Unusual Private Inbound Traffic and CPU/Disk Peak

June 7, 2016 982 views
Security Nginx VPN Server Optimization Logging Networking Ubuntu

I got a couple of 504 nginx server errors yesterday. After checking the graphs of my droplet I noticed that there is a unusual high peak in both private inbound traffic and CPU/Disk usage.

Comparing it with the last 30 days this has never happened before. So it can't be a backup process or anything.

Whats weird that its "private inbound" and not public.

I haven't made any changes to the configuration in the past 7 days. Private networking is enabled because I am running mySQL on another droplet, apart from this one that runs nginx with wordpress.

What can I do to find out whats happening?

1 Answer

Hi @snowball,

There are a lot of options to be able to track what sorts of traffic are hitting your private interface. The best option would be to setup firewall rules on your private interface with a LOG setup, and then to monitor the logs to see what sort of traffic is hitting the interface. In all likelihood it's someone looking around at your server, but it's important to keep in mind that our private networking is not private from other customers.

here's an example tutorial we have on the subject:

by Mitchell Anicas
In this tutorial, we will teach you how to use a Iptables with shared private networking to simulate the network traffic isolation that a true private network can provide. We will also cover why you would want to do this, and provide an example of how to implement this in your own environment. The example should explain the concept well enough that you should be able to adapt the configuration to your own needs.
Have another answer? Share your knowledge.