hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Apache + PHP-fcgi RAM usage increasing
Reply

Forum Jump

Apache + PHP-fcgi RAM usage increasing

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 08-11-2010, 04:44 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100

Apache + PHP-fcgi RAM usage increasing


Hi everyone,

I had fcgi to handle PHP (5.2.14) on my VPS, but I noticed RAM increases till there is no RAM, even when the site isn't as active. I have 2GBRAM, normally it uses like < 1GB now it keeps increasing till it hits the limit. I also use xCache

I suspect something has been configured wrong, any advice is appreciated

Thanks,
Dregond



Sponsored Links
  #2  
Old 08-11-2010, 05:56 AM
gate2vn gate2vn is offline
Temporarily Suspended
 
Join Date: Oct 2003
Location: Hanoi
Posts: 4,306
Which version of Apache? Can you post your apache configuration?

  #3  
Old 08-11-2010, 09:39 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100
Apache 2.2

Any specific parts of the config you need?

Thanks.

Sponsored Links
  #4  
Old 08-11-2010, 02:10 PM
UNIXy UNIXy is online now
Warp Speed!
 
Join Date: Feb 2008
Location: Houston, Texas, USA
Posts: 2,837
Depending on your site's usage, you need to add configuration measures so fcgi processes get recycled (forcefully sometimes).

Regards
Joe / UNIXY

__________________
|- UNIXY :: Fully Managed Servers and Clusters Since 2006
|- DC POP :: Houston, Los Angeles, Atlanta, & Rotterdam NL
|- Managed Magento Varnish Servers w/ ESI. < 250ms Page Load / TTFB
L- We LOVE helping our clients!

  #5  
Old 08-11-2010, 02:23 PM
SirMarcel SirMarcel is offline
Web Hosting Master
 
Join Date: Jun 2010
Posts: 584
the reason for this is xCache reserving memory for compiled php scripts. you need to optimize xcache settings

  #6  
Old 08-11-2010, 03:06 PM
-OY- -OY- is offline
Ottomatic backup specialist
 
Join Date: Aug 2006
Location: Canada
Posts: 756
If you're using php-fpm, you can use the pm.max_requests directive if you think that there are memory leaks. If you're using fcgi itself, use PHP_FCG_MAX_REQUESTS.

Quote:
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500

__________________
Otto Yiu
Rsync Palace ● Providing offsite backups since 2007.
Backomatic ● Hassle-free Automated cPanel/WHM, DirectAdmin, FTP, and MySQL backups.


  #7  
Old 08-12-2010, 02:46 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100
Quote:
Originally Posted by -OY- View Post
If you're using php-fpm, you can use the pm.max_requests directive if you think that there are memory leaks. If you're using fcgi itself, use PHP_FCG_MAX_REQUESTS.
There may be a memory leak, but i can't seem to find the "PHP_FCG_MAX_REQUESTS" in my http.conf file. to be honest im on a manage VPS, but I am not sure if FCGI was properly configured so i wanted to hear what people say about the memory increase.


Quote:
Originally Posted by SirMarcel View Post
the reason for this is xCache reserving memory for compiled php scripts. you need to optimize xcache settings
My settings are the defaults mostly, I haven't tweaked much.

Code:
[xcache]
; ini only settings, all the values here is default unless explained

; select low level shm/allocator scheme implemenation
xcache.shm_scheme = "mmap"
; to disable: xcache.size=0
; to enable : xcache.size=64M etc (any size > 0) and your system mmap allows
xcache.size = 60M
; set to cpu count (cat /proc/cpuinfo |grep -c processor)
xcache.count = 1
; just a hash hints, you can always store count(items) > slots
xcache.slots = 8K
; ttl of the cache item, 0=forever
xcache.ttl = 0
; interval of gc scanning expired items, 0=no scan, other values is in seconds
xcache.gc_interval = 0

; same as aboves but for variable cache
xcache.var_size = 4M
xcache.var_count = 1
xcache.var_slots = 8K
; default ttl
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300

xcache.test = Off
; N/A for /dev/zero
xcache.readonly_protection = Off
; for *nix, xcache.mmap_path is a file path, not directory.
; Use something like "/tmp/xcache" if you want to turn on ReadonlyProtection
; 2 group of php won't share the same /tmp/xcache
; for win32, xcache.mmap_path=anonymous map name, not file path
xcache.mmap_path = "/dev/zero"


; leave it blank(disabled) or "/tmp/phpcore/"
; make sure it's writable by php (without checking open_basedir)
xcache.coredump_directory = ""

; per request settings
xcache.cacher = On
xcache.stat = On
xcache.optimizer = On

[xcache.coverager]
; per request settings
; enable coverage data collecting for xcache.coveragedump_directory and xcache_coverager_start/stop/get/clean() functions (will hurt executing performance)
xcache.coverager = Off

; ini only settings
; make sure it's readable (care open_basedir) by coverage viewer script
; requires xcache.coverager=On
xcache.coveragedump_directory = ""

  #8  
Old 08-12-2010, 02:58 AM
-OY- -OY- is offline
Ottomatic backup specialist
 
Join Date: Aug 2006
Location: Canada
Posts: 756
How are you spawning fcgi? You might have to create a wrapper:

Code:
#!/bin/sh
    PHP_FCGI_MAX_REQUESTS=10000
    export PHP_FCGI_MAX_REQUESTS
    exec /usr/bin/php-cgi
and in apache, you call the script:

Code:
FcgidWrapper /usr/bin/php-wrapper .php
To make everything easier, you should use a fcgi process manager like PHP-FPM for example.

Quote:
Originally Posted by Dregond Rahl View Post
There may be a memory leak, but i can't seem to find the "PHP_FCG_MAX_REQUESTS" in my http.conf file. to be honest im on a manage VPS, but I am not sure if FCGI was properly configured so i wanted to hear what people say about the memory increase.




My settings are the defaults mostly, I haven't tweaked much.

Code:
[xcache]
; ini only settings, all the values here is default unless explained

; select low level shm/allocator scheme implemenation
xcache.shm_scheme = "mmap"
; to disable: xcache.size=0
; to enable : xcache.size=64M etc (any size > 0) and your system mmap allows
xcache.size = 60M
; set to cpu count (cat /proc/cpuinfo |grep -c processor)
xcache.count = 1
; just a hash hints, you can always store count(items) > slots
xcache.slots = 8K
; ttl of the cache item, 0=forever
xcache.ttl = 0
; interval of gc scanning expired items, 0=no scan, other values is in seconds
xcache.gc_interval = 0

; same as aboves but for variable cache
xcache.var_size = 4M
xcache.var_count = 1
xcache.var_slots = 8K
; default ttl
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300

xcache.test = Off
; N/A for /dev/zero
xcache.readonly_protection = Off
; for *nix, xcache.mmap_path is a file path, not directory.
; Use something like "/tmp/xcache" if you want to turn on ReadonlyProtection
; 2 group of php won't share the same /tmp/xcache
; for win32, xcache.mmap_path=anonymous map name, not file path
xcache.mmap_path = "/dev/zero"


; leave it blank(disabled) or "/tmp/phpcore/"
; make sure it's writable by php (without checking open_basedir)
xcache.coredump_directory = ""

; per request settings
xcache.cacher = On
xcache.stat = On
xcache.optimizer = On

[xcache.coverager]
; per request settings
; enable coverage data collecting for xcache.coveragedump_directory and xcache_coverager_start/stop/get/clean() functions (will hurt executing performance)
xcache.coverager = Off

; ini only settings
; make sure it's readable (care open_basedir) by coverage viewer script
; requires xcache.coverager=On
xcache.coveragedump_directory = ""

__________________
Otto Yiu
Rsync Palace ● Providing offsite backups since 2007.
Backomatic ● Hassle-free Automated cPanel/WHM, DirectAdmin, FTP, and MySQL backups.



Last edited by -OY-; 08-12-2010 at 03:03 AM.
  #9  
Old 08-12-2010, 03:19 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100
Thanks -OY- for the information, ill look into it.

For now my host is asking me to return to suPHP because of a recent attack on my site, I guess even if fastCGI is better, its not safer ? I wish at least php optimizers would work with suphp. Is there no other secure solution?

  #10  
Old 08-12-2010, 03:30 AM
Cristi4n Cristi4n is offline
Web Hosting Evangelist
 
Join Date: Jun 2006
Location: Cluj Napoca
Posts: 468
@Dregond is your VPS on OpenVZ ?

__________________
IntoDNS - Check your DNS health and configuration
IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  #11  
Old 08-12-2010, 03:39 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100
Quote:
Originally Posted by Cristi4n View Post
@Dregond is your VPS on OpenVZ ?
Yes it is.

