Tag Archives: server

Hardware and OS

继续说Apache的优化

2009/05/23 – 11:49 PM

经过了前面一段时间的探索,我们对ApacheMySql的性能调优有了个初步的认识,我本来以为问题到这里应该就解决了,但是运行了十几天后,还是出现了负载达到50+的情况。于是,网站又挂了。

分析access.log与之前并无不同,被盗链的请求还是很多,不过这些都被302重定向了啊,死活想不到办法,一度怀疑是不是因为302或者404的错误日志过多的引起的IO问题导致服务器资源紧张。

除此之外,还是有个现象引起了注意,每次挂掉的不是Apache,而是数据库。为什么盗链会引起数据库问题,这显然无法解释。

不绕圈子了,最后发现的问题,就是为了防盗链而特意写的Rewrite。原本的rewrite是这样的,对于盗链的资源,重定向到首页。

这看起来没有问题,可是瞬间请求数百次到首页,然后运行脚本,执行数据库查询……

还有一点,返回的是302,这就意味着搜索引擎和下载工具会认为资源是存在的,不会停止响应。

所以,最终的解决方案。重定向所有盗链的资源到一个静态LOGO,同时,设定返回Code为403.

整个世界清净了。

Tags , , , , , | Permalink | Comment (0)
Hardware and OS

Linux编译PHP问题整理

2009/04/26 – 11:13 PM

对于Linux我是个新手,更希望使用Debain的Apt的库解决。没办法用了Red Hat,虽然最终装了Apt但是库包实在太少,无奈之下,只好手工编译。

遇到的问题其实主要原因有两个:一个是RHEL所带的包不能满足要求;还有一个就是Make安装的设置不正确。

关于Make,这里有篇文章简单易懂《Linux编译套件》。

Linux默认安装目录

一般情况下GNU规范的构建都会安装到 /usr/local目录下。但是很多系统服务组件,习惯于到 /usr目录下,这时候,我们就需要设置路径参数。如

./configure –prefix=/usr

错误举例

ext/iconv/iconv.o: In function `_php_iconv_mime_encode':
/home/ryan/php-5.2.9/ext/iconv/iconv.c:1043: undefined reference to `libiconv_open'

http://ru2.php.net/manual/en/ref.iconv.php#23700

错误原因:PHP构建参数不正确,应当根据安装iconv时配置设定,如: ‘–with-iconv=/usr’

./configure ‘–with-iconv=/usr’

配置检查失败:需要下载对应的软件包

正确的构建顺序

  1. wget phpXX.gz
  2. 解压缩程序
  3. 进入目录,执行 ./configure {其他参数}
  4. 发现错误:通常需要下载和安装对应组件包,安装成功后重复3
  5. 没有错误:执行 make clean
  6. 执行 make
  7. 发现错误:通常需要下载和安装对应组件包,安装成功后重复5
  8. 执行 make install

以下为参考的样例安装配置

配置Apache2

./configure --prefix=/usr/local/apache
	--enable-so
	--enable-cgi
	--enable-info
	--enable-rewrite
	--enable-speling
	--enable-usertrack
	--enable-deflate
	--enable-ssl
	--enable-mime-magic

配置PHP

./configure ‘–with-apxs2=/usr/local/apache2/bin/apxs’ ‘–build=i686-redhat-linux-gnu’ ‘–host=i686-redhat-linux-gnu’ ‘–target=i386-redhat-linux-gnu’ ‘–program-prefix=’ ‘–prefix=/usr’ ‘–exec-prefix=/usr’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–sysconfdir=/etc’ ‘–datadir=/usr/share’ ‘–includedir=/usr/include’ ‘–libdir=/usr/lib’ ‘–libexecdir=/usr/libexec’ ‘–localstatedir=/var’ ‘–sharedstatedir=/usr/com’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–cache-file=../config.cache’ ‘–with-libdir=lib’ ‘–with-config-file-path=/etc’ ‘–with-config-file-scan-dir=/etc/php.d’ ‘–disable-debug’ ‘–with-pic’ ‘–disable-rpath’ ‘–without-pear’ ‘–with-bz2′ ‘–with-curl’ ‘–with-exec-dir=/usr/bin’ ‘–with-freetype-dir=/usr’ ‘–with-png-dir=/usr’ ‘–enable-gd-native-ttf’ ‘–without-gdbm’ ‘–with-gettext’ ‘–with-gmp’ ‘–with-iconv=/usr’ ‘–with-jpeg-dir=/usr’ ‘–with-png’ ‘–with-expat-dir=/usr’ ‘–with-pcre-regex=/usr’ ‘–with-zlib’ ‘–with-layout=GNU’ ‘–enable-exif”–enable-magic-quotes’ ‘–enable-sockets’ ‘–enable-sysvsem’ ‘–enable-sysvshm’ ‘–enable-sysvmsg’ ‘–enable-track-vars’ ‘–enable-trans-sid’ ‘–enable-yp’ ‘–enable-wddx’ ‘–with-kerberos’ ‘–enable-ucd-snmp-hack’ ‘–enable-memory-limit’ ‘–enable-shmop’ ‘–enable-calendar’ ‘–enable-dbx’ ‘–enable-dio’ ‘–enable-so’ ‘–with-mime-magic=/usr/share/file/magic.mime’ ‘–without-sqlite’ ‘–with-libxml-dir=/usr’ ‘–with-xml’ ‘–with-system-tzdata’ ‘–enable-force-cgi-redirect’ ‘–enable-pcntl’ ‘–enable-mbstring=shared’ ‘–enable-mbstr-enc-trans’ ‘–enable-mbregex’ ‘–with-ncurses=shared’ ‘–with-gd=shared’ ‘–enable-bcmath=shared’ ‘–enable-dba=shared’ ‘–with-db4=/usr’ ‘–with-xmlrpc=shared’ ‘–with-mysql=/usr/bin/mysql_config’ ‘–with-mysqli=/usr/bin/mysql_config’ ‘–enable-dom=shared’ ‘–with-dom-xslt=/usr’ ‘–with-dom-exslt=/usr’ ‘–enable-soap=shared’ ‘–with-xsl=shared,/usr’ ‘–enable-xmlreader=shared’ ‘–enable-xmlwriter=shared’ ‘–enable-fastcgi’

Tags , , , , | Permalink | Comments (2)
Hardware and OS

Apache性能调优

2009/04/26 – 4:36 AM

说来不好意思,服务器的性能一直都是个大问题,访问量不大,却经常死机。

调优了很多次,也没什么效果。

晚上加晚班,现在无事,又搜索了一番,修改了下,这下貌似有效果了,分享如下。

问题描述

RHL Linux 5.0 + Apache Httpd 2.2 + Mysql5.0 + PHP 5.0 环境

问题描述:服务器运行若干时间后,会无法响应请求,分析日志文件和进程,有如下情况

  1. 大量的404错误:盗链和后续处理有关
  2. 一些比较奇怪的Apache程序异常
    [Sat Apr 25 02:06:40 2009] [notice] child pid 5534 exit signal Floating point exception (8)
    [Sat Apr 25 02:06:41 2009] [notice] child pid 5499 exit signal Floating point exception (8)
    [Sat Apr 25 02:06:41 2009] [notice] child pid 5527 exit signal Floating point exception (8)
    ………
    强制重启进程时还有*** glibc detected *** /usr/sbin/httpd: free(): invalid pointer: 0×00359170 ***
    *** glibc detected *** /usr/sbin/httpd: free(): invalid pointer: 0×00359170 ***
  3. 系统负载平衡很高,甚至达到60
  4. CPU使用很高,物理内存使用达到90%,交换内存也将近满了
  5. 有大量的Apache Httpd进程,且多为Sleeping状态

原因分析

常见的引起服务器不稳定的原因:

  1. 程序问题引起的内存泄漏
  2. 不恰当的配置导致资源死锁

关于Apache Httpd的调优,有很多说法,不过个人推荐两篇文章,应该是通俗易懂的,呃,E文

Open Source: Configuring Apache – Don’t Succumb To The “Slashdot Effect” http://blogcritics.org/archives/2006/01/27/175740.php

Tuning Apache, part 1 http://virtualthreads.blogspot.com/2006_01_01_archive.html

还有有中文的

Apache Prefork和Worker模式性能比较

http://www.5dlinux.com/article/9/2009/linux_29722.html

官方文档的中文翻译 性能方面的提示

http://lamp.linux.gov.cn/Apache/ApacheMenu/misc/perf-tuning.html

说说对上面两个问题的方案。

内存泄漏。程序哪里错了,不好说,得跟踪定位,每个系统都有内存跟踪的工具,除此之外还要分析日志,可以通过Apache的日志配置来跟踪脚本运行的时间,找出可能的元凶。

除此之外,还有个很土的办法:定时重启。实在没招了可以参考。

服务器的配置么,那更有说法了。Apache httpd默认是Prefork模式(参考上面),这里就是论事的介绍几个参数:事实上我只是简单摘译一下上面的某篇文章,后面的设置是作者的推荐值,中文里面是我的推荐

  • MaxKeepAliveRequests 0 The KeepAlive directive in httpd.conf allows persistent connections to the web server, so that new connection does not have to be initiated for each request. Setting the MaxKeepAliveRequests directive to 0 enables unlimited number of requests per connection, which makes sense if you think about it. Why allow persistent connections but then terminate them after a short period of time?
  • 最大保持连接请求数:0 – 无限制。保持连接意味着不必为同一客户端的多次请求重新释放和分配资源,也意味着这些资源不会马上释放。这在现在这个Ajax漫天飞,外加无数图片和JS的时代很重要,但是如果控制不好资源的保持与释放,就意味着系统资源的耗尽。不过这里只是能复用的请求数,无限就好了。
  • KeepAliveTimeout 15
    Because persistent connections are allowed, it is important that they are not kept open indefinitely. This directive will close the connection after 15 seconds of inactivity.
  • 保持连接超时 3 秒
    如果连接请求无活动,就有必要关掉它,默认15秒太长了点,3秒钟就够了。
  • MinSpareServers 15
    This is the minimum number of spare servers you want running at any given time. This way, if multiple simultaneous requests are received there will already be child processes running to handle them. Setting this number too high is a waste of system resources and setting it too low will cause the system to slow down.
  • MaxSpareServers 65
    Same as above, but the maximum child processes running at any given time.
  • StartServers 15
    This is the number of servers Apache will start initially. As more servers handle requests a minimum of 15 spare servers will run up to the maximum of 64.
  • 上面这三个参数放在一起说:其实就是Apache用于响应用户的子进程,一般一个子进程消耗20M左右内存,上面三个数字可以控制子进程的数量。于是根据可用的系统资源,就可以计算出个合理的取值了。
  • MaxClients 500
    This is the maximum number of simultaneous clients that can connect to the server at any given time. Setting this number too low will result in users being locked out of the server under normal traffic situations and setting it too high will result in your server being so overloaded that all the requests timeout anyway. I think 500 is about right for most people’s needs.
  • 最大客户端,其实就是并发处理量,这也要根据情况来配置,太大会导致服务器崩溃,太小会导致请求排队,响应缓慢。
  • MaxRequestsPerChild 100000
    Sets the maximum number of requests each child process will handle. This is mostly to prevent memory leaks and other mishaps but is important nonetheless. Setting this too low will cause a large portion of child processes to end for no real reason, thus slowing down the site. This could be set to 0 (unlimited) but that would negate any protection from valid issues like memory leaks.
  • 每个子进程可以处理的最多请求。做限制的好处就是,如果某个程序内存泄漏,那么一段时间后就可以把它释放掉。限制小会导致频繁创建进程,拖慢系统。
  • HostnameLookups off
    This prevents DNS lookups of all the visitors to the site, I am pretty sure it’s off by default. If it’s on in your httpd.conf I would recommend turning it off.这没啥好说的

默认的配置

<IfModule prefork.c>

ServerLimit 10000
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 10000
MaxRequestsPerChild 0
</IfModule>

这个默认配置的缺点就是不能防止内存泄漏,结合KeepAlive的设置,占用过多资源。

KeepAlive on
KeepAliveTimeout 2
MaxKeepAliveRequests 0
MaxClients 150
MinSpareServers 5
MaxSpareServers 12
StartServers 5
MaxRequestsPerChild 100000

较短的保持连接释放,有利于应对无效的盗链请求。

客户端限制用于保护服务器正常运行。

实验继续进行中,本文将不定期更新。

Tags , , , , | Permalink | Comment (0)