不出来。
他的程序编码定义为了gbk。于是想到了php.ini 的配置,打开php.ini 看到:
mbstring.internal_encoding = UTF-8
mbstring.encoding_translation = On
mbstring.http_input = UTF-8
mbstring.http_output = UTF-8
mbstring.detect_order = UTF-8

于是,把这些全部注释掉,就正常了。至于为什么正常了,暂时没有搞明白。

通过构造Hash冲突实现各种语言的拒绝服务攻击



攻击的原理很简单, 目前很多语言, 使用hash来存储k-v数据, 包括常用的来自用户的POST数据, 攻击者可以通过构造请求头, 并伴随POST大量的特殊的”k”值(根据每个语言的Hash算法不同而定制), 使得语言底层保存POST数据的Hash表因为”冲突”(碰撞)而退化成链表.

这个攻击方法危害很高, 攻击成本也很小. 一个台式机可以轻松搞垮数十台, 上百台服务器.

实例:<?php echo '<pre>';
$size = pow(2, 16); // 16 is just an example, could also be 15 or 17
$startTime = microtime(true);
$array = array();
for ($key = 0, $maxKey = ($size - 1) * $size; $key <= $maxKey; $key += $size) {

    $array[$key] = 0;

}
$endTime = microtime(true);

echo 'Inserting ', $size, ' evil elements took ', $endTime - $startTime, ' seconds', "\n";

$startTime = microtime(true);

$array = array();

for ($key = 0, $maxKey = $size - 1; $key <= $maxKey; ++$key) {

    $array[$key] = 0;

}

$endTime = microtime(true);

echo 'Inserting ', $size, ' good elements took ', $endTime - $startTime, ' seconds', "\n";
大家如果有用5.2的, 如果被此类攻击威胁, 可以打上下面的patch, PHP5.3的, 可以考虑升级到5.3.9, 已经包含了此patch(因为5.3.9目前是RC状态, 所以如果不愿意升级, 也可以参照这个patch自己为5.3写一个):

https://github.com/laruence/laru ... -5.2-max-input-vars

另外, 其他语言java, ruby等, 请各位也预先想好对策, 限制post_size是治标不治本的方法, 不过可以用来做临时解决方案.

参考文章:
http://nikic.github.com/2011/12/ ... ng-a-PHP-array.html
http://www.laruence.com/2011/12/30/2440.html

php.ini 中禁止一些函数,增加安全性

# vi /usr/local/php/etc/php.ini
        找到:
        disable_functions =
        设置为:
        passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server

Nginx中禁止访问.txt文件

location ~* \.(txt|doc)$ {
               if (-f $request_filename) {
                  root /home/domain/public_html/test;
                  break;
                  }
               }

Nginx出现413 Request Entity Too Large

处理Nginx出现的413 Request Entity Too Large错误
这个错误一般在上传文件的时候出现,打开nginx主配置文件nginx.conf,找到http{}段,添加

client_max_body_size 8m;

重新加载nginx的配置
nginx -t
kill -HUP nginx_pid

要是跑php的话这个大小client_max_body_size要和php.ini中的如下值的最大值一致或者稍大,这样就不会因为提交数据大小不一致出现的错误。
post_max_size = 8M
upload_max_filesize = 2M

重启php-cgi
killall php_cgi
php_cgi start

Nginx 的编译安装

# tar zxvf nginx-0.6.29-tar.gz
# cd nginx-0.6.29
  ./configure \
    "--prefix=/usr/local/nginx" \
    "--sbin-path=/usr/local/nginx/sbin/nginx" \
    "--conf-path=/usr/local/nginx/conf/nginx.conf" \
    "--error-log-path=/usr/local/nginx/logs/error.log" \
    "--http-log-path=/usr/local/nginx/logs/access.log" \
    "--pid-path=/usr/local/nginx/var/nginx.pid" \
    "--lock-path=/usr/local/nginx/var/nginx.lock" \
    "--http-client-body-temp-path=/dev/shm//nginx_temp/client_body" \
    "--http-proxy-temp-path=/dev/shm/nginx_temp/proxy" \
    "--http-fastcgi-temp-path=/dev/shm/nginx_temp/fastcgi" \
    "--user=www" \
    "--group=www" \
    "--with-cpu-opt=pentium4F" \
    "--without-select_module" \
    "--without-poll_module" \
    "--with-http_realip_module" \
    "--with-http_sub_module" \
    "--with-http_gzip_static_module" \
    "--with-http_stub_status_module" \
    "--without-http_ssi_module" \
    "--without-http_userid_module" \
    "--without-http_geo_module" \
    "--without-http_memcached_module" \
    "--without-http_map_module" \
    "--without-mail_pop3_module" \
    "--without-mail_imap_module" \
    "--without-mail_smtp_module" \
    "--with-pcre"
# make
# make install

# mkdir /dev/shm/nginx_temp

注:有时会因为pcre编译不过去,需要修改一下 --with-pcre=/usr/local/src/pcre-7.8,前提是已经下载了pcre源码包,并解压,不需要编译pcre。

nginx打开目录浏览功能

nginx默认是不允许列出整个目录的。如需此功能,
        打开nginx.conf文件,在location server 或 http段中加入
        autoindex on;
        另外两个参数最好也加上去:

autoindex_exact_size off;
默认为on,显示出文件的确切大小,单位是bytes。
改为off后,显示出文件的大概大小,单位是kB或者MB或者GB

        autoindex_localtime on;
      默认为off,显示的文件时间为GMT时间。
      改为on后,显示的文件时间为文件的服务器时间

详细参照:http://wiki.nginx.org/NginxChsHttpAutoindexModule

关于Nginx遇到*.php的错误页面不能跳转问题


1、最简单的重定向404页面(404.html为自定义的页面)

error_page  404  /404.html;