  #12  
Old 08-12-2010, 03:40 AM
Cristi4n Cristi4n is offline
Web Hosting Evangelist
 
Join Date: Jun 2006
Location: Cluj Napoca
Posts: 468
ok, and do you user worker_mpm (threads) or prefork with your Apache configuration ?

__________________
IntoDNS - Check your DNS health and configuration
IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  #13  
Old 08-12-2010, 05:57 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100
Quote:
Originally Posted by Cristi4n View Post
ok, and do you user worker_mpm (threads) or prefork with your Apache configuration ?
Honestly i'm not sure, its the default so probably prefork, its compiled using EasyApache so its mod_fcgi, my host believes that its insecure and the reason for the "attacks" on the site, so they recompiled it as suphp. Is there anyway to get it running as fastcgi with security too?

Also worker is better than prefork I believe, but with the recent release of 5.2.14 and 5.3.3 i think FPM is now native with PHP is that even better than prefork and MPM ?

  #14  
Old 08-12-2010, 06:03 AM
Cristi4n Cristi4n is offline
Web Hosting Evangelist
 
Join Date: Jun 2006
Location: Cluj Napoca
Posts: 468
Honestly I am not sure why they would state that fastcgi is not secure. Maybe they believe you are actually using the old style CGI (suphp does that btw) setup.
If you are using worker than that's not ok in OpenVZ.

First off try a Xen setup (or vmware or kvm) , you can go with 1GB of ram even if now you have 2GB in OpenVZ.

If you can't or don't want to try a Xen setup, please make sure that you recycle and limit the number of fcgi processes to something acceptable. Check the timeouts, max requests a.s.o for you fastcgi processes.

Also I would recommend you to use mpm_event with Apache and FastCGI to reduce the number of httpd processes.

Ah, and if you use xcache or eaccelerator, remove them for a while and see if it's better without them.

__________________
IntoDNS - Check your DNS health and configuration
IntoVPS - US Fremont and Dallas;EU - Netherlands and Romania VPS hosting

  #15  
Old 08-12-2010, 06:48 AM
Dregond Rahl Dregond Rahl is offline
WHT Addict
 
Join Date: Jun 2010
Posts: 100
Quote:
Originally Posted by Cristi4n View Post
Honestly I am not sure why they would state that fastcgi is not secure. Maybe they believe you are actually using the old style CGI (suphp does that btw) setup.
If you are using worker than that's not ok in OpenVZ.

First off try a Xen setup (or vmware or kvm) , you can go with 1GB of ram even if now you have 2GB in OpenVZ.

If you can't or don't want to try a Xen setup, please make sure that you recycle and limit the number of fcgi processes to something acceptable. Check the timeouts, max requests a.s.o for you fastcgi processes.

Also I would recommend you to use mpm_event with Apache and FastCGI to reduce the number of httpd processes.

Ah, and if you use xcache or eaccelerator, remove them for a while and see if it's better without them.
Thanks for your advise, I will try this when i have solved the security problem. The VPS offers only OpenVZ so I can't make a switch, Also they know its compiled as fcgi and I enabled suEXEC. But even then there seems to be some lose ends causing the security problem. I'm considring installing "Suhosin" to secure PHP (Joomla seems to the be the cause)

Thanks again

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vps optimization & Apache suphp, dso vs fcgi adeministrator Hosting Security and Technology 11 04-05-2010 02:46 AM
Apache PHP-cgi + fcgi problem IcyTexx Hosting Security and Technology 5 03-27-2010 01:50 AM
Increasing the Apache ServerLimit in Apache 2.2.8 version. rvbraj Hosting Security and Technology 7 05-28-2008 12:17 PM
apache + spawn-fcgi papajo Hosting Security and Technology 2 04-14-2008 01:56 PM
Lighttpd - 95% Cpu Usage. Apache - All Ram Used, Swap Comes In Greedisgood Hosting Security and Technology 18 10-14-2007 12:34 PM

Related posts from TheWhir.com
Title Type Date Posted
Apache Market Share Falls in Netcraft October Web Server Survey Web Hosting News 2013-10-04 14:34:11
Apache Malware Darkleech Spreads Rapidly with Increase in Attacks Web Hosting News 2013-07-03 12:11:03
Apache Market Share Dips Slightly in June Netcraft Web Server Survey Web Hosting News 2013-06-06 13:40:21
Apache Continues to Dominate Web Server Market in Netcraft May Survey Web Hosting News 2013-05-06 14:29:02
Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware Web Hosting News 2013-05-01 11:35:53


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?