Welcome! Log In Create A New Profile

Advanced

Puzzling Log messages talking to php-fpm

Nikolaos Milas
December 01, 2020 04:22PM
Hello,

To start with, I am not an nginx geek, so please be patient with me!

We have a server (real name substituted by mapserver.example.com)
running nginx 1.18.0 on CentOS 7 with php-fpm listening on port 9001.

The server is only serving a maps application. The application is mainly
called by another server (real name substituted with
mainapplication.example.com) which displays the maps app through an iframe.

Although I cannot see any disruptions in service of mapserver (all my
requests appear successful), I constantly see in the logs, pairs of the
following error (I post here two examples: one with an IPv6 client and
one with an IPv4 client):

2020/12/01 20:45:42 [error] 32515#32515: *314521 connect() failed (111:
Connection refused) while connecting to upstream, client:
2a02:587:da23:700:[last_4_parts_removed], server: mapserver.example.com,
request: "GET /data/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001", host:
"mapserver.example.com", referrer: "http://mapserver.example.com/index/en/1"
2020/12/01 20:45:42 [warn] 32515#32515: *314521 upstream server
temporarily disabled while connecting to upstream, client:
2a02:587:da23:700:[last_4_parts_removed], server: mapserver.example.com,
request: "GET /data/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001", host:
"mapserver.example.com", referrer: "http://mapserver.example.com/index/en/1"

2020/12/01 20:46:15 [error] 32516#32516: *314532 connect() failed (111:
Connection refused) while connecting to upstream, client:
::ffff:193.140.[last_2_octets_removed], server: mapserver.example.com,
request: "GET /index/en/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001",
host: "mapserver.example.com", referrer:
"http://mainapplication.example.com"
2020/12/01 20:46:15 [warn] 32516#32516: *314532 upstream server
temporarily disabled while connecting to upstream, client:
::ffff:193.140.[last_2_octets_removed], server: mapserver.example.com,
request: "GET /index/en/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001",
host: "mapserver.example.com", referrer:
"http://mainapplication.example.com"

My tests show that my own client IP address is logged among these
errors, even though I can't see a denial of service.

So, I have reached to the conclusion that probably all requests to nginx
(despite that they are successful) trigger the above logging.

My questions:

- What do the above errors mean? Could they indicate some temporary
"denial of service" by php-fpm, which in the end responds successfully
so the client does not notice anything except perhaps some slower than
expected response? Or it may just be an indication of long response time
to complete the reply by php-fpm, so that nginx logs it as an error?

- Would these log messages provide a hint to another problem, based on
your experience?

- Should I troubleshoot the issue more and, if so, how?

- Any config suggestions to help resolve the issue?

Nginx and php-fpm configs follow for your reference. (Any "side
suggestions" on these will be welcome!)

I appreciate your help!

Also:

==============================================================================
nginx_status:
==============================================================================
Active connections: 1
server accepts handled requests
 161566 161566 310064
Reading: 0 Writing: 1 Waiting: 0
==============================================================================

==============================================================================
fpm_status:
==============================================================================
pool:                 www
process manager:      dynamic
start time:           01/Dec/2020:19:49:36 +0200
start since:          9465
accepted conn:        1600
listen queue:         0
max listen queue:     0
listen queue len:     128
idle processes:       5
active processes:     1
total processes:      6
max active processes: 2
max children reached: 0
slow requests:        0
==============================================================================

==============================================================================
Nginx config (Real server_name has been obfuscated)
==============================================================================

server {

    listen [::]:80 ipv6only=off;

    listen    443 ssl http2 default deferred;
    listen    [::]:443 ssl http2 default deferred;

    server_name  mapserver.example.com;

        # Deny if the user agent is missing empty or contains just a
single hyphen.
        if ($http_user_agent = "") {
            return 403;
        }

        if ($http_user_agent = "-") {
            return 403;
        }

    ssl_certificate
/etc/pki/tls/certs/star_example_com-19623584-with_CA.crt;
    ssl_certificate_key /etc/pki/tls/private/star_example.com-19623584.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers
'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED';
    ssl_prefer_server_ciphers on;

    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout  1d;
    ssl_session_tickets off;

   ssl_dhparam /etc/pki/tls/certs/dhparam.pem;

    access_log  /var/webs/example/log/access_log main;
    error_log /var/webs/example/log/error_log warn;
    root   /var/webs/example/public/;

    index  index.php index.html index.htm index.cgi default.html
default.htm default.php;

    location / {
       try_files $uri $uri/ /index.php?$args;

       allow all;

    }

    location ~ /nginx_status(.*) {
       stub_status on;
       access_log   off;
       allow 127.0.0.1;
       allow ::1;
       allow 10.10.10.0/24;
       deny all;
    }

    location /fpm_status {
       access_log   off;
       allow 127.0.0.1;
       allow ::1;
       allow 10.10.10.0/24;
       deny all;
       fastcgi_cache off;

       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_pass localhost:9001;

    }

    location ~ /tests {
       stub_status on;
       access_log   off;
       allow 127.0.0.1;
       allow ::1;
       allow 10.10.10.0/24;
       deny all;
    }

    location ~*
/(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
        return 403;
    }

    location ~ /\.ht {
        deny  all;
    }

    location ~ \.php$ {

       allow all;

                # Setup var defaults
                set $no_cache "";
                # If non GET/HEAD, don't cache & mark user as
uncacheable for 1 second via cookie
                if ($request_method !~ ^(GET|HEAD)$) {
                    set $no_cache "1";
                }
                # Drop no cache cookie if need be
                # (for some reason, add_header fails if included in
prior if-block)
                if ($no_cache = "1") {
                    add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
                    add_header X-Microcachable "0";
                }
                # Bypass cache if no-cache cookie is set
                if ($http_cookie ~* "_mcnc") {
                            set $no_cache "1";
                }
                # Bypass cache if flag is set

#                fastcgi_no_cache $no_cache;
#                fastcgi_cache_bypass $no_cache;

                fastcgi_no_cache "1";
                fastcgi_cache_bypass "1";

                fastcgi_cache microcache;
                fastcgi_cache_key $scheme$host$request_uri$request_method;
                fastcgi_cache_valid 200 301 302 303 502 5s;
                fastcgi_cache_use_stale updating error timeout
invalid_header http_500;
                fastcgi_pass_header Set-Cookie;
                fastcgi_pass_header Cookie;
                fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors on;

        fastcgi_buffer_size 384k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 384k;
        fastcgi_temp_file_write_size 384k;
        fastcgi_read_timeout 240;

        fastcgi_pass localhost:9001;

        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

   }

    # caching of files

    location ~* \.(ico|pdf|flv)$ {
        expires 2m;
    }

    location ~* gmap(.*)\.html$ {
        expires -1;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt|html|htm)$ {
        expires 2m;
    }

}
==============================================================================

==============================================================================
php-fpm config:
==============================================================================

[www]
user = nginx
group = nginx

listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 10000

pm.status_path = /fpm_status

slowlog = /var/opt/remi/php74/log/php-fpm/www-slow.log
catch_workers_output = yes

security.limit_extensions = .php .php3 .php4 .php5 .php7
php_admin_value[error_log] = /var/opt/remi/php74/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/opt/remi/php74/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/opt/remi/php74/lib/php/wsdlcache

==============================================================================

Thanks in advance!

All the best,
Nick

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Puzzling Log messages talking to php-fpm

Nikolaos Milas December 01, 2020 04:22PM

RE: Puzzling Log messages talking to php-fpm

Reinis Rozitis December 01, 2020 05:46PM

Re: Puzzling Log messages talking to php-fpm

Nikolaos Milas December 03, 2020 01:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready