Memory leak under heavy load inside OpenVZ container


#1

Hello,
For some reason my web site is being constantly flooded by requests
“GET //infe/getinfo.php HTTP/1.1” coming from one hundred client at
the same time.
Nginx 0.6.34 is running inside a Debian Etch OpenVZ container and
answering such DoS attack (?) with 403:

location ~* .php$ {
access_log off;
return 403;
}

The incoming rate is 200 req/s.
I have two worker processes: one seems to be doing almost nothing and
the other one is kept busy at 2% CPU all the time servicing “403”.
The problem is that this later process is allocation more and more
memory, in a linear fashion, until it gets recycled by Monit because
the box is in danger. The growing rate in terms of resident or virtual
memory is 8KB/s.
I have seen the worker using more than 50MB after a while, and only
servicing “403”.
I could not find any reference to a known memory leak problem in Nginx
so I am thinking about a side effect coming from OpenVZ.
Is anyone running Nginx happily inside an OpenVZ container ?
Regards,
Emmanuel


#2

On Tue, 6 Jan 2009 20:57:10 +0100
“Emmanuel Bastien” removed_email_address@domain.invalid wrote:

Is anyone running Nginx happily inside an OpenVZ container ?

Yes, we’re deploying it on commercial variant of OpenVZ, Virtuozzo. I
was
asking to clarify nginx memory consumption back in Nov 2007 and Igor
explained that it can be a product of various *buffer settings that
apply
per connection and number of connections. So if you’re seeing a ddos,
you
might want to implement rate limiting on port 80 with iptables first and
then maybe play with limiting nginx settings.

Jure Pečar
http://jure.pecar.org/