Zak提出的问题 -server

Zak

Asked: 2024-01-26 07:17:28 +0800 CST

Melhor maneira de servir vários sites WorPress – Hospedagem compartilhada em servidor único

5

Pretendo mover cerca de 500 sites WordPress de suas respectivas VMs individuais para um único servidor para eficiência e economia de custos.

Nesse único servidor terei instalações separadas para cada site. Eles terão seus próprios diretórios e compartilharão apenas um pluginslink simbólico comum para manter os plug-ins atualizados em todos os aspectos.

É seguro o suficiente tê-los lado a lado em seus respectivos diretórios?

Preciso chegar ao ponto de criar um usuário do sistema para cada instalação que tenha apenas acesso de gravação a esses arquivos?

É seguro ter os bancos de dados próximos um do outro, mesmo que eles tenham nomes de usuário individuais que SOMENTE tenham acesso a esse banco de dados (não há root com acesso "onisciente" - $ show databases;).

Devo prender cada instalação?

Devo colocar cada instalação em um contêiner?

Eu considerei a instalação do WP Multisite, mas meu eu paranóico pode ver tantos problemas com isso.

Eu tentei pesquisar isso e pesquisar e pesquisar, mas continuo encontrando razões para NÃO instalar vários sites WP em um único servidor.

Devo colocá-los atrás de um IP Cloudfare?

Estou dando muita importância a isso? Tenho um histórico fantástico de nenhum compromisso de WP e gostaria de mantê-lo assim.

Este é um servidor VM dedicado auto-hospedado. O ambiente é

VCloud VMWare
Ubuntu 20.04.2LTS
PHP 8.1
Apache 2.4
MySQL versão 8.0.23
WordPress mais recente

Zak

Asked: 2021-12-11 10:58:38 +0800 CST

Apache trava por 20 minutos a cada poucos dias

0

Estou tendo um inferno de um tempo para descobrir isso. Apache, a cada poucos dias trava por cerca de 20 minutos e depois "volta à vida". Isso aconteceu durante o meio do dia, aconteceu no meio da noite. O servidor é um servidor web robusto com 4 CPUs, 8 GB de RAM e outro swap de 12 GB. Não consigo ver nada que se destaque nos logs de erros. Alguém pode ver alguma coisa nesses logs para indicar o PROBLEMA ? Como tudo que vejo parece resultado do problema ou sintoma!

