Question

Unusual Private Inbound Traffic and CPU/Disk Peak

I got a couple of 504 nginx server errors yesterday. After checking the graphs of my droplet I noticed that there is a unusual high peak in both private inbound traffic and CPU/Disk usage.

Comparing it with the last 30 days this has never happened before. So it can’t be a backup process or anything.

Whats weird that its “private inbound” and not public.

I haven’t made any changes to the configuration in the past 7 days. Private networking is enabled because I am running mySQL on another droplet, apart from this one that runs nginx with wordpress.

What can I do to find out whats happening?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @snowball,

There are a lot of options to be able to track what sorts of traffic are hitting your private interface. The best option would be to setup firewall rules on your private interface with a LOG setup, and then to monitor the logs to see what sort of traffic is hitting the interface. In all likelihood it’s someone looking around at your server, but it’s important to keep in mind that our private networking is not private from other customers.

here’s an example tutorial we have on the subject: https://www.digitalocean.com/community/tutorials/how-to-isolate-servers-within-a-private-network-using-iptables