ORH 发表于 2022-12-2 10:54:34

LNMP 会出现 502,重启 php-frm 可以解决,但是过两三天又会...


这几年一直使用 LNMP,都挺稳定,但是最近网站会频繁出现 502 的错误,主要是体现在 PHP 这边,现在贴出日志和配置,LNMP1.9,请军哥帮忙看下
mysql --version
mysqlVer 14.14 Distrib 5.7.38, for linux-glibc2.12 (x86_64) usingEditLine wrapper

php --version
PHP 8.1.7 (cli) (built: Sep 16 2022 10:07:17) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.7, Copyright (c) Zend Technologies

nginx -v
nginx version: nginx/1.22.0


vim /usr/local/php/var/log/php-fpm.log
WARNING: child 929400 exited on signal 11 (SIGSEGV - core dumped) after 3832.662718 seconds from start
NOTICE: child 939308 started
WARNING: child 929411 exited on signal 11 (SIGSEGV - core dumped) after 3832.680680 seconds from start
NOTICE: child 939309 started
WARNING: child 929402 exited on signal 11 (SIGSEGV - core dumped) after 3832.706473 seconds from start
NOTICE: child 939310 started
WARNING: child 929403 exited on signal 11 (SIGSEGV - core dumped) after 3832.729209 seconds from start
NOTICE: child 939311 started
WARNING: child 929407 exited on signal 11 (SIGSEGV - core dumped) after 3832.749185 seconds from start
NOTICE: child 939314 started
WARNING: child 929406 exited on signal 11 (SIGSEGV - core dumped) after 3832.771680 seconds from start
NOTICE: child 939319 started
WARNING: child 929405 exited on signal 11 (SIGSEGV - core dumped) after 3832.794327 seconds from start
NOTICE: child 939320 started
WARNING: child 929401 exited on signal 11 (SIGSEGV - core dumped) after 3832.818900 seconds from start
NOTICE: child 939321 started
WARNING: child 929410 exited on signal 11 (SIGSEGV - core dumped) after 3832.836387 seconds from start
NOTICE: child 939322 started
WARNING: child 929404 exited on signal 11 (SIGSEGV - core dumped) after 3832.860955 seconds from start
NOTICE: child 939323 started
WARNING: child 929418 exited on signal 11 (SIGSEGV) after 3834.385191 seconds from start
NOTICE: child 939339 started

vim /home/wwwlogs/nginx_error.log
2022/12/01 13:16:43 796753#0: *1558 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 45.40.57.56, server: 0.0.0.0:443
2022/12/01 17:46:54 822434#0: *4104 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 94.102.61.8, server: 0.0.0.0:443
2022/12/01 18:00:24 822429#0: *4202 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 94.102.61.8, server: 0.0.0.0:443
2022/12/01 21:32:34 822433#0: *5220 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.212.132, server: 0.0.0.0:443
2022/12/01 22:21:21 822427#0: *5288 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
2022/12/02 05:23:27 928815#0: *121 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 106.75.226.239, server: 0.0.0.0:443
2022/12/02 06:09:35 928819#0: *152 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 103.213.96.233, server: 0.0.0.0:443

vim /usr/local/nginx/conf/vhost/domain.com.conf
server
    {
      listen 80;
      #listen [::]:80;
      server_name domain.com;
      index index.html index.htm index.php default.html default.htm default.php;
      root/home/wwwroot/domain.com;

      #include rewrite/none.conf;
      #error_page   404   /404.html;

      # Deny access to PHP files in specific directory
      #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

      # include enable-php.conf;

      location ~ /.well-known {
            allow all;
      }

      location ~ /\.
      {
            deny all;
      }

      location / {
            return 301 https://$host$request_uri;
      }

      access_log off;
    }

server
    {
      listen 443 ssl http2;
      #listen [::]:443 ssl http2;
      server_name domain.com;
      index index.html index.htm index.php default.html default.htm default.php;
      root/home/wwwroot/domain.com;

      ssl_certificate ssl/domain.com/ssl.crt;
      ssl_certificate_key ssl/domain.com/ssl.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
      ssl_session_cache builtin:1000 shared:SSL:10m;
      # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

      # include rewrite/none.conf;
      #error_page   404   /404.html;

      # Deny access to PHP files in specific directory
      #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

      # include enable-php.conf;

      location ~ /.well-known {
            allow all;
      }

      location ~ /\.
      {
            deny all;
      }

      location /
      {
            try_files $uri $uri/ /index.html;
      }

      location /api/
      {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_ssl_server_name on;
            proxy_pass https://api.domain.com/;
      }

      location ~ .*\.html$
      {
            add_header Cache-Control no-store;
            add_header Pragma no-cache;
            add_header Expires -1;
      }

      include vhost/app/*.conf;

      access_log off;
    }


vim /usr/local/nginx/conf/vhost/api.domain.com.conf
server
    {
      listen 443 ssl http2;
      #listen [::]:443 ssl http2;
      server_name api.domain.com;
      index index.html index.htm index.php default.html default.htm default.php;
      root/home/wwwroot/api.domain.com/public;

      ssl_certificate ssl/api.domain.com/ssl.crt;
      ssl_certificate_key ssl/api.domain.com/ssl.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
      ssl_session_cache builtin:1000 shared:SSL:10m;
      # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

      include rewrite/laravel.conf;
      #error_page   404   /404.html;

      # Deny access to PHP files in specific directory
      #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

      include enable-php.conf;

      location ~ /.well-known {
            allow all;
      }

      location ~ /\.
      {
            deny all;
      }

      access_log off;
    }



---

licess 发表于 2022-12-2 16:43:22

502大概率和网站程序有关,开php慢日志一般就能看到程序那边的问题

ORH 发表于 2022-12-5 09:29:37

licess 发表于 2022-12-2 16:43
502大概率和网站程序有关,开php慢日志一般就能看到程序那边的问题

:victory:好的军哥

蛋蛋的蛋 发表于 2022-12-7 10:51:57

licess 发表于 2022-12-2 16:43
502大概率和网站程序有关,开php慢日志一般就能看到程序那边的问题

第一次听说还有慢日志:handshake学习了
页: [1]
查看完整版本: LNMP 会出现 502,重启 php-frm 可以解决,但是过两三天又会...