syslog

Dec 10 05:25:02 admin kernel: [397885.197196] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23622 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:25:03 admin kernel: [397886.194931] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23623 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:25:05 admin kernel: [397888.198941] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23624 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:25:08 admin kernel: [397891.641472] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=20.115.4.12 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=967 DF PROTO=TCP SPT=52268 DPT=80 WINDOW=2045 RES=0x00 ACK FIN URGP=0
Dec 10 05:25:08 admin kernel: [397891.974137] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=18.206.39.189 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=28012 DF PROTO=TCP SPT=50916 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0
Dec 10 05:25:08 admin kernel: [397891.974230] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=18.206.39.189 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=28013 DF PROTO=TCP SPT=50866 DPT=80 WINDOW=1021 RES=0x00 ACK FIN URGP=0
Dec 10 05:25:09 admin kernel: [397892.210857] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23625 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:25:09 admin CRON[8325]: (root) CMD (sh /etc/apache2/websitesCron/apacheTest.sh)
Dec 10 05:25:09 admin CRON[8326]: (root) CMD (if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi)
Dec 10 05:25:10 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 388
Dec 10 05:25:10 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 388
Dec 10 05:25:17 admin kernel: [397900.226738] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23626 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:25:25 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 401
Dec 10 05:25:25 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 401
Dec 10 05:25:27 admin kernel: [397910.285120] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=20.115.4.12 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=985 DF PROTO=TCP SPT=52268 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0
Dec 10 05:25:33 admin kernel: [397916.242478] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23627 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:25:34 admin sendmail[8390]: 1BABPXbK008390: from=root, size=425, class=0, nrcpts=1, msgid=<[email protected]>, bodytype=8BITMIME, relay=root@localhost
Dec 10 05:25:34 admin sendmail[8390]: 1BABPXbK008390: to=root, delay=00:00:01, mailer=relay, pri=30425, stat=queued
Dec 10 05:25:40 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 413
Dec 10 05:25:40 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 413
Dec 10 05:25:55 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 419
Dec 10 05:25:55 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 419
Dec 10 05:26:04 admin CRON[8459]: (root) CMD (cp /var/spool/cron/crontabs/root /var/www/crontab/root && chmod 777 /var/www/crontab/root && chown zak:zak /var/www/crontab/root)
Dec 10 05:26:05 admin kernel: [397948.305893] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:50:56:08:09:19:08:00 SRC=10.2.6.60 DST=10.2.6.80 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23628 DF PROTO=TCP SPT=59284 DPT=4949 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 10 05:26:10 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 423
Dec 10 05:26:10 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 423
Dec 10 05:26:25 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 428
Dec 10 05:26:25 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 428
Dec 10 05:26:26 admin kernel: [397969.985342] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=20.115.4.12 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=990 DF PROTO=TCP SPT=62843 DPT=80 WINDOW=2045 RES=0x00 ACK FIN URGP=0
Dec 10 05:26:29 admin kernel: [397972.391234] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=20.115.4.12 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=995 DF PROTO=TCP SPT=62843 DPT=80 WINDOW=2045 RES=0x00 ACK FIN URGP=0
Dec 10 05:26:34 admin kernel: [397977.203821] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=20.115.4.12 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=999 DF PROTO=TCP SPT=62843 DPT=80 WINDOW=2045 RES=0x00 ACK FIN URGP=0
Dec 10 05:26:40 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 436
Dec 10 05:26:40 admin kernel: [397983.346629] apache2 invoked oom-killer: gfp_mask=0x26000c0, order=2, oom_score_adj=0
Dec 10 05:26:40 admin kernel: [397983.346635] apache2 cpuset=/ mems_allowed=0
Dec 10 05:26:40 admin kernel: [397983.346644] CPU: 0 PID: 8270 Comm: apache2 Not tainted 4.4.0-119-generic #143-Ubuntu
Dec 10 05:26:40 admin kernel: [397983.346646] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Dec 10 05:26:40 admin kernel: [397983.346649]  0000000000000286 553e9d17649eeffd ffff8800138a7b10 ffffffff81400443
Dec 10 05:26:40 admin kernel: [397983.346652]  ffff8800138a7cc8 ffff8800b8e5aa00 ffff8800138a7b80 ffffffff8121086e
Dec 10 05:26:40 admin kernel: [397983.346655]  ffff88023fc1ad70 ffff88023fc1ad60 ffffea0006a80b00 0000000100000001
Dec 10 05:26:40 admin kernel: [397983.346657] Call Trace:
Dec 10 05:26:40 admin kernel: [397983.346670]  [<ffffffff81400443>] dump_stack+0x63/0x90
Dec 10 05:26:40 admin kernel: [397983.346677]  [<ffffffff8121086e>] dump_header+0x5a/0x1c5
Dec 10 05:26:40 admin kernel: [397983.346682]  [<ffffffff81196f32>] oom_kill_process+0x202/0x3c0
