LNMP 会出现 502，重启 php-frm 可以解决，但是过两三天又会...

ORH

这几年一直使用 LNMP，都挺稳定，但是最近网站会频繁出现 502 的错误，主要是体现在 PHP 这边，现在贴出日志和配置，LNMP1.9，请军哥帮忙看下

1. mysql --version
   
2. mysql  Ver 14.14 Distrib 5.7.38, for linux-glibc2.12 (x86_64) using  EditLine wrapper
   
3. 
   
4. php --version
   
5. PHP 8.1.7 (cli) (built: Sep 16 2022 10:07:17) (NTS)
   
6. Copyright (c) The PHP Group
   
7. Zend Engine v4.1.7, Copyright (c) Zend Technologies
   
8. 
   
9. nginx -v
   
10. nginx version: nginx/1.22.0

复制代码

vim /usr/local/php/var/log/php-fpm.log

1. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929400 exited on signal 11 (SIGSEGV - core dumped) after 3832.662718 seconds from start
   
2. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939308 started
   
3. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929411 exited on signal 11 (SIGSEGV - core dumped) after 3832.680680 seconds from start
   
4. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939309 started
   
5. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929402 exited on signal 11 (SIGSEGV - core dumped) after 3832.706473 seconds from start
   
6. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939310 started
   
7. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929403 exited on signal 11 (SIGSEGV - core dumped) after 3832.729209 seconds from start
   
8. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939311 started
   
9. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929407 exited on signal 11 (SIGSEGV - core dumped) after 3832.749185 seconds from start
   
10. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939314 started
    
11. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929406 exited on signal 11 (SIGSEGV - core dumped) after 3832.771680 seconds from start
    
12. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939319 started
    
13. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929405 exited on signal 11 (SIGSEGV - core dumped) after 3832.794327 seconds from start
    
14. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939320 started
    
15. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929401 exited on signal 11 (SIGSEGV - core dumped) after 3832.818900 seconds from start
    
16. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939321 started
    
17. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929410 exited on signal 11 (SIGSEGV - core dumped) after 3832.836387 seconds from start
    
18. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939322 started
    
19. [02-Dec-2022 02:15:00] WARNING: [pool www] child 929404 exited on signal 11 (SIGSEGV - core dumped) after 3832.860955 seconds from start
    
20. [02-Dec-2022 02:15:00] NOTICE: [pool www] child 939323 started
    
21. [02-Dec-2022 02:15:01] WARNING: [pool www] child 929418 exited on signal 11 (SIGSEGV) after 3834.385191 seconds from start
    
22. [02-Dec-2022 02:15:01] NOTICE: [pool www] child 939339 started

复制代码

vim /home/wwwlogs/nginx_error.log

1. 2022/12/01 13:16:43 [crit] 796753#0: *1558 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 45.40.57.56, server: 0.0.0.0:443
   
2. 2022/12/01 17:46:54 [crit] 822434#0: *4104 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 94.102.61.8, server: 0.0.0.0:443
   
3. 2022/12/01 18:00:24 [crit] 822429#0: *4202 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 94.102.61.8, server: 0.0.0.0:443
   
4. 2022/12/01 21:32:34 [crit] 822433#0: *5220 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.212.132, server: 0.0.0.0:443
   
5. 2022/12/01 22:21:21 [crit] 822427#0: *5288 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
   
6. 2022/12/02 05:23:27 [crit] 928815#0: *121 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 106.75.226.239, server: 0.0.0.0:443
   
7. 2022/12/02 06:09:35 [crit] 928819#0: *152 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 103.213.96.233, server: 0.0.0.0:443

复制代码

vim /usr/local/nginx/conf/vhost/domain.com.conf

1. server
   
2.     {
   
3.         listen 80;
   
4.         #listen [::]:80;
   
5.         server_name domain.com;
   
6.         index index.html index.htm index.php default.html default.htm default.php;
   
7.         root  /home/wwwroot/domain.com;
   
8. 
   
9.         #include rewrite/none.conf;
   
10.         #error_page   404   /404.html;
    
11. 
    
12.         # Deny access to PHP files in specific directory
    
13.         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
14. 
    
15.         # include enable-php.conf;
    
16. 
    
17.         location ~ /.well-known {
    
18.             allow all;
    
19.         }
    
20. 
    
21.         location ~ /\.
    
22.         {
    
23.             deny all;
    
24.         }
    
25. 
    
26.         location / {
    
27.             return 301 https://$host$request_uri;
    
28.         }
    
29. 
    
30.         access_log off;
    
31.     }
    
32. 
    
33. server
    
34.     {
    
35.         listen 443 ssl http2;
    
36.         #listen [::]:443 ssl http2;
    
37.         server_name domain.com;
    
38.         index index.html index.htm index.php default.html default.htm default.php;
    
39.         root  /home/wwwroot/domain.com;
    
40. 
    
41.         ssl_certificate ssl/domain.com/ssl.crt;
    
42.         ssl_certificate_key ssl/domain.com/ssl.key;
    
43.         ssl_session_timeout 5m;
    
44.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    
45.         ssl_prefer_server_ciphers on;
    
46.         ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    
47.         ssl_session_cache builtin:1000 shared:SSL:10m;
    
48.         # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    
49.         ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
50. 
    
51.         # include rewrite/none.conf;
    
52.         #error_page   404   /404.html;
    
53. 
    
54.         # Deny access to PHP files in specific directory
    
55.         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
56. 
    
57.         # include enable-php.conf;
    
58. 
    
59.         location ~ /.well-known {
    
60.             allow all;
    
61.         }
    
62. 
    
63.         location ~ /\.
    
64.         {
    
65.             deny all;
    
66.         }
    
67. 
    
68.         location /
    
69.         {
    
70.             try_files $uri $uri/ /index.html;
    
71.         }
    
72. 
    
73.         location /api/
    
74.         {
    
75.             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
76.             proxy_ssl_server_name on;
    
77.             proxy_pass https://api.domain.com/;
    
78.         }
    
79. 
    
80.         location ~ .*\.html$
    
81.         {
    
82.             add_header Cache-Control no-store;
    
83.             add_header Pragma no-cache;
    
84.             add_header Expires -1;
    
85.         }
    
86. 
    
87.         include vhost/app/*.conf;
    
88. 
    
89.         access_log off;
    
90.     }
    

复制代码

vim /usr/local/nginx/conf/vhost/api.domain.com.conf

1. server
   
2.     {
   
3.         listen 443 ssl http2;
   
4.         #listen [::]:443 ssl http2;
   
5.         server_name api.domain.com;
   
6.         index index.html index.htm index.php default.html default.htm default.php;
   
7.         root  /home/wwwroot/api.domain.com/public;
   
8. 
   
9.         ssl_certificate ssl/api.domain.com/ssl.crt;
   
10.         ssl_certificate_key ssl/api.domain.com/ssl.key;
    
11.         ssl_session_timeout 5m;
    
12.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    
13.         ssl_prefer_server_ciphers on;
    
14.         ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    
15.         ssl_session_cache builtin:1000 shared:SSL:10m;
    
16.         # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    
17.         ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
18. 
    
19.         include rewrite/laravel.conf;
    
20.         #error_page   404   /404.html;
    
21. 
    
22.         # Deny access to PHP files in specific directory
    
23.         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
24. 
    
25.         include enable-php.conf;
    
26. 
    
27.         location ~ /.well-known {
    
28.             allow all;
    
29.         }
    
30. 
    
31.         location ~ /\.
    
32.         {
    
33.             deny all;
    
34.         }
    
35. 
    
36.         access_log off;
    
37.     }
    

复制代码

---

licess

502大概率和网站程序有关，开php慢日志一般就能看到程序那边的问题

ORH

licess 发表于 2022-12-2 16:43
502大概率和网站程序有关，开php慢日志一般就能看到程序那边的问题

好的军哥

蛋蛋的蛋

licess 发表于 2022-12-2 16:43
502大概率和网站程序有关，开php慢日志一般就能看到程序那边的问题

第一次听说还有慢日志  学习了