Forum: NGINX Memory leak under heavy load inside OpenVZ container

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
7656e544e5d30b4fc2f6fc8c9b22a9e2?d=identicon&s=25 Emmanuel Bastien (Guest)
on 2009-01-06 21:07
(Received via mailing list)
Hello,
For some reason my web site is being constantly flooded by requests
"GET //infe/getinfo.php HTTP/1.1" coming from one hundred client at
the same time.
Nginx 0.6.34 is running inside a Debian Etch OpenVZ container and
answering such DoS attack (?) with 403:

location ~* \.php$ {
  access_log off;
  return 403;
}

The incoming rate is 200 req/s.
I have two worker processes: one seems to be doing almost nothing and
the other one is kept busy at 2% CPU all the time servicing "403".
The problem is that this later process is allocation more and more
memory, in a linear fashion, until it gets recycled by Monit because
the box is in danger. The growing rate in terms of resident or virtual
memory is 8KB/s.
I have seen the worker using more than 50MB after a while, and only
servicing "403".
I could not find any reference to a known memory leak problem in Nginx
so I am thinking about a side effect coming from OpenVZ.
Is anyone running Nginx happily inside an OpenVZ container ?
Regards,
Emmanuel
15af4b7e3a7593e5c4adfd041de4101a?d=identicon&s=25 Jure Pečar (Guest)
on 2009-01-06 22:44
(Received via mailing list)
On Tue, 6 Jan 2009 20:57:10 +0100
"Emmanuel Bastien" <altacsd@yahoo.fr> wrote:

> Is anyone running Nginx happily inside an OpenVZ container ?

Yes, we're deploying it on commercial variant of OpenVZ, Virtuozzo. I
was
asking to clarify nginx memory consumption back in Nov 2007 and Igor
explained that it can be a product of various *buffer settings that
apply
per connection and number of connections. So if you're seeing a ddos,
you
might want to implement rate limiting on port 80 with iptables first and
then maybe play with limiting nginx settings.


--

Jure Pečar
http://jure.pecar.org/
This topic is locked and can not be replied to.