Нет,<br>дело не в nginx, это опция ядра, SYN COOKIES.<br>При SYN-флуде начинает "метить" клиентов, и не пропускает левые соединения.<br>Для отключения - <span style="font-family: monospace;">echo 0 > /proc/sys/net/ipv4/tcp_syncookies<br>
</span>Но, возможно, на Ваш сервер правда флуд идет :)<br><div><span class="gmail_quote">13.03.08, <b class="gmail_sendername">Anton Bogdanovitch</b> <<a href="mailto:poison.box@gmail.com">poison.box@gmail.com</a>> написал(а):</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
На сервере установлен nginx/0.5.26 + php-cgi 5.2.5 через fastcgi.<br> Нагрузка ~ 4000 уникальных посетителей в час.<br> В /var/log/messages каждые 10-20 минут появляется сообщение<br> kernel: possible SYN flooding on port 80. Sending cookies.<br>
<br> netstat -n -p|grep SYN_REC | wc -l<br> показывает от 30 до 250 соединений SYN_REC, причем если соединений<br> больше 100, то 80 из них - это один ip, потом он исчезает, появляется<br> другой ip, и так далее.<br> <br>
Раз в сутки сервер стабильно виснет, не оставляя ничего в логах, кроме<br> possible SYN flooding on port 80. Sending cookies. Так, что админам<br> приходится ребутить руками. В рабочее время нагрузка на нем почти ноль.<br>
<br> Может ли причиной быть кривая конфигурация/баг в nginx? (конфиг в аттаче)<br> <br> Типичный случай:<br> netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'<br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://122.50.182.117">122.50.182.117</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://70.245.13.128">70.245.13.128</a><br> <a href="http://75.57.133.196">75.57.133.196</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://70.245.13.128">70.245.13.128</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://24.99.246.104">24.99.246.104</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://72.234.1.154">72.234.1.154</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://72.234.1.154">72.234.1.154</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://24.99.246.104">24.99.246.104</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://70.245.13.128">70.245.13.128</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://24.99.246.104">24.99.246.104</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://70.245.13.128">70.245.13.128</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://70.245.13.128">70.245.13.128</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br>
<a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://60.50.160.90">60.50.160.90</a><br> <a href="http://70.245.13.128">70.245.13.128</a><br> <br> <br>user nginx;<br>
worker_processes 4;<br> <br> #error_log /var/log/nginx/error.log;<br> error_log /var/log/nginx/error.log notice;<br> #error_log /var/log/nginx/error.log info;<br> <br> pid /var/run/nginx.pid;<br> <br> <br> events {<br>
worker_connections 2048;<br> }<br> <br> <br> http {<br> include /etc/nginx/mime.types;<br> default_type application/octet-stream;<br> <br> log_format main '$remote_addr - $remote_user [$time_local] $request '<br>
'"$status" $body_bytes_sent "$http_referer" '<br> '"$http_user_agent" "$http_x_forwarded_for"';<br> <br> access_log /var/log/nginx/access.log main;<br>
<br> sendfile on;<br> #tcp_nopush on;<br> <br> #keepalive_timeout 0;<br> keepalive_timeout 65;<br> <br> server_names_hash_bucket_size 64;<br> <br> #gzip on;<br> <br> <br> server {<br> listen 80;<br>
server_name <a href="http://somedomain.com">somedomain.com</a>;<br> <br> #access_log /var/www/somedomain.com/log/access main;<br> access_log /var/www/somedomain.com/log/access main;<br>
error_log /var/www/somedomain.com/log/error notice;<br> <br> root /var/www/somedomain.com/data;<br> index index.php;<br> <br> <br> location ~ /\.ht {<br>
deny all;<br> }<br> <br> <br> location ~* ^.+\.(class|inc)$ {<br> deny all;<br> }<br> <br> location ~* ^\/(\d+)\/(\d+)\/(.+)$ {<br>
rewrite ^\/(\d+)\/(\d+)\/(.+)$ /$3?$args last;<br> break;<br> }<br> <br> location ~* ^\/(\d+)\/(\d+)\/?$ {<br> rewrite ^\/(\d+)\/(\d+)\/?$ /index.php?page=$1&aff=$2&$args last;<br>
break;<br> }<br> <br> location ~* ^.+\.php$ {<br> <br> fastcgi_pass unix:/tmp/php-fcgi.sock;<br> fastcgi_index index.php;<br>
<br> include /etc/nginx/fastcgi.conf;<br> }<br> <br> <br> location / {<br> if (!-e $request_filename) {<br> rewrite ^(.*)$ /index.php?request_uri=$1 last;<br>
break;<br> }<br> }<br> }<br> <br> <br> <br> }<br> <br></blockquote></div><br>