PHP8.3-FPM crashing under spike in load

Anotherbanana · October 25, 2024, 3:57pm

Hello,
I have a server for my client that’s under DDOS few times a day. Now they’re only hitting wordpress homepage. The load is very low for a crash, which is strange.
This is dedicated server with 97gb of ram and 72 cpu cores.

It’s massive overkill for only 1 Woocomerce site.

Previously I had problem with mariadb crashing under load, but that was resolved here: Mariadb crashing under spike in traffic/ddos - #21 by Anotherbanana

Now the php-fpm just stopping without any log in error.
Today morning I had to increasenginx worker_connections to 30000.
10000 was not enough ( I saw this in logs).

Even under small spikes in traffic php just crashing.

Please remember that’s 72 cpu cores, so 3.5% cpu usage is nothing.

Example of attack:

So during the attack php just stop responding I have to ssh to server and do:

systemctl stop nginx
systemctl restart php8.3-fpm
systemctl start nginx

After that cloudflare/sucuri is already filtering their attack.

I’m also using Firewall 7G + server is only accessible from sucuri/cloudflare network so no issue there.

It’s just weird that this small(for this server) traffic spikes can crash PHP.
I’m wondering if that have something to do with Opcache.

I’m putting my nginx and php conf below.

/etc/nginx/nginx.conf

php conf

https://pastebin.com/0VvpVBsX

The biggest issue for me is that there’s no error for this crash. It’s just ,stoping". Systemctl is reporting that everything’s fine.

Maybe someone can point me in right direction.

Anotherbanana · October 25, 2024, 4:07pm

Site just crashed - Timeout.

systemctl status php8.3-fpm give me :

● php8.3-fpm.service - The PHP 8.3 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.3-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-10-25 13:55:24 UTC; 2h 11min ago
       Docs: man:php-fpm8.3(8)
    Process: 379784 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/8.3/fpm/pool.d/www.conf 83 (code=exited, status=0/SUCCESS)
   Main PID: 379715 (php-fpm8.3)
     Status: "Processes active: 64, idle: 0, Requests: 5098, slow: 711, Traffic: 2.30req/sec"
      Tasks: 65 (limit: 115444)
     Memory: 4.9G
        CPU: 1h 17min 35.923s

Anotherbanana · October 25, 2024, 6:48pm

I guess I narrowed down the problem to :

"Processes active: 64, idle: 0, Requests: 5098, slow: 711, Traffic: 2.30req/sec"

Why my php-fpm is only doing 2.30req/sec?
Looks super low for me. What could be the cause?

Anotherbanana · October 25, 2024, 8:47pm

I’m slowly increasing:


[25-Oct-2024 20:44:08] WARNING: [pool redacted.com] server reached max_children setting (258), consider raising it

max_children settings

sahsanu · October 25, 2024, 10:59pm

You could also check pm.start_servers, pm.min_spare_servers and pm.max_spare_servers but I would double check the limits php-fpm is using, if you didn’t change it, it should be using 1024 open files and you should raise it.

pid=$(ps -ef | grep '[p]hp-fpm: master.*8.3' | awk '{print $2}'); echo "Memory used by pid $pid"; cat /proc/$pid/status | grep -i vmrss; echo -e "\nLimits for pid $pid";cat /proc/$pid/limits

And you will see something like this:

Memory used by pid 1300
VmRSS:     12708 kB

Limits for pid 1300
Limit                     Soft Limit           Hard Limit           Units
Max cpu time              unlimited            unlimited            seconds
Max file size             unlimited            unlimited            bytes
Max data size             unlimited            unlimited            bytes
Max stack size            8388608              unlimited            bytes
Max core file size        0                    unlimited            bytes
Max resident set          unlimited            unlimited            bytes
Max processes             7685                 7685                 processes
Max open files            1024                 524288               files
Max locked memory         8388608              8388608              bytes
Max address space         unlimited            unlimited            bytes
Max file locks            unlimited            unlimited            locks
Max pending signals       7685                 7685                 signals
Max msgqueue size         819200               819200               bytes
Max nice priority         0                    0
Max realtime priority     0                    0
Max realtime timeout      unlimited            unlimited            us

Note: I added the command to display VmRSS for the process, VmRSS is the memory that it is using… useful if you are going to raise max_childrens… servers, etc.

As I said, first check open files limit and raise it editing systemd service.

systemctl edit php8.3-fpm.service

And add the directive LimitNOFILE, something like this:

### Editing /etc/systemd/system/php8.3-fpm.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file

[Service]
LimitNOFILE=65535

### Lines below this comment will be discarded

### /lib/systemd/system/php8.3-fpm.service
# [Unit]
[...]

Save the file, restart the service:

systemctl restart php8.3-fpm

And check again whether limits has been raised.

Anotherbanana · October 26, 2024, 7:17am

My output:

Memory used by pid 681423
VmRSS:    174788 kB

Limits for pid 681423
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             384814               384814               processes 
Max open files            1024                 524288               files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       384814               384814               signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us

Anotherbanana · October 26, 2024, 8:32am

I increased opcache memory to some crazy big values.
I’m waiting for another round of ddos to check if that’s helping.

Again, resources are not an issue on this server.