我在一个相当繁忙的互联网网站工作,通常会有非常大的流量峰值.在这些峰值期间,请求每秒数百页,这会产生随机502网关错误.
现在我们在配备4核SAS 15k驱动器(raid10)的机器上运行Nginx(1.0.10)和PHP-FPM,配备16核cpu和24GB DDR3内存.我们还使用了最新的Xcache版本. DB位于另一台机器上,但该机器的负载非常低,并且没有问题.
在正常负载下,一切运行完美,系统负载低于1,并且PHP-FPM状态报告从未真正一次显示超过10个活动进程.总有大约10GB的ram可用.在正常负载下,机器每秒处理大约100次综合浏览量.
当流量大幅上升到达时,问题就出现了,并且机器要求每秒数百次页面浏览量.我注意到FPM的状态报告随后显示多达50个活动进程,但这仍然低于我们配置的300个最大连接数.在这些峰值期间,Nginx状态报告最多5000个活动连接,而不是正常平均值1000.
操作系统信息:CentOS 5.7版(最终版)
cpu:Intel(R)Xeon(R)cpu E5620 @ 2.40GH(16核)
PHP-fpm.conf
- daemonize = yes
- listen = /tmp/fpm.sock
- pm = static
- pm.max_children = 300
- pm.max_requests = 1000
我没有设置rlimit_files,因为据我所知它应该使用系统默认值,如果你不这样做.
- fastcgi_connect_timeout 60;
- fastcgi_send_timeout 180;
- fastcgi_read_timeout 180;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 4 256k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- fastcgi_intercept_errors on;
- fastcgi_pass unix:/tmp/fpm.sock;
Nginx.conf
- worker_processes 8;
- worker_connections 16384;
- sendfile on;
- tcp_nopush on;
- keepalive_timeout 4;
Nginx通过Unix Socket连接到FPM.
sysctl.conf的
- net.ipv4.ip_forward = 0
- net.ipv4.conf.default.rp_filter = 1
- net.ipv4.conf.default.accept_source_route = 0
- kernel.sysrq = 1
- kernel.core_uses_pid = 1
- net.ipv4.tcp_syncookies = 1
- kernel.msgmnb = 65536
- kernel.msgmax = 65536
- kernel.shmmax = 68719476736
- kernel.shmall = 4294967296
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.tcp_max_syn_backlog = 2048
- net.ipv4.icmp_echo_ignore_broadcasts = 1
- net.ipv4.conf.all.accept_source_route = 0
- net.ipv4.conf.all.accept_redirects = 0
- net.ipv4.conf.all.secure_redirects = 0
- net.ipv4.conf.all.log_martians = 1
- net.ipv4.conf.default.accept_redirects = 0
- net.ipv4.conf.default.secure_redirects = 0
- net.ipv4.icmp_echo_ignore_broadcasts = 1
- net.ipv4.icmp_ignore_bogus_error_responses = 1
- net.ipv4.conf.default.rp_filter = 1
- net.ipv4.tcp_timestamps = 0
- net.ipv4.conf.all.rp_filter=1
- net.ipv4.conf.default.rp_filter=1
- net.ipv4.conf.eth0.rp_filter=1
- net.ipv4.conf.lo.rp_filter=1
- net.ipv4.ip_conntrack_max = 100000
limits.conf中
- * soft nofile 65536
- * hard nofile 65536
这些是以下命令的结果:
- ulimit -n
- 65536
- ulimit -Sn
- 65536
- ulimit -Hn
- 65536
- cat /proc/sys/fs/file-max
- 2390143
问:如果PHP-FPM没有用完连接,那么负载仍然很低,并且有足够的RAM可用,在高流量期间可能导致这些随机502网关错误的瓶颈是什么?
注意:默认情况下,这台机器的ulimit是1024,因为我把它改为65536我没有完全重启机器,因为它是一台生产机器,这意味着停机时间过长.
官方推荐:worker_processes = cpu核心数
设置worker_processes 16;