Dec 10 05:26:40 admin kernel: [397983.346685]  [<ffffffff81197359>] out_of_memory+0x219/0x460
Dec 10 05:26:40 admin kernel: [397983.346689]  [<ffffffff8119d3a5>] __alloc_pages_slowpath.constprop.88+0x965/0xb00
Dec 10 05:26:40 admin kernel: [397983.346692]  [<ffffffff8119d7c8>] __alloc_pages_nodemask+0x288/0x2a0
Dec 10 05:26:40 admin kernel: [397983.346694]  [<ffffffff8119d87b>] alloc_kmem_pages_node+0x4b/0xc0
Dec 10 05:26:40 admin kernel: [397983.346699]  [<ffffffff8108077e>] copy_process+0x1be/0x1bb0
Dec 10 05:26:40 admin kernel: [397983.346703]  [<ffffffff811a44f7>] ? lru_cache_add_active_or_unevictable+0x27/0xa0
Dec 10 05:26:40 admin kernel: [397983.346707]  [<ffffffff811c6178>] ? handle_mm_fault+0xcc8/0x1820
Dec 10 05:26:40 admin kernel: [397983.346709]  [<ffffffff81082300>] _do_fork+0x80/0x360
Dec 10 05:26:40 admin kernel: [397983.346712]  [<ffffffff81082689>] SyS_clone+0x19/0x20
Dec 10 05:26:40 admin kernel: [397983.346717]  [<ffffffff8184f708>] entry_SYSCALL_64_fastpath+0x1c/0xbb
Dec 10 05:26:40 admin kernel: [397983.346718] Mem-Info:
Dec 10 05:26:40 admin kernel: [397983.346723] active_anon:1463690 inactive_anon:290454 isolated_anon:132
Dec 10 05:26:40 admin kernel: [397983.346723]  active_file:17208 inactive_file:13369 isolated_file:0
Dec 10 05:26:40 admin kernel: [397983.346723]  unevictable:913 dirty:0 writeback:987 unstable:0
Dec 10 05:26:40 admin kernel: [397983.346723]  slab_reclaimable:19387 slab_unreclaimable:41949
Dec 10 05:26:40 admin kernel: [397983.346723]  mapped:25866 shmem:18736 pagetables:141112 bounce:0
Dec 10 05:26:40 admin kernel: [397983.346723]  free:26269 free_pcp:0 free_cma:0
Dec 10 05:26:40 admin kernel: [397983.346728] Node 0 DMA free:15864kB min:132kB low:164kB high:196kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:8kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
Dec 10 05:26:40 admin kernel: [397983.346734] lowmem_reserve[]: 0 2937 7928 7928 7928
Dec 10 05:26:40 admin kernel: [397983.346737] Node 0 DMA32 free:44712kB min:24988kB low:31232kB high:37480kB active_anon:2037256kB inactive_anon:515680kB active_file:24624kB inactive_file:19936kB unevictable:1228kB isolated(anon):348kB isolated(file):0kB present:3129216kB managed:3048436kB mlocked:1228kB dirty:0kB writeback:2620kB mapped:38304kB shmem:28716kB slab_reclaimable:25488kB slab_unreclaimable:70356kB kernel_stack:15136kB pagetables:261600kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
Dec 10 05:26:40 admin kernel: [397983.346743] lowmem_reserve[]: 0 0 4990 4990 4990
Dec 10 05:26:40 admin kernel: [397983.346745] Node 0 Normal free:44500kB min:42460kB low:53072kB high:63688kB active_anon:3817504kB inactive_anon:646136kB active_file:44208kB inactive_file:33540kB unevictable:2424kB isolated(anon):180kB isolated(file):0kB present:5242880kB managed:5110492kB mlocked:2424kB dirty:0kB writeback:1328kB mapped:65160kB shmem:46228kB slab_reclaimable:52060kB slab_unreclaimable:97432kB kernel_stack:13728kB pagetables:302848kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
Dec 10 05:26:40 admin kernel: [397983.346750] lowmem_reserve[]: 0 0 0 0 0
Dec 10 05:26:40 admin kernel: [397983.346752] Node 0 DMA: 0*4kB 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15864kB
Dec 10 05:26:40 admin kernel: [397983.346762] Node 0 DMA32: 6731*4kB (UM) 2257*8kB (UM) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 44980kB
Dec 10 05:26:40 admin kernel: [397983.346768] Node 0 Normal: 10918*4kB (UMEH) 49*8kB (UMH) 0*16kB 1*32kB (H) 1*64kB (H) 3*128kB (H) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 45056kB
Dec 10 05:26:40 admin kernel: [397983.346777] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Dec 10 05:26:40 admin kernel: [397983.346779] 68538 total pagecache pages
Dec 10 05:26:40 admin kernel: [397983.346781] 18641 pages in swap cache
Dec 10 05:26:40 admin kernel: [397983.346783] Swap cache stats: add 383468753, delete 383450112, find 229519152/378197444
Dec 10 05:26:40 admin kernel: [397983.346784] Free swap  = 1252280kB
Dec 10 05:26:42 admin kernel: [397983.346785] Total swap = 11717628kB
Dec 10 05:26:42 admin kernel: [397983.346787] 2097022 pages RAM
Dec 10 05:26:42 admin kernel: [397983.346788] 0 pages HighMem/MovableOnly
Dec 10 05:26:42 admin kernel: [397983.346789] 53314 pages reserved
Dec 10 05:26:42 admin kernel: [397983.346790] 0 pages cma reserved
Dec 10 05:26:42 admin kernel: [397983.346791] 0 pages hwpoisoned
Dec 10 05:26:42 admin kernel: [397983.346793] [ pid ]   uid  tgid total_vm      rss nr_ptes nr_pmds swapents oom_score_adj name
Dec 10 05:26:42 admin kernel: [397983.346800] [  409]     0   409    10976      822      24       3      602             0 systemd-journal
Dec 10 05:26:42 admin kernel: [397983.346803] [  451]     0   451    23693       83      17       3       50             0 lvmetad
Dec 10 05:26:42 admin kernel: [397983.346805] [  470]     0   470    11415      242      22       3      485         -1000 systemd-udevd
Dec 10 05:26:42 admin kernel: [397983.346808] [  784]     0   784    47527      409      52       3      223             0 vmtoolsd
Dec 10 05:26:42 admin kernel: [397983.346811] [  838]     0   838     5884        0      16       3       51             0 rpc.idmapd
Dec 10 05:26:42 admin kernel: [397983.346813] [  842]   100   842    25081      132      20       3       52             0 systemd-timesyn
Dec 10 05:26:42 admin kernel: [397983.346816] [  934]     0   934    11906      140      27       3      109             0 rpcbind
Dec 10 05:26:42 admin kernel: [397983.346818] [  948]     0   948   151028      166      28       4      213             0 lxcfs
Dec 10 05:26:42 admin kernel: [397983.346821] [  953]     0   953     7252      456      19       3       48             0 cron
Dec 10 05:26:42 admin kernel: [397983.346823] [  959]     0   959     1099      335       8       3       40             0 acpid
Dec 10 05:26:42 admin kernel: [397983.346826] [  961]     0   961     7165      239      19       3       57             0 systemd-logind
Dec 10 05:26:42 admin kernel: [397983.346828] [  967]   108   967    10725      566      25       3       76          -900 dbus-daemon
Dec 10 05:26:42 admin kernel: [397983.346831] [ 1047]     0  1047    21359      342      32       3      347             0 VGAuthService
Dec 10 05:26:42 admin kernel: [397983.346833] [ 1049]     0  1049    68974      456      37       3      224             0 accounts-daemon
Dec 10 05:26:42 admin kernel: [397983.346835] [ 1051]     0  1051     6511      391      18       3       47             0 atd
Dec 10 05:26:42 admin kernel: [397983.346838] [ 1056]   104  1056    64099      457      29       3      367             0 rsyslogd
Dec 10 05:26:42 admin kernel: [397983.346841] [ 1148]     0  1148     3343       51      11       3       23             0 mdadm
Dec 10 05:26:42 admin kernel: [397983.346843] [ 1179]     0  1179     6011      251      16       3       89             0 vsftpd
Dec 10 05:26:42 admin kernel: [397983.346845] [ 1189]     0  1189    69278      506      40       4      122             0 polkitd
Dec 10 05:26:42 admin kernel: [397983.346848] [ 1194]     0  1194     1305      358       9       3       61             0 iscsid
Dec 10 05:26:42 admin kernel: [397983.346850] [ 1195]     0  1195     1430      879      10       3        0           -17 iscsid
Dec 10 05:26:42 admin kernel: [397983.346853] [ 1207]     0  1207     9494        0      22       3      190             0 rpc.mountd
Dec 10 05:26:42 admin kernel: [397983.346856] [ 1221]     0  1221    16378      339      36       3      196         -1000 sshd
Dec 10 05:26:42 admin kernel: [397983.346859] [ 1296]     0  1296    16458      453      37       4      128             0 login
Dec 10 05:26:42 admin kernel: [397983.346861] [ 1326]     0  1326     4905      284      14       3       39             0 irqbalance
Dec 10 05:26:42 admin kernel: [397983.346864] [ 1420]     0  1420    13514      229      30       3     2438             0 munin-node
Dec 10 05:26:42 admin kernel: [397983.346866] [ 1501]     0  1501    26199      440      51       4      470             0 sendmail-mta
Dec 10 05:26:42 admin kernel: [397983.346869] [ 1681]     0  1681   109282      257     171       3     1936             0 php-fpm7.0
Dec 10 05:26:42 admin kernel: [397983.346871] [ 1687]    33  1687   109282      184     152       3     1961             0 php-fpm7.0
Dec 10 05:26:42 admin kernel: [397983.346873] [ 1688]    33  1688   109282      184     152       3     1961             0 php-fpm7.0
Dec 10 05:26:42 admin kernel: [397983.346876] [16727]  1000 16727    11330      422      25       3      217             0 systemd
Dec 10 05:26:42 admin kernel: [397983.346878] [16731]  1000 16731    52186        0      37       3      501             0 (sd-pam)
Dec 10 05:26:42 admin kernel: [397983.346881] [16734]  1000 16734     5900      357      18       4      725             0 bash
Dec 10 05:26:42 admin kernel: [397983.346884] [11281]   119 11281    69349      594      88       3     1257             0 freshclam
Dec 10 05:26:42 admin kernel: [397983.346886] [32663]     0 32663    23229      459      48       3      258             0 sshd
Dec 10 05:26:42 admin kernel: [397983.346889] [32740]  1000 32740    23668      373      48       3      743             0 sshd
Dec 10 05:26:42 admin kernel: [397983.346892] [22943]     0 22943    23229      330      51       3      272             0 sshd
Dec 10 05:26:42 admin kernel: [397983.346894] [23020]  1000 23020    23229      332      49       3      247             0 sshd
Dec 10 05:26:42 admin kernel: [397983.346897] [23023]  1000 23023     3220      393      12       3       51             0 sftp-server
Dec 10 05:26:42 admin kernel: [397983.346899] [24027]  1000 24027     3220      381      12       3       67             0 sftp-server
Dec 10 05:26:42 admin kernel: [397983.346902] [27215]  1000 27215     3220      378      12       3       95             0 sftp-server
Dec 10 05:26:42 admin kernel: [397983.346904] [13006]     0 13006   168834     2419     280       3    29858             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346907] [15772]    33 15772   385874    34986     583       4    67131             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346909] [15773]    33 15773   381008    40856     579       4    53799             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346912] [15776]    33 15776   297940    35288     395       4    53305             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346915] [15777]    33 15777   303389    37051     415       4    49856             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346919] [15779]    33 15779   303184    39806     403       4    46606             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346922] [15782]    33 15782   304265    46518     404       4    43859             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346925] [15786]    33 15786   371258    41084     557       4    49806             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346929] [15787]    33 15787   302813    34962     403       4    53776             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346931] [15789]    33 15789   380748    35019     567       4    52932             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346934] [15799]    33 15799   384260    39566     561       4    55415             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346936] [15800]    33 15800   374314    29895     544       4    52106             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346939] [15801]    33 15801   380377    34701     565       4    53467             0 apache2
