Super slow droplet

April 17, 2019 358 views
Security Networking Monitoring High Availability Debian 9
reid
By:
reid

A few weeks ago I setup a 2nd droplet on SFO1. I never had any slowness issues with the first SFO1 droplet, but this new one seems to go through hours-long periods of slowness (e.g. 20 seconds to load a small static web page). If I check my other SF01 droplet at the same time, it's normal/fast loading.

On the DigitalOcean control panel, the new droplet shows close to zero resources/cpu being used. I have an iptables firewall in place, and access to the new site is limited to myself.

In the 3 weeks that I've had the new droplet, this has happened 3 times that I'm aware of.

Installed on the droplet is Debian, Apache, PHP, and MariaDB.

Any ideas? Things to check?

Log In to Comment
2 Answers
jarland MOD April 17, 2019

Hey friend,

I'm sorry about the trouble this is causing for you. The first thing I want to do, when I hear something like this, is check to see if there are any problems outside of your ability to influence. By that I mostly mean hypervisor performance issues, noisy neighbors, etc. When I do that, I feel it's not enough to just tell you that I checked it, I want to be completely transparent and show you that I did, because it's what I would want if I were on the other side of the fence.

So I checked the hypervisor just to rule out anything there. It looks greatly, highly under utilized. Here's a look:

https://d.pr/i/xkLoOr
https://d.pr/i/9D76P1

That doesn't lead us to a solution but it's a start in excluding possibilities. I have another theory that may sound like a wild one, but it doesn't sound crazy in my head. What if the IP of that droplet is a higher than normal value target to some malicious actor or content scraper, based perhaps on what was previously hosted on it, and this is causing Apache's prefork setup to run out of child procs? This is a good reason for a setup that works fine to be replicated and experience what you described simply for having a different IP, and far from something I've never experienced.

With that theory in mind, I wonder if changing to worker MPM will help. You should be able to see which MPM is running with this, assuming a Debian/Ubuntu server:

apache2ctl -V | grep "MPM"

If you see prefork, I may be on to something. In that case, this guide may be a decent start for tweaking Apache for better performance:

https://www.tecmint.com/apache-performance-tuning/

Apache is great and I use it almost exclusively, but it has historically been true that it gets shipped with defaults that don't do well with traffic, and you may not be aware of or expecting the automated traffic that I am proposing may be occurring.

I hope that helps!

Jarland

Reply
reid April 17, 2019

Thank you for your quick reply. This is what I get:

root@www:# apache2ctl -V | grep "MPM"
Server MPM: prefork
root@www:#

I do see a fair amount of traffic in my apache logs given that my website isn't even yet online, so maybe your theory is correct.

I've taken a look at that tecmint article, but didn't come across anything about how to deal with this issue. Is there anything in particular that you'd recommend?

Reply
  • jarland MOD April 17, 2019

    I think switching to Event or Worker MPM might be worth a try. It's been a while since I've done it, but either of those work incredibly well in comparison to prefork.

Have another answer? Share your knowledge.

Related Questions