Puzzling Log messages talking to php-fpm

Nikolaos Milas nmilas at noa.gr
Tue Dec 1 21:21:29 UTC 2020


Hello,

To start with, I am not an nginx geek, so please be patient with me!

We have a server (real name substituted by mapserver.example.com) 
running nginx 1.18.0 on CentOS 7 with php-fpm listening on port 9001.

The server is only serving a maps application. The application is mainly 
called by another server (real name substituted with 
mainapplication.example.com) which displays the maps app through an iframe.

Although I cannot see any disruptions in service of mapserver (all my 
requests appear successful), I constantly see in the logs, pairs of the 
following error (I post here two examples: one with an IPv6 client and 
one with an IPv4 client):

2020/12/01 20:45:42 [error] 32515#32515: *314521 connect() failed (111: 
Connection refused) while connecting to upstream, client: 
2a02:587:da23:700:[last_4_parts_removed], server: mapserver.example.com, 
request: "GET /data/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001", host: 
"mapserver.example.com", referrer: "http://mapserver.example.com/index/en/1"
2020/12/01 20:45:42 [warn] 32515#32515: *314521 upstream server 
temporarily disabled while connecting to upstream, client: 
2a02:587:da23:700:[last_4_parts_removed], server: mapserver.example.com, 
request: "GET /data/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001", host: 
"mapserver.example.com", referrer: "http://mapserver.example.com/index/en/1"

2020/12/01 20:46:15 [error] 32516#32516: *314532 connect() failed (111: 
Connection refused) while connecting to upstream, client: 
::ffff:193.140.[last_2_octets_removed], server: mapserver.example.com, 
request: "GET /index/en/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001", 
host: "mapserver.example.com", referrer: 
"http://mainapplication.example.com"
2020/12/01 20:46:15 [warn] 32516#32516: *314532 upstream server 
temporarily disabled while connecting to upstream, client: 
::ffff:193.140.[last_2_octets_removed], server: mapserver.example.com, 
request: "GET /index/en/1 HTTP/1.1", upstream: "fastcgi://[::1]:9001", 
host: "mapserver.example.com", referrer: 
"http://mainapplication.example.com"

My tests show that my own client IP address is logged among these 
errors, even though I can't see a denial of service.

So, I have reached to the conclusion that probably all requests to nginx 
(despite that they are successful) trigger the above logging.

My questions:

- What do the above errors mean? Could they indicate some temporary 
"denial of service" by php-fpm, which in the end responds successfully 
so the client does not notice anything except perhaps some slower than 
expected response? Or it may just be an indication of long response time 
to complete the reply by php-fpm, so that nginx logs it as an error?

- Would these log messages provide a hint to another problem, based on 
your experience?

- Should I troubleshoot the issue more and, if so, how?

- Any config suggestions to help resolve the issue?

Nginx and php-fpm configs follow for your reference. (Any "side 
suggestions" on these will be welcome!)

I appreciate your help!

Also:

==============================================================================
nginx_status:
==============================================================================
Active connections: 1
server accepts handled requests
  161566 161566 310064
Reading: 0 Writing: 1 Waiting: 0
==============================================================================

==============================================================================
fpm_status:
==============================================================================
pool:                 www
process manager:      dynamic
start time:           01/Dec/2020:19:49:36 +0200
start since:          9465
accepted conn:        1600
listen queue:         0
max listen queue:     0
listen queue len:     128
idle processes:       5
active processes:     1
total processes:      6
max active processes: 2
max children reached: 0
slow requests:        0
==============================================================================

==============================================================================
Nginx config (Real server_name has been obfuscated)
==============================================================================

server {

     listen [::]:80 ipv6only=off;

     listen    443 ssl http2 default deferred;
     listen    [::]:443 ssl http2 default deferred;

     server_name  mapserver.example.com;

