LEMP Wordpress: php5-fpm.sock failed

January 10, 2016 15k views
Nginx MySQL PHP One-Click Install Apps WordPress LEMP Ubuntu
defmc
By:
defmc

Hi,

Lately my server has been going down more and more often. It started once a month, then twice, but now its constantly crashing. Im completely new to this, so im lost to where i should start looing for answers. But im pretty sure this has to do with memory. Though not because of traffic, but likely due to configuration.

So im just gonna paste the errors I get, and hope that some of you can help me figure this out.

The droplet is a 1gb, Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic, wordpress on LEMP.

Im running monit, which at this moment is constantly telling me that php5 is failing. A service mysql restart is fixing it for a couple of minutes before it fails again.

nginx error.log is repeating this:

2016/01/09 18:58:31 [error] 2507#0: *9 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 85.159.237.219, $.219, server: mydomain.no, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"

syslog

Jan  9 19:07:12 mydomain kernel: [ 1350.422250] perf samples too long (20030 > 20000), lowering kernel.perf_event_max_sample_rate to 6250

Jan  9 18:45:29 mydomain kernel: [   47.269310] random: nonblocking pool is initialized

php5-fpm.log

[09-Jan-2016 18:50:45] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful

monit mails

  1. Connection failed Service nginx ... Resource temporarily unavailable
  2. Connection failed Service php5-fpm
  3. Execution failed Service php5-fpm ... failed to stop

I have setup a swap following this tutorial http://do.co/1JCf6pf, but im really not sure how to see if it works/i did it the right way.

I really want to understand how to debug memory-issues, as im sure that is the problem. But i really dont know where to begin.

A nudge in the right direction is much appreciated.

Log In to Comment
3 Answers
defmc January 12, 2016

I managed to fix the problem. By preventing access to xmlrpc.php in my nginx.conf ( http://bit.ly/1SfjFJ2 ) and setting up fail2ban, everything is working as it should.

Ive set up fail2ban following the DO-tutorial ( http://do.co/1W2mXhQ ) with mail-notifications, and the first 12-hours or so I got about 20 ban-notifications. As soon as it started banning ip-adresses - 30 minutes after configuration - php5-fpm stopped failing.

Thank you @petercollins83 for pointing out the suspicious IP-adress and the xmlrpc.php-issue!

Reply
defmc January 10, 2016

By the way, this is what toplooks like after services restart

http://www.imagizer.imageshack.com/img910/2250/gZeO4T.png

Reply
petercollins83 January 11, 2016

i got a lot of those ip's in my logs, 85.159.237.219, against xmlrpc.php. googling xmlrpc.php seems like its a wordpress security vulnerability, so youve got the dame dude trying to hack/crash your site.

Reply
  • defmc January 11, 2016

    Do you have any suggestions on how to proceed fixing this? Would something like fail2ban help in this situation?

    • petercollins83 January 11, 2016

      i just renamed the xmlrpc.php file. It's mainly for external application access to wordpress (e.g. using jetpack... some other plugins/apps also, none of which I use) so I had no problems renaming it.

      there might be more elaborate solutions but didnt look into them myself.

Have another answer? Share your knowledge.

Related Questions