Nginx (as reverse proxy) is using 675mb memory on almost clean install

peps03

Verified User
Joined
Oct 24, 2013
Messages
191
Location
Amsterdam
Hi!

I recently set up a new vps (Cent OS7) with custombuild 2.0, Apache 2.4 with nginx reverse proxy, php-fpm 5.6 (and 7), mpm worker, MariaDB 10.1, mod_security and csf.

For some reason Nginx uses 675mb of memory (http://prntscr.com/91bu6t) with only 1 (1mb) website on the server and 1 light (300mb) website which consits mostly of pictures .
When i restart nginx the memory usage is still about 175mb.
I don't think this is normal. But don't see much in the nginx logs, except these lines returning:

2015/11/10 21:20:41 [notice] 24971#0: ModSecurity for nginx (STABLE)/2.9.0 (http://www.modsecurity.org/) configured.
2015/11/10 21:20:41 [notice] 24971#0: ModSecurity: APR compiled version="1.5.2"; loaded version="1.5.2"
2015/11/10 21:20:41 [notice] 24971#0: ModSecurity: PCRE compiled version="8.20 "; loaded version="8.20 2011-10-21"
2015/11/10 21:20:41 [notice] 24971#0: ModSecurity: LIBXML compiled version="2.9.2"
2015/11/10 21:20:41 [notice] 24971#0: ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.

Are these lines indicating an issue? (Google doesn't make me much wiser..)

And mainly, why is the nginx memory usage so high with so little on the server? And what to do about it?

Thanks!
 
PID RSS S TTY TIME COMMAND
1504 59056 S ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/ng
1509 60796 S ? 00:00:02 nginx: worker process
1510 63000 S ? 00:00:00 nginx: worker process
 
So it takes something about 180Mb. How much do you see at the moment in Directadmin?
 
Compare how much you see used RAM in directadmin and in console (without rebooting/restarting):

Code:
ps -C nginx -O rss

Do they match?
 
PID RSS S TTY TIME COMMAND
1504 118412 S ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
28579 124052 S ? 00:00:06 nginx: worker process
28580 124472 S ? 00:00:04 nginx: worker process
 
What do you see in nginx/apache logs? Probably your server is under bots attacks?
 
Ningx error log of today = empty (not totally empty, but today empty)
Brute force monitor only 1 ip with 8 hits.
Httpd error log of today just:

[Fri Nov 13 00:10:01.455702 2015] [mpm_worker:notice] [pid 1485:tid 140172159903808] AH00298: SIGHUP received. Attempting to restart
[Fri Nov 13 00:10:01.473208 2015] [auth_digest:notice] [pid 1485:tid 140172159903808] AH01757: generating secret for digest authentication ...
[Fri Nov 13 00:10:02.008298 2015] [ssl:warn] [pid 1485:tid 140172159903808] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Nov 13 00:10:02.009628 2015] [ssl:warn] [pid 1485:tid 140172159903808] AH01906: www.example.com:8081:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Nov 13 00:10:02.009649 2015] [ssl:warn] [pid 1485:tid 140172159903808] AH01909: www.example.com:8081:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 13 00:10:02.009747 2015] [lbmethod_heartbeat:notice] [pid 1485:tid 140172159903808] AH02282: No slotmem from mod_heartmonitor
[Fri Nov 13 00:10:02.011717 2015] [mpm_worker:notice] [pid 1485:tid 140172159903808] AH00292: Apache/2.4.17 (Unix) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Fri Nov 13 00:10:02.011743 2015] [core:notice] [pid 1485:tid 140172159903808] AH00094: Command line: '/usr/sbin/httpd'
[Fri Nov 13 00:11:01.978673 2015] [mpm_worker:notice] [pid 1485:tid 140172159903808] AH00297: SIGUSR1 received. Doing graceful restart
[Fri Nov 13 00:11:01.997379 2015] [auth_digest:notice] [pid 1485:tid 140172159903808] AH01757: generating secret for digest authentication ...
[Fri Nov 13 00:11:02.009258 2015] [ssl:warn] [pid 1485:tid 140172159903808] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Nov 13 00:11:02.010891 2015] [ssl:warn] [pid 1485:tid 140172159903808] AH01906: www.example.com:8081:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Nov 13 00:11:02.010916 2015] [ssl:warn] [pid 1485:tid 140172159903808] AH01909: www.example.com:8081:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 13 00:11:02.011043 2015] [lbmethod_heartbeat:notice] [pid 1485:tid 140172159903808] AH02282: No slotmem from mod_heartmonitor
[Fri Nov 13 00:11:02.011162 2015] [mpm_worker:notice] [pid 1485:tid 140172159903808] AH00292: Apache/2.4.17 (Unix) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Fri Nov 13 00:11:02.011172 2015] [core:notice] [pid 1485:tid 140172159903808] AH00094: Command line: '/usr/sbin/httpd'
[Fri Nov 13 06:20:38.780727 2015] [cgi:error] [pid 25523:tid 140171743745792] [client xxxxxxxxx:47231] AH02811: script not found or unable to stat: /var/www/html/tmUnblock.cgi
[Fri Nov 13 06:20:39.112465 2015] [cgi:error] [pid 27401:tid 140171676604160] [client xxxxxxxxx:47232] AH02811: script not found or unable to stat: /var/www/html/tmUnblock.cgi
 
Nobody here seems to have answers, so you need either debug it yourself or get someone to check it for you. You can ask the question on nginx's mailing lists hoping they could identify your problem remotely without logging into SSH.
 
I'd start with disabling mod_security, then recompile apache with prefork + mod_php
 
Back
Top