Recently i setup a Ubuntu 12.04 VPS with 512mb/1ghz CPU, Nginx + php-fpm + Varnish + APC + Percona's MySQL server + CloudFlare Pro for our Ubuntu LoCo Team's WordPress blog. The blog get about 3~4k daily hits, use about 180MB and 8~20% CPU. Everything seems to be working insanely fast... page load is really good and is about 16x faster than any of our competitors... but there is one problem.
When we upload a image, WordPress don't resize it, so all we can do it insert the full image in the post. If the imagem have, let's say, 30kb, it resize fine... but if the image have 100kb+, it won't...
In nginx error logs i see this:
upstream timed out (110: Connection timed out) while reading response header from upstream, client: 150.162.216.64, server: www.ubuntubrsc.com, request: "POST /wp-admin/async-upload.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.ubuntubrsc.com", referrer: "http://www.ubuntubrsc.com/wp-admin/media-upload.php?post_id=2668&"
It seems to be related with the issue, but i dunno. When that timeout happens, i started to get it when i'm trying to view a post too:
upstream timed out (110: Connection timed out) while reading response header from upstream, client: 150.162.216.64, server: www.ubuntubrsc.com, request: "GET /tutoriais-gimp-6-adicionando-aplicando-novos-pinceis.html HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.ubuntubrsc.com", referrer: "http://www.ubuntubrsc.com/"
And only a restart of php5-fpm fix it.
I tryed increasing some timeouts and stuffs but it did not worked, so i guess it's some kind of limitation i did not figured yet. Could someone help me with it, please?
/etc/nginx/nginx.conf:
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 15;
keepalive_requests 2000;
types_hash_max_size 2048;
server_tokens off;
server_name_in_redirect off;
open_file_cache max=1000 inactive=300s;
open_file_cache_valid 360s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_body_buffer_size 128K;
client_header_buffer_size 1k;
client_max_body_size 2m;
large_client_header_buffers 4 8k;
client_body_timeout 10m;
client_header_timeout 10m;
send_timeout 10m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
error_log /var/log/nginx/error.log;
access_log off;
##
# CloudFlare's IPs (uncomment when site goes live)
##
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
real_ip_header CF-Connecting-IP;
set_real_ip_from 127.0.0.1/32;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_buffers 32 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
/etc/nginx/sites-avaiable/default:
##
# DEFAULT HANDLER
# ubuntubrsc.com
##
server {
listen 8080;
# Make site available from main domain
server_name www.ubuntubrsc.com;
# Root directory
root /var/www;
index index.php index.html index.htm;
include /var/www/nginx.conf;
access_log off;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* ^/wp-content/uploads/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
error_page 404 = @wordpress;
log_not_found off;
location @wordpress {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (-f $request_filename) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
server {
listen 8080;
server_name ubuntubrsc.* www.ubuntubrsc.net www.ubuntubrsc.org www.ubuntubrsc.com.br www.ubuntubrsc.info www.ubuntubrsc.in;
return 301 $scheme://www.ubuntubrsc.com$request_uri;
}
/var/www/nginx.conf:
# BEGIN W3TC Minify cache
location ~ /wp-content/w3tc/min.*\.js$ {
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
}
location ~ /wp-content/w3tc/min.*\.css$ {
types {}
default_type text/css;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
}
location ~ /wp-content/w3tc/min.*js\.gzip$ {
gzip off;
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header Content-Encoding gzip;
}
location ~ /wp-content/w3tc/min.*css\.gzip$ {
gzip off;
types {}
default_type text/css;
expires modified 31536000s;
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header Content-Encoding gzip;
}
# END W3TC Minify cache
# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location ~ \.(css|js|htc)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
}
location ~ \.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
expires 3600s;
add_header Pragma "public";
add_header Cache-Control "max-age=3600, public, must-revalidate, proxy-revalidate";
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
}
# END W3TC Browser Cache
# BEGIN W3TC Minify core
rewrite ^/wp-content/w3tc/min/w3tc_rewrite_test$ /wp-content/w3tc/min/index.php?w3tc_rewrite_test=1 last;
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc .gzip;
}
if (-f $request_filename$w3tc_enc) {
rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/wp-content/w3tc/min/(.+\.(css|js))$ /wp-content/w3tc/min/index.php?file=$1 last;
# END W3TC Minify core
# BEGIN W3TC Skip 404 error handling by WordPress for static files
if (-f $request_filename) {
break;
}
if (-d $request_filename) {
break;
}
if ($request_uri ~ "(robots\.txt|sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?)") {
break;
}
if ($request_uri ~* \.(css|js|htc|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$) {
return 404;
}
# END W3TC Skip 404 error handling by WordPress for static files
# BEGIN Better WP Security
location ~ /\.ht {
deny all;
}
location ~ wp-config.php {
deny all;
}
location ~ readme.html {
deny all;
}
location ~ readme.txt {
deny all;
}
location ~ /install.php {
deny all;
}
set $susquery 0;
set $rule_2 0;
set $rule_3 0;
rewrite ^wp-includes/(.*).php /not_found last;
rewrite ^/wp-admin/includes(.*)$ /not_found last;
if ($request_method ~* "^(TRACE|DELETE|TRACK)"){
return 403;
}
set $rule_0 0;
if ($request_method ~ "POST"){
set $rule_0 1;
}
if ($uri ~ "^(.*)wp-comments-post.php*"){
set $rule_0 2$rule_0;
}
if ($http_user_agent ~ "^$"){
set $rule_0 4$rule_0;
}
if ($rule_0 = "421"){
return 403;
}
if ($args ~* "\.\./") {
set $susquery 1;
}
if ($args ~* "boot.ini") {
set $susquery 1;
}
if ($args ~* "tag=") {
set $susquery 1;
}
if ($args ~* "ftp:") {
set $susquery 1;
}
if ($args ~* "http:") {
set $susquery 1;
}
if ($args ~* "https:") {
set $susquery 1;
}
if ($args ~* "(<|%3C).*script.*(>|%3E)") {
set $susquery 1;
}
if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") {
set $susquery 1;
}
if ($args ~* "base64_encode") {
set $susquery 1;
}
if ($args ~* "(%24&x)") {
set $susquery 1;
}
if ($args ~* "(\[|\]|\(|\)|<|>|ê|\"|;|\?|\*|=$)"){
set $susquery 1;
}
if ($args ~* "("|'|<|>|\|{|||%24&x)"){
set $susquery 1;
}
if ($args ~* "(%0|%A|%B|%C|%D|%E|%F|127.0)") {
set $susquery 1;
}
if ($args ~* "(globals|encode|localhost|loopback)") {
set $susquery 1;
}
if ($args ~* "(request|select|insert|concat|union|declare)") {
set $susquery 1;
}
if ($http_cookie !~* "wordpress_logged_in_" ) {
set $susquery "${susquery}2";
set $rule_2 1;
set $rule_3 1;
}
if ($susquery = 12) {
return 403;
}
# END Better WP Security
/etc/php5/fpm/php-fpm.conf:
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
emergency_restart_threshold = 3
emergency_restart_interval = 1m
process_control_timeout = 10s
events.mechanism = epoll
/etc/php5/fpm/php.ini (only options i changed):
open_basedir ="/var/www/"
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,dl,system,shell_exec,fsockopen,parse_ini_file,passthru,popen,proc_open,proc_close,shell_exec,show_source,symlink,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec ,highlight_file,escapeshellcmd,define_syslog_variables,posix_uname,posix_getpwuid,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellarg,posix_uname,ftp_exec,ftp_connect,ftp_login,ftp_get,ftp_put,ftp_nb_fput,ftp_raw,ftp_rawlist,ini_alter,ini_restore,inject_code,syslog,openlog,define_syslog_variables,apache_setenv,mysql_pconnect,eval,phpAds_XmlRpc,phpA ds_remoteInfo,phpAds_xmlrpcEncode,phpAds_xmlrpcDecode,xmlrpc_entity_decode,fp,fput,virtual,show_source,pclose,readfile,wget
expose_php = off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
display_errors = Off
post_max_size = 2M
allow_url_fopen = off
default_socket_timeout = 60
APC settings:
[APC]
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 64M
apc.optimization = 0
apc.num_files_hint = 4096
apc.ttl = 60
apc.user_ttl = 7200
apc.gc_ttl = 0
apc.cache_by_default = 1
apc.filters = ""
apc.mmap_file_mask = "/tmp/apc.XXXXXX"
apc.slam_defense = 0
apc.file_update_protection = 2
apc.enable_cli = 0
apc.max_file_size = 10M
apc.stat = 1
apc.write_lock = 1
apc.report_autofilter = 0
apc.include_once_override = 0
apc.localcache = 0
apc.localcache.size = 512
apc.coredump_unmap = 0
apc.stat_ctime = 0
/etc/php5/fpm/pool.d/www.conf
user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 3s;
pm.max_requests = 50
I also started to get 404 errors in front page if i use W3 Total Cache's Page Cache (Disk Enhanced). It worked fine untill somedays ago, and then, out of nowhere, it started to happen. Tonight i will disable my mobile plugin and activate only W3 Total Cache to see if it's a conflict with them...
And to finish all this, i have been getting this error:
PHP Warning: apc_store(): Unable to allocate memory for pool. in /var/www/wp-content/plugins/w3-total-cache/lib/W3/Cache/Apc.php on line 41
I already modifed my APC settings, but no sucess. So... could anyone help me with those issuees, please?
Ooohh... if it helps, i instaled PHP like this:
sudo apt-get install php5-fpm php5-suhosin php-apc php5-gd php5-imagick php5-curl
And Nginx from the official PPA. Sorry for my bad english and thanks for your time people! (:
