Nov 2 23:53:59 xxxxxx apachectl[70750]: AH00513: WARNING: MaxRequestWorkers of 400 is not an integer multiple of ThreadsPerChild of 250, decreasing to nearest multiple 250, for a maximum of 1 servers.
<IfModule mpm_event_module>ServerLimit 16StartServers 3MinSpareThreads 75MaxSpareThreads 250ThreadLimit 750 # 500ThreadsPerChild 250AsyncRequestWorkerFactor 2MaxRequestWorkers 1000 # 400MaxConnectionsPerChild 0</IfModule>
On 28/10/2022 10:42 am, Mike Dewhirst wrote:
On 27/10/2022 2:55 am, Frank Gingras wrote:
The defaults in the docs really cater to a low-traffic server; perhaps there should be a note to that effect.
On Wed, 26 Oct 2022 at 01:47, Mike Dewhirst <miked@xxxxxxxxxxxxxxx> wrote:
On 26/10/2022 12:45 pm, Frank Gingras wrote:
You could temporarily increase your ThreadsPerChild, as 25 is extremely low and increases the chances of that bug occurring.
Thanks Frank
These are the adjustments I made ...
ThreadLimit 500 #64
ThreadsPerChild 250 #25
This seems to have worked ...
Server uptime: 1 day 17 hours 23 minutes 47 seconds
Server uptime: 3 days 21 hours 57 minutes 33 seconds
Sadly I have to restart the machine for security updates so I'll have to start the count again. But it is looking good!
Many thanks Frank
:-)
Mike
The server is not heavily used other than by script-kiddies looking for php hacks. My next project is to find some way to black-hole anything with php or wp in the request. Maybe a redirect to google or something.
I'd have to find out what fix applies to this bug, and why your installation is still vulnerable. Perhaps your distro used backports.
I can't answer such questions.
But the defaults were very restrictive originally - set by DigitalOcean I suppose. I changed them to the defaults specified in the Apache docs - per the comment lines in my original post.
Thanks for responding so quickly.
Cheers
mike
On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst <miked@xxxxxxxxxxxxxxx> wrote:
My Apache 2.4.52 is crashing with a bug apparently eliminated in 2.4.7.
Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2
mod_wsgi/4.9.0 Python/3.10
Server MPM: event
Server Built: 2022-06-14T12:30:21
DigitalOcean droplet 8GB memory, dedicated CPU.
The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid 904:tid
140622640994176] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.
mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of processes (default 16)
# StartServers: initial number of server processes to start (default 3)
# MinSpareThreads: minimum number of worker threads which are kept spare
(default 75)
# MaxSpareThreads: maximum number of worker threads which are kept spare
(default 250)
# ThreadLimit: upper limit on the configurable number of threads per
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each server
process (default 25)
# MaxRequestWorkers: maximum number of worker threads
(ServerLimit*ThreadsPerChild)
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
ServerLimit 16
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadLimit 64
ThreadsPerChild 25
AsyncRequestWorkerFactor 2
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Just ask and I'll send it to you. Your email software can handle signing.
-- Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Just ask and I'll send it to you. Your email software can handle signing.
-- Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Just ask and I'll send it to you. Your email software can handle signing.
-- Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Just ask and I'll send it to you. Your email software can handle signing.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature