Estou executando um site wordpress de comércio eletrônico/LMS com uma CPU de 2 núcleos, 4G Ram e 4Gswap, servidor de espaço em disco de 100G com painel de administração da web CentOS.
hoje, depois de obter um relatório http 502 de servidores de clientes, de repente percebi que havia 14 arquivos php executados, 2 em index.php (nginx) e 12 em meus arquivos php wordfence wflogs (php-fpm) usando este comando watch -n1 "lsof | grep '\.php'".
Depois de reiniciar os servidores nginx e php-fpm, os arquivos php executados desapareceriam, mas após uma nova conexão com o site o problema acontecerá novamente em 2 minutos.
Investigando mais sobre isso, eu tinha php-fpm74 php.ini e nginx.conf customizados, que removi ambos e reinstalei.problem ainda está lá
Tenho que mencionar sempre que após reiniciar as primeiras vezes, sempre que atualizo, posso ver todos os arquivos php sendo executados e removidos, mas depois de algumas atualizações eu teria uma lista de arquivos php abertos onde os seguintes
nginx 1893 nobody 38r REG 253,2 405 7357 /home/azc/public_html/index.php
nginx 1893 nobody 42r REG 253,2 5543 93120 /home/azc/public_html/wp-cron.php
nginx 1894 nobody 38r REG 253,2 405 7357 /home/azc/public_html/index.php
php-fpm 2784 azc 6u REG 253,2 51 98078 /home/azc/public_html/wp-content/wflogs/ips.php
php-fpm 2784 azc 7u REG 253,2 560 58362 /home/azc/public_html/wp-content/wflogs/config.php
php-fpm 2784 azc 8u REG 253,2 40083 99496 /home/azc/public_html/wp-content/wflogs/attack-data.php
php-fpm 2784 azc 9u REG 253,2 16502 29005 /home/azc/public_html/wp-content/wflogs/config-synced.php
php-fpm 2784 azc 10u REG 253,2 5656 100459 /home/azc/public_html/wp-content/wflogs/config-livewaf.php
php-fpm 2784 azc 11u REG 253,2 1402945 99209 /home/azc/public_html/wp-content/wflogs/config-transient.php
se eu me reconectar ctrl+shift+Rao meu site várias vezes, muitos deles não serão fechados, então o servidor começará a retornar 502. Instalei Aapache, PHP-CGI e infelizmente não consegui executar o site, então decidi focar neste assunto .
Versão dos serviços:
- Centos 7
- Nginx 1.22.1
- PHP-FPM 7.4.32
- WordPress 6.1.1
- Plug-in Wordfence 7.8
configuração do site azc-fpm
[azc]
listen = /opt/alt/php-fpm74/usr/var/sockets/azc.sock
listen.allowed_clients = 127.0.0.1
;listen.owner = "azc"
listen.group = "nobody"
listen.mode = 0660
user = "azc"
group = "azc"
request_slowlog_timeout = 15s
slowlog = /opt/alt/php-fpm74/usr/var/log/php-fpm-slowlog-azc.log
pm = ondemand
pm.max_children = 4
pm.max_requests = 4000
pm.process_idle_timeout = 15s
;listen.backlog = -1
;request_terminate_timeout = 0s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /home/azc/tmp
env[TMPDIR] = /home/azc/tmp
env[TEMP] = /home/azc/tmp
env[PATH] = /usr/local/bin:/usr/bin:/bin
próprio php-fpm.conf(já que estou executando o painel da web centos, é cwpsvc.conf)
[cwpsvc]
listen = /opt/alt/php-fpm74/usr/var/sockets/cwpsvc.sock
listen.owner = cwpsvc
listen.group = cwpsvc
listen.mode = 0640
user = cwpsvc
group = cwpsvc
;request_slowlog_timeout = 5s
;slowlog = /opt/alt/php-fpm74/usr/var/log/php-fpm-slowlog-cwpsvc.log
listen.allowed_clients = 127.0.0.1
pm = ondemand
pm.max_children = 25
pm.process_idle_timeout = 15s
;listen.backlog = -1
request_terminate_timeout = 0s
rlimit_files = 131073
rlimit_core = unlimited
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Configuração do site Nginx
erver {
listen x.x.x.x:443 ssl ;
server_name azc.com www.azc.com;
root /home/azc/public_html;
index index.php index.html index.htm;
access_log /usr/local/apache/domlogs/azc.com.bytes bytes;
access_log /usr/local/apache/domlogs/azc.com.log combined;
error_log /usr/local/apache/domlogs/azc.com.error.log error;
ssl_certificate /etc/pki/tls/certs/azc.com.bundle;
ssl_certificate_key /etc/pki/tls/private/azc.com.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eN$
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
try_files $uri $uri/ /index.php?$args;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
location ~.*\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass unix:/opt/alt/php-fpm74/usr/var/sockets/azc.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
location ~* "/\.(htaccess|htpasswd)$" {deny all;return 404;}
disable_symlinks if_not_owner from=/home/azc/public_html;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
PHP-FPM slowLog para o site
[29-Nov-2022 09:12:23] [pool azc] pid 20575
script_filename = /home/azc/public_html/wp-admin/admin-ajax.php
[0x00007f856ca13df0] curl_exec() /home/azc/public_html/wp-includes/class-requests.php:381
[0x00007f856ca13870] request() /home/azc/public_html/wp-includes/class-wp-http.php:395
[0x00007f856ca136e0] request() /home/azc/public_html/wp-includes/class-wp-http.php:633
[0x00007f856ca13640] get() /home/azc/public_html/wp-includes/http.php:162
[0x00007f856ca135b0] wp_remote_get() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/Engine/Preload/AbstractProcess.php:202
[0x00007f856ca13510] preload() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/Engine/Preload/AbstractProcess.php:159
[0x00007f856ca13480] maybe_preload() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/Engine/Preload/PartialProcess.php:41
[0x00007f856ca13420] task() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/classes/dependencies/wp-media/background-processing/wp-background-process.php:315
[0x00007f856ca13370] handle() /home/azc/public_html/wp-content/plugins/wp-rocket/inc/classes/dependencies/wp-media/background-processing/wp-background-process.php:$
[0x00007f856ca13300] maybe_handle() /home/azc/public_html/wp-includes/class-wp-hook.php:308
[0x00007f856ca13220] apply_filters() /home/azc/public_html/wp-includes/class-wp-hook.php:332
[0x00007f856ca131b0] do_action() /home/azc/public_html/wp-includes/plugin.php:517
[0x00007f856ca130d0] do_action() /home/azc/public_html/wp-admin/admin-ajax.php:203
Obrigado por qualquer ajuda