Eerder deze week kreeg ik al mails van de VPS dat de serverload te hoog was 11.6 etc. Hierna ging ik dit controleren en zag ik niks vreemds.
Maar sinds gisteravond/vannacht staat de server onder een zware CPU load met 1x een piek naar 140%.
Nu komt steeds het proces: /usr/sbin/httpd -k start -DSSL naar boven, dit vaak ook meerdere keren (1 tot 10) tegelijk, met een cpuload rond de 60-70% of lager.
Dit is de error log van apache /var/log/httpd/error_log:Code:top - 12:25:22 up 1 day, 12:04, 0 users, load average: 0.60, 0.79, 0.85 Tasks: 159 total, 3 running, 156 sleeping, 0 stopped, 0 zombie Cpu(s): 9.6%us, 4.4%sy, 0.6%ni, 83.5%id, 1.5%wa, 0.0%hi, 0.0%si, 0.3%st Mem: 3922748k total, 2453076k used, 1469672k free, 302324k buffers Swap: 1048568k total, 86812k used, 961756k free, 775904k cached Page: 1 2 3 4 Advanced Search PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 31420 admin 20 0 274m 76m 5588 R 98.3 2.0 0:47.21 /usr/sbin/httpd -k start -DSSL 31744 admin 20 0 265m 67m 5288 R 41.3 1.8 0:39.23 /usr/sbin/httpd -k start -DSSL 6003 mysql 20 0 1316m 245m 5444 S 3.9 6.4 25:11.16 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/lib/mysql/bladewebsites.com-online.identiteit.err --pid-file=/var/lib/mysql/bladewebsites.com-online.identiteit.pid 1123 root 20 0 243m 1084 324 S 2.0 0.0 1:18.88 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 1 root 20 0 19356 504 292 S 0.0 0.0 0:00.72 /sbin/init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd] 3 root RT 0 0 0 0 S 0.0 0.0 0:01.57 [migration/0] 4 root 20 0 0 0 0 S 0.0 0.0 0:02.64 [ksoftirqd/0] 5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 [migration/0] 6 root RT 0 0 0 0 S 0.0 0.0 0:00.41 [watchdog/0] 7 root RT 0 0 0 0 S 0.0 0.0 0:00.77 [migration/1] 8 root RT 0 0 0 0 S 0.0 0.0 0:00.00 [migration/1] 9 root 20 0 0 0 0 S 0.0 0.0 0:02.90 [ksoftirqd/1] 10 root RT 0 0 0 0 S 0.0 0.0 0:00.33 [watchdog/1]
om 00:11 en 11:58 heb ik de server een keer restart.Code:[Thu Oct 23 00:11:03 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 00:11:03 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 00:11:03 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Oct 23 00:11:03 2014] [notice] mod_ruid2/0.9.7 enabled [Thu Oct 23 00:11:03 2014] [notice] Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.28 configured -- resuming normal operations [Thu Oct 23 01:00:17 2014] [error] [client 127.0.0.1] client denied by server configuration: /var/www/html/server-status [Thu Oct 23 01:00:17 2014] [error] [client 127.0.0.1] File does not exist: /var/www/html/403.shtml [Thu Oct 23 05:24:26 2014] [error] [client 172.243.178.100] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /tmUnblock.cgi [Thu Oct 23 10:29:19 2014] [error] [client 146.185.239.100] File does not exist: /var/www/html/400.shtml [Thu Oct 23 10:29:19 2014] [emerg] (13)Permission denied: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [alert] Child 19302 returned a Fatal error... Apache is exiting! [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:20 2014] [emerg] (43)Identifier removed: couldn't grab the accept mutex [Thu Oct 23 10:29:21 2014] [emerg] (22)Invalid argument: couldn't grab the accept mutex [Thu Oct 23 10:29:21 2014] [emerg] (22)Invalid argument: couldn't grab the accept mutex [Thu Oct 23 10:29:21 2014] [emerg] (22)Invalid argument: couldn't release the accept mutex [Thu Oct 23 10:29:22 2014] [emerg] (22)Invalid argument: couldn't grab the accept mutex [Thu Oct 23 10:29:24 2014] [emerg] (22)Invalid argument: couldn't grab the accept mutex [Thu Oct 23 10:30:03 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 10:30:03 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 10:30:03 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Oct 23 10:30:03 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Oct 23 10:30:04 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 10:30:04 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 10:30:04 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Oct 23 10:30:04 2014] [notice] mod_ruid2/0.9.7 enabled [Thu Oct 23 10:30:04 2014] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Thu Oct 23 10:30:04 2014] [notice] Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.28 configured -- resuming normal operations [Thu Oct 23 10:42:34 2014] [error] [client 222.76.242.219] File does not exist: /var/www/html/manager [Thu Oct 23 10:42:34 2014] [error] [client 222.76.242.219] File does not exist: /var/www/html/404.shtml [Thu Oct 23 11:48:58 2014] [error] [client 101.226.169.216] File does not exist: /var/www/html/robots.txt, referer: http://bloempaal.com/robots.txt [Thu Oct 23 11:48:58 2014] [error] [client 101.226.169.216] File does not exist: /var/www/html/404.shtml, referer: http://bloempaal.com/robots.txt zend_mm_heap corrupted zend_mm_heap corrupted [Thu Oct 23 11:58:07 2014] [notice] caught SIGTERM, shutting down [Thu Oct 23 11:58:08 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 11:58:08 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 11:58:08 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Oct 23 11:58:08 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Oct 23 11:58:09 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 11:58:09 2014] [warn] RSA server certificate CommonName (CN) `www.alexsysteembouw.nl' does NOT match server name!? [Thu Oct 23 11:58:09 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Oct 23 11:58:09 2014] [notice] mod_ruid2/0.9.7 enabled [Thu Oct 23 11:58:09 2014] [notice] Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.28 configured -- resuming normal operations
Hier haal ik uit dat er iets mis is met het SSL certificaat voor een van onze sites. Hier heb ik eerder nog geen problemen mee gehad.
Nu heb ik wel sinds 2 dagen wordpress draaien voor een kleine mobiele site /m/. Hier hangen ook een paar security plugins in (wordfence en iThemes Security). Ook is CSF geïnstalleerd in directadmin.
Komt de hoge load van -DSSL hier vandaan of zijn er andere dingen aan de hand met mijn VPS? Zijn hier simpele oplossingen voor om dit probleem te verhelpen en in de toekomst te voorkomen?
Zijn er tools om dit soort processen makkelijk te monitoren en erachter te komen wat dit precies veroorzaakt?