         # Deny if the user agent is missing empty or contains just a 
single hyphen.
         if ($http_user_agent = "") {
             return 403;
         }

         if ($http_user_agent = "-") {
             return 403;
         }

     ssl_certificate 
/etc/pki/tls/certs/star_example_com-19623584-with_CA.crt;
     ssl_certificate_key /etc/pki/tls/private/star_example.com-19623584.key;

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers 
'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED';
     ssl_prefer_server_ciphers on;

     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout  1d;
     ssl_session_tickets off;

    ssl_dhparam /etc/pki/tls/certs/dhparam.pem;

     access_log  /var/webs/example/log/access_log main;
     error_log /var/webs/example/log/error_log warn;
     root   /var/webs/example/public/;

     index  index.php index.html index.htm index.cgi default.html 
default.htm default.php;

     location / {
        try_files $uri $uri/ /index.php?$args;

        allow all;

     }

     location ~ /nginx_status(.*) {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        allow ::1;
        allow 10.10.10.0/24;
        deny all;
     }

     location /fpm_status {
        access_log   off;
        allow 127.0.0.1;
        allow ::1;
        allow 10.10.10.0/24;
        deny all;
        fastcgi_cache off;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass localhost:9001;

     }

     location ~ /tests {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        allow ::1;
        allow 10.10.10.0/24;
        deny all;
     }

     location ~* 
/(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
         return 403;
     }

     location ~ /\.ht {
         deny  all;
     }

     location ~ \.php$ {

        allow all;

                 # Setup var defaults
                 set $no_cache "";
                 # If non GET/HEAD, don't cache & mark user as 
uncacheable for 1 second via cookie
                 if ($request_method !~ ^(GET|HEAD)$) {
                     set $no_cache "1";
                 }
                 # Drop no cache cookie if need be
                 # (for some reason, add_header fails if included in 
prior if-block)
                 if ($no_cache = "1") {
                     add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
                     add_header X-Microcachable "0";
                 }
                 # Bypass cache if no-cache cookie is set
                 if ($http_cookie ~* "_mcnc") {
                             set $no_cache "1";
                 }
                 # Bypass cache if flag is set

#                fastcgi_no_cache $no_cache;
#                fastcgi_cache_bypass $no_cache;

                 fastcgi_no_cache "1";
                 fastcgi_cache_bypass "1";

                 fastcgi_cache microcache;
                 fastcgi_cache_key $scheme$host$request_uri$request_method;
                 fastcgi_cache_valid 200 301 302 303 502 5s;
                 fastcgi_cache_use_stale updating error timeout 
invalid_header http_500;
                 fastcgi_pass_header Set-Cookie;
                 fastcgi_pass_header Cookie;
                 fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

                 try_files $uri =404;
                 include /etc/nginx/fastcgi_params;
                 fastcgi_param PATH_INFO $fastcgi_script_name;
                 fastcgi_intercept_errors on;

         fastcgi_buffer_size 384k;
         fastcgi_buffers 256 16k;
         fastcgi_busy_buffers_size 384k;
         fastcgi_temp_file_write_size 384k;
         fastcgi_read_timeout 240;

         fastcgi_pass localhost:9001;

         fastcgi_index index.php;
         include /etc/nginx/fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    }

     # caching of files

     location ~* \.(ico|pdf|flv)$ {
         expires 2m;
     }

     location ~* gmap(.*)\.html$ {
         expires -1;
     }

     location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt|html|htm)$ {
         expires 2m;
     }

}
==============================================================================

==============================================================================
php-fpm config:
==============================================================================

[www]
user = nginx
group = nginx

listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 10000

pm.status_path = /fpm_status

slowlog = /var/opt/remi/php74/log/php-fpm/www-slow.log
catch_workers_output = yes

security.limit_extensions = .php .php3 .php4 .php5 .php7
php_admin_value[error_log] = /var/opt/remi/php74/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/opt/remi/php74/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/opt/remi/php74/lib/php/wsdlcache

==============================================================================

Thanks in advance!

All the best,
Nick



More information about the nginx mailing list