2、需要重定向4**  5** 的所有的页面(error.html为自定义页面)

error_page 402 403 404 500 502 503 504 /error.html;

3、需要重定向请求错误的php页面

如果是一般的文件上面的都可以解决,但是如果是PHP的,就会出no input file specified.或者是直接在浏览器输出404
需要在主配置文件nginx.conf 中 fastcgi  位置加上   fastcgi_intercept_errors on; 默认是关闭的

PS:特别注意的是404.html(自定义的文件)文件页面大小要超过512k,不然会被ie浏览器替换为ie默认的错误页面。

总结:需要将*.php的错误页面跳转的三步骤:
  1,自定义404.html或404.php的跳转页面,文件大小超过512k
  2,主配置文件nginx.conf加入fastcgi_intercept_errors on参数
  3,error_page设置,需要将哪些系统返回状态做跳转

【转帖】Nginx优化use参数epoll,kqueue,rtsig,eventport,poll

源自:www.nginx8.cn
下图对比了poll select epoll和kqueue的性能。select和poll是一个级别的,epoll和kqueue是一个级别的,相差不多。epoll用在linux上,kqueue用在bsd上,不能物理上共存。如果你的服务器cpu较好,linux内核新,可考虑用epoll.



Basically what this says is that FreeBSD's kqueue out-performs Linux's epoll by a bit.

select() and poll() are anachronisms.

As an aside, libevent rocks and I use it all the time for writing portable network code. It allows you to use the best available I/O multiplexing functionality on a given platform without having to write seperate code for all of them via a fairly coder-friendly API, and has a nice little async DNS library with it to boot.
Macro的某个机器(centos5.3,e7300)的nginx从默认的没有use设置改为use epoll后实际情况 load average: 0.14, 0.21, 0.26,负载似乎减少了0.1,可能并发请求量不大,暂时没看出有多大效果 :
Active connections: 2548 server accepts handled requests 35279765 35279765 59264847 Reading: 13 Writing: 16 Waiting: 2519   
freebsd里的kqueue和linux 2.6下的epoll
   两个东西极其相似,写好了一个之后,移到别外一个平台下,只要稍作修改就可以了,原理是一样,个人认为,从功能角度来盾kqueue比epoll灵活得多。在写kqueue的时候,内核帮你考虑好了不少东西。但是从效率来看,从我作的压力测试来看epoll比kqueue强。看看我的实验结果吧
客户端: linux ,P3,256M ,pthread多线程程序,开1万个线程,可是实际运行结果是,在linux2.4上只能打开4000多个线程的时候就报资源不足,郁闷了好久,不知道是什么资源,最大打开文件数是够了,内存也够(通过设置16k的栈空间)。后来把客户端移到linux2.6内核下,很快开出1万个线程来了。
epoll服务器端:P3,256M,在一万个并发线程下,面不改色,有条不紊地处理着数据,并发数能达到8000个连接。
kqueue 服务器端:结果比较失望,在只能一条队列的情况下,并发数只能到2000,然后在客户端的读取数据时就会出现"connect reset by peer"的错误。后来改用了两条队列,一条用来接收新连接,一条用来处理原有的连接。在这种情况下,并发数也只能到3000,然后又会陆陆续续出现连接的错误。


Nginx优化use参数epoll,kqueue,rtsig,eventport,poll和select的区别

参考:http://wiki.nginx.org/NginxOptimizations
Event ModelsNginx supports the following methods of treating the connections, which can be assigned by the use directive:
select - standard method. Compiled by default, if the current platform does not have a more effective method. You can enable or disable this module by using configuration parameters --with-select_module and --without-select_module.poll - standard method. Compiled by default, if the current platform does not have a more effective method. You can enable or disable this module by using configuration parameters --with-poll_module and --without-poll_module.kqueue - the effective method, used on FreeBSD 4.1+, OpenBSD 2.9+, NetBSD 2.0 and MacOS X. With dual-processor machines running MacOS X using kqueue can lead to kernel panic.epoll - the effective method, used on Linux 2.6+. In some distrubutions, like SuSE 8.2, there are patches for supporting epoll by kernel version 2.4.rtsig - real time signals, the executable used on Linux 2.2.19+. By default no more than 1024 POSIX realtime (queued) signals can be outstanding in the entire system. This is insufficient for highly loaded servers; it's therefore necessary to increase the queue size by using the kernel parameter /proc/sys/kernel/rtsig-max However, starting with Linux 2.6.6-mm2, this parameter is no longer available, and for each process there is a separate queue of signals, the size of which is assigned by RLIMIT_SIGPENDING. When the queue becomes overcrowded, nginx discards it and begins processing connections using the poll method until the situation normalizes./dev/poll - the effective method, used on Solaris 7 11/99+, HP/UX 11.22+ (eventport), IRIX 6.5.15+ and Tru64 UNIX 5.1A+.eventport - the effective method, utilized in Solaris 10. To avoid kernel panic, it is necessary to install this security patch.