Dec 10 05:26:42 admin kernel: [397983.346941] [15802]    33 15802   306345    35364     424       4    57003             0 apache2
........
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 570
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 570
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 556
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 556
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 539
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 539
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 525
Dec 10 05:33:29 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 525
......
Dec 10 06:27:15 admin kernel: [401618.309140] Out of memory: Kill process 15801 (apache2) score 14 or sacrifice child
Dec 10 06:27:15 admin kernel: [401618.309960] Killed process 15801 (apache2) total-vm:1521508kB, anon-rss:23236kB, file-rss:0kB
Dec 10 06:27:21 admin CRON[12717]: (root) CMD (cp /var/spool/cron/crontabs/root /var/www/crontab/root && chmod 777 /var/www/crontab/root && chown zak:zak /var/www/crontab/root)
Dec 10 06:27:21 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 459
Dec 10 06:27:21 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 459
Dec 10 06:27:29 admin kernel: [401632.351612] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=209.85.238.216 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=42747 PROTO=TCP SPT=49490 DPT=443 WINDOW=243 RES=0x00 ACK RST URGP=0
Dec 10 06:27:30 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 475
Dec 10 06:27:30 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 475
Dec 10 06:27:43 admin apache2[12635]:  *
Dec 10 06:27:43 admin systemd[1]: Stopped LSB: Apache2 web server.
Dec 10 06:27:43 admin systemd[1]: Starting LSB: Apache2 web server...
Dec 10 06:27:43 admin apache2[12749]:  * Starting Apache httpd web server apache2
Dec 10 06:27:45 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 370
Dec 10 06:27:45 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 370
Dec 10 06:27:49 admin systemd[1]: Starting Daily apt upgrade and clean activities...
Dec 10 06:27:49 admin kernel: [401652.463319] [UFW BLOCK] IN=ens32 OUT= 
MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=123.183.224.66 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=41274 PROTO=TCP SPT=45696 DPT=443 WINDOW=243 RES=0x00 ACK RST URGP=0
    Dec 10 06:27:54 admin apache2[12749]: [Fri Dec 10 06:27:54.747509 2021] [proxy_html:notice] [pid 12805] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.
c 10 06:28:09 admin kernel: [401672.878972] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=76.99.197.116 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=52726 PROTO=TCP SPT=55476 DPT=443 WINDOW=248 RES=0x00 ACK RST URGP=0
Dec 10 06:28:15 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 225
Dec 10 06:28:15 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 225
Dec 10 06:28:30 admin kernel: [401693.571187] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=185.191.171.2 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=42580 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Dec 10 06:28:30 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 176
Dec 10 06:28:30 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 176
Dec 10 06:28:45 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 139
Dec 10 06:28:45 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 139
Dec 10 06:28:49 admin kernel: [401712.942365] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=95.217.225.110 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=44271 PROTO=TCP SPT=36124 DPT=443 WINDOW=254 RES=0x00 ACK RST URGP=0
Dec 10 06:29:00 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 109
Dec 10 06:29:00 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 109
Dec 10 06:29:01 admin CRON[13228]: (root) CMD (cp /var/spool/cron/crontabs/root /var/www/crontab/root && chmod 777 /var/www/crontab/root && chown zak:zak /var/www/crontab/root)
Dec 10 06:29:15 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 87
Dec 10 06:29:15 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 87
Dec 10 06:29:30 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 69
Dec 10 06:29:30 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 69
Dec 10 06:29:45 admin sm-mta[1501]: rejecting connections on daemon MTA-v4: load average: 55
Dec 10 06:29:45 admin sm-mta[1501]: rejecting connections on daemon MSP-v4: load average: 55
Dec 10 06:29:53 admin kernel: [401776.578209] [UFW BLOCK] IN=ens32 OUT= MAC=00:50:56:08:0d:03:00:a0:c9:27:01:01:08:00 SRC=116.179.37.124 DST=10.2.6.80 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=47773 PROTO=TCP SPT=52871 DPT=443 WINDOW=246 RES=0x00 ACK RST URGP=0
Dec 10 06:30:00 admin sm-mta[1501]: accepting connections again for daemon MTA-v4
Dec 10 06:30:00 admin sm-mta[1501]: accepting connections again for daemon MSP-v4

Registro de erros do Apache

[Fri Dec 10 05:23:33.884301 2021] [pagespeed:warn] [pid 7829] [mod_pagespeed 1.13.35.2-0 @7829] Fetch timed out: https://|-REMOVED-|/css/fontawesome.css (connecting to:10.2.6.80) (4) waiting for 50 ms
[Fri Dec 10 05:23:33.927235 2021] [pagespeed:error] [pid 7881] [mod_pagespeed 1.13.35.2-0 @7881] Slow write operation on file /var/cache/mod_pagespeed/v3/|-REMOVED-|/https,3A/,2F|-REMOVED-|/css/animate.css+stylesheet-1625614552.css+Contact-Us-1625614552.css.pagespeed.cc.0HlzBptJqh.css,.tempC6gpkp: 2974.19ms; configure SlowFileLatencyUs to change threshold\n
[Fri Dec 10 05:23:34.012843 2021] [pagespeed:warn] [pid 15909] [mod_pagespeed 1.13.35.2-0 @15909] Fetch timed out: https://|-REMOVED-|/imageserver/confirm/buttons.png (connecting to:10.2.6.80) (1) waiting for 50 ms
[Fri Dec 10 05:23:34.036279 2021] [pagespeed:warn] [pid 7368] [mod_pagespeed 1.13.35.2-0 @7368] Fetch timed out: https://|-REMOVED-|/css/images/layers-2x.png (connecting to:10.2.6.80) (1) waiting for 50 ms
[Fri Dec 10 05:23:34.190221 2021] [pagespeed:warn] [pid 7615] [mod_pagespeed 1.13.35.2-0 @7615] Fetch timed out: https://|-REMOVED-|/imageserver/confirm/ie.png (connecting to:10.2.6.80) (1) waiting for 50 ms
[Fri Dec 10 05:23:34.291732 2021] [pagespeed:error] [pid 7314] [mod_pagespeed 1.13.35.2-0 @7314] Slow ReadFile operation on file /var/cache/mod_pagespeed/v3/|-REMOVED-|/https,3A/,2F|-REMOVED-|/css/presidential-solaris-1.css,: 333.858ms; configure SlowFileLatencyUs to change threshold\n
.........
[Fri Dec 10 06:26:59.176654 2021] [core:warn] [pid 13006] AH00045: child process 7180 still did not exit, sending a SIGTERM
[Fri Dec 10 06:26:59.619326 2021] [core:warn] [pid 13006] AH00045: child process 7181 still did not exit, sending a SIGTERM
[Fri Dec 10 06:26:59.619410 2021] [core:warn] [pid 13006] AH00045: child process 7182 still did not exit, sending a SIGTERM
[Fri Dec 10 06:26:59.619449 2021] [core:warn] [pid 13006] AH00045: child process 7183 still did not exit, sending a SIGTERM
[Fri Dec 10 06:26:59.619492 2021] [core:warn] [pid 13006] AH00045: child process 7184 still did not exit, sending a SIGTERM
[Fri Dec 10 06:26:59.619529 2021] [core:warn] [pid 13006] AH00045: child process 7185 still did not exit, sending a SIGTERM
.......
[Fri Dec 10 06:27:23.205977 2021] [core:error] [pid 13006] AH00047: could not make child process 7184 exit, attempting to continue anyway
[Fri Dec 10 06:27:23.206200 2021] [core:error] [pid 13006] AH00047: could not make child process 7326 exit, attempting to continue anyway
[Fri Dec 10 06:27:23.206283 2021] [core:error] [pid 13006] AH00047: could not make child process 7338 exit, attempting to continue anyway
[Fri Dec 10 06:27:23.206418 2021] [core:error] [pid 13006] AH00047: could not make child process 7353 exit, attempting to continue anyway
[Fri Dec 10 06:27:23.206562 2021] [core:error] [pid 13006] AH00047: could not make child process 7362 exit, attempting to continue anyway
.........
Fri Dec 10 06:27:23.323233 2021] [mpm_prefork:notice] [pid 13006] AH00169: caught SIGTERM, shutting down

Aqui está o que o tempo de inatividade "parece":

E as horas exatas que o nosso detector de tempo de inatividade detectou foram:

BAIXO: 2021-12-10 05:26:33 UTC-6
ATÉ: 2021-12-10 05:45:02 UTC-6

Zak

Asked: 2021-08-25 08:13:12 +0800 CST

Aviso do MySQL "O usuário existe", mas o usuário não está na tabela "usuário"

4

Estou com esse problema há semanas. Não tenho ideia de onde procurar a seguir. Limpei, limpei, reiniciei MySQLo serviço, reiniciei o Ubuntuservidor. O que pode fazer com que isso WARNINGe o usuário não apareçam na usertabela? Eu também tentei DROP usere obter 0 rows affectedcomo resultado. Isso é frustrante além da crença! Onde mais as informações do usuário são armazenadas no esquema e como posso eliminá-las?

ATUALIZAR

Quando eu grep o nome de usuário /var/lib/mysql/mysql, encontro o nome de usuário no db.MYDarquivo. Embora eu não possa editá-lo. Então eu sei que o nome de usuário existe em algum lugar OUTRO que não seja a tabela de usuários.

Zak

Asked: 2018-10-31 07:33:28 +0800 CST

Sendmail não está enviando para o domínio das máquinas hostname

1

Recentemente, configurei o DNS reverso em nosso sistema e configurei o nome do host do servidor para mydomain.com . Desde que eu fiz isso -- Sendmail irá enviar para qualquer domínio exceto mydomain.com . Eu li ESTA PERGUNTA , mas o OP nessa pergunta não tinha validação "real" de que o domínio pertencia ao servidor. Eu tenho um site com mydomain.com no servidor, os registros A e PTR apontam todos corretamente para o servidor. Os registros MX para mydomain.com apontam para mx1.emailsrvr.come mx2.emailsrvr.comcorretamente (Rackspace).

Estou assumindo que ele pensa que o correio é local e, portanto, não o envia "para fora", mas não tenho certeza.

Aqui está um exemplo de um log para uma mensagem que foi enviada e recebida corretamente:

Oct 29 16:29:10 mydomain sendmail[1421]: w9TLTA1w001421: from=zak, size=389, class=0, nrcpts=1, msgid=<[email protected]>, relay=zak@localhost
Oct 29 16:29:10 mydomain sm-mta[1422]: w9TLTABl001422: from=<[email protected]>, size=565, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=mydomain.com [127.0.0.1]
Oct 29 16:29:10 mydomain sendmail[1421]: w9TLTA1w001421: [email protected], ctladdr=zak (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30389, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (w9TLTABl001422 Message accepted for delivery)
Oct 29 16:29:11 mydomain sm-mta[1424]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Oct 29 16:29:11 mydomain sm-mta[1424]: w9TLTABl001422: to=<[email protected]>, ctladdr=<[email protected]> (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120565, relay=gmail-smtp-in.l.google.com. [173.194.195.26], dsn=2.0.0, stat=Sent (OK 1540848551 k3-v6si10178885ite.86 - gsmtp)

Aqui está um exemplo de um e-mail que nunca foi recebido do outro lado:

Oct 29 16:24:31 mydomain sendmail[544]: w9TLOV8v000544: from=zak, size=375, class=0, nrcpts=1, msgid=<[email protected]>, relay=root@localhost
Oct 29 16:24:31 mydomain sm-mta[545]: w9TLOVxv000545: from=<[email protected]>, size=552, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=mydomain.com [127.0.0.1]
Oct 29 16:24:31 mydomain sendmail[544]: w9TLOV8v000544: [email protected], ctladdr=zak (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30375, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (w9TLOVxv000545 Message accepted for delivery)
Oct 29 16:24:31 mydomain sm-mta[546]: w9TLOVxv000545: to=<[email protected]>, ctladdr=<zak@mydomain com> (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30762, dsn=2.0.0, stat=Sent

Aqui está o meu sendmail.mc

define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.15.2-3 2015-12-10 18:02:49 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl #   into this directory before writing files.
dnl #   If *all* your user accounts are under /home then use that
dnl #   instead - it will prevent any writes outside of /home !
dnl #   define(`confSAFE_FILE_ENV',             `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
dnl #
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
dnl #
dnl # Features
dnl #
dnl # use /etc/mail/local-host-names
FEATURE(`use_cw_file')dnl
dnl #
dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Dialup/LAN connection overrides
dnl #
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
define(`MAIL_HUB`, 'mydomain.com.')dnl
define(`LOCAL_RELAY`, 'mydomain.com.')dnl

Existe algo gritante sobre o motivo pelo qual o sendmail enviará para todos os domínios, exceto mydomain.com? Usamos mydomain.como Rackspace para e-mail. Se eu fizer um dig MX para mydomain.com, os registros MX aparecerão corretamente também. estou perplexo!

Zak

Asked: 2018-10-27 09:11:37 +0800 CST

PTR não aparece na solicitação de escavação

3

Estou tentando configurar um PTRDNS reverso para que os e-mails enviados por meus scripts não sejam bloqueados devido a uma falha de DNS reverso. Eu acredito que minha zona está configurada corretamente, porém eu "pensar" que está correto e "saber" que está correto são 2 coisas separadas!

Primeiro, eu tenho: meudomínio.com

Este domínio reside em IP público: 1.2.3.4

Meu confarquivo na bindconfiguração se parece com:

zone "mydomain.com" {
         type master;
         file "/var/lib/bind/mydomain.com.hosts";
         };

zone "4.3.2.1.in-addr.arpa" {
    type master;
    file "/var/lib/bind/mydomain.com.reverse.hosts";
    };

O arquivo mydomain.com.reverse.hosts contém:

$ttl 38400
@                      IN          SOA      ns1.mydomain.com. zak.mydomain.com. (
                            1502115400
                            10800
                            3600
                            604800
                            38400 )
                       IN       NS      ns1.mydomain.com.
                       IN       NS      ns2.mydomain.com.

4.3.2.1.in-addr.arpa.  3600      IN       PTR     mydomain.com.

As pesquisas diretas funcionam muito bem - o IE dig mydomain.com Ae dig mydomain.com NSambos trazem os respectivos registros A e NS (corretos). A pesquisa inversa, no entanto, não está mostrando o arquivo PTR. IE:

zak@zak-webserver:~$ dig -x 1.2.3.4 PTR

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 1.2.3.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1796
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;4.3.2.1.in-addr.arpa.  IN  PTR

Meu registro PTR está configurado corretamente? Em caso afirmativo, quais são algumas verificações que posso fazer para encontrar o ponto de falha?

Zak

Asked: 2017-11-22 13:52:00 +0800 CST

A configuração do Bind Server está abaixo do ideal. DNS é intermitente na melhor das hipóteses

1

Minha configuração do Bind Server funciona .. Só não muito bem e não tenho certeza de qual é a causa subjacente ou onde corrigi-la.

Eu tenho um servidor DNS dedicado. ns1.ywpadmin.com. Seu endereço IP público é 40.142.31.33e o endereço IP interno é10.0.0.200

Meu servidor web está localizado em 40.142.31.34.

O site que estou testando éroofrightroofing.net

Agora, quando vou para whatsmydns.netApenas cerca de metade dos servidores em todo o mundo aparecem com a marca de seleção verde.

Quando executo dig roofrightroofing.net SOA @localhosta partir do servidor DNS - recebo (lembre-se de que ainda não configurei o servidor NS2. Quero minha configuração funcional antes que isso aconteça):

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40310
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;roofrightroofing.net.      IN  SOA

;; ANSWER SECTION:
roofrightroofing.net.   38400   IN  SOA ns1.ywpadmin.com. admin.ywpadmin.com. 1494612100 10800 3600 604800 38400

;; AUTHORITY SECTION:
roofrightroofing.net.   38400   IN  NS  ns1.ywpadmin.com.
roofrightroofing.net.   38400   IN  NS  ns2.ywpadmin.com.

;; ADDITIONAL SECTION:
ns1.ywpadmin.com.   38400   IN  A   10.0.0.200
ns2.ywpadmin.com.   38400   IN  A   10.0.0.200

;; Query time: 3 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Nov 21 14:30:03 CST 2017
;; MSG SIZE  rcvd: 181

Aqui está a configuração do meu servidor de ligação:

named.conf.options

options {

    dnssec-validation auto;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
    recursion no;
    version "Not Disclosed";

};

nomeado.conf.local

//roofrightroofing.net--
zone "roofrightroofing.net" {
         type master;
         file "/var/lib/bind/roofrightroofing.net.hosts";
         };
//--roofrightroofing.net

roofrightroofing.net.hosts

$ttl 38400
roofrightroofing.net.                       IN          SOA      ns1.ywpadmin.com. admin.ywpadmin.com. (
                            1494612100
                            10800
                            3600
                            604800
                            38400 )
roofrightroofing.net.                       IN       NS      ns1.ywpadmin.com.
roofrightroofing.net.                       IN       NS      ns2.ywpadmin.com.
roofrightroofing.net.                       IN       A       40.142.31.34
www.roofrightroofing.net.                   IN       A       40.142.31.34

ywpadmin.com.hosts

$ttl 38400
ywpadmin.com.                       IN          SOA      ns1.ywpadmin.com. admin.ywpadmin.com. (
                            150000000 ;serial number
                            10800 ; Refresh
                            3600 ; Retry
                            604800 ; Expire
                            38400 ) ; Negative Cache TTL


ywpadmin.com.           IN      NS      ns1.ywpadmin.com.
ywpadmin.com.           IN      NS      ns2.ywpadmin.com.
ns1.ywpadmin.com.       IN      A       10.0.0.200
ns2.ywpadmin.com.       IN      A       10.0.0.200
ywpadmin.com.           IN       A       40.142.31.34
www.ywpadmin.com.       IN       A       40.142.31.34

Configuração do Godaddy

A     @    40.142.31.34
NS    @    ns03.domaincontrol.com   
NS    @    ns04.domaincontrol.com


------------ HOSTS -------------
Host    IP Addresses    
NS3    40.142.31.33 
NS4    40.142.31.33 
NS1    40.142.31.33 
NS2    40.142.31.33

Novamente, estarei configurando NS2 - NS4 DEPOIS que minha configuração estiver sólida.

Eu tentei atualizar o serial para este site específico várias vezes e ainda estou tendo problemas. O que mais posso fazer em relação à configuração do meu servidor ou solução de problemas? Isso é um problema de GoDaddyconfiguração ou um BINDproblema de zona? Algo gritante parece incorreto?

Zak

Asked: 2017-05-12 14:33:02 +0800 CST

Problemas intermitentes do servidor DNS Bind

0

Temos um servidor Bind sentado no Ubuntu. É uma configuração bem básica. No entanto, estamos tendo um problema bobo que não tenho certeza se o servidor está configurado incorretamente ou se é um problema nas interwebs. Vale ressaltar que a imagem abaixo é após semanas e em alguns casos meses.

Aqui está um exemplo do que vemos em Qual é o meu DNS :

Aqui está um exemplo do arquivo de configuração para o referido site:

$ttl 38400
somewebsite.net.                       IN          SOA      ns1.ourserver.com. email.somewebsite.com. (
                            1486765992
                            10800
                            3600
                            604800
                            38400 )
somewebsite.net.                       IN       NS      ns1.ourserver.com.
somewebsite.net.                       IN       A       xxx.xxx.xxx.34
www.somewebsite.net.                   IN       A       xxx.xxx.xxx.34
mail.somewebsite.net.                  IN       A       xxx.xxx.xxx.14
webmail.somewebsite.net.               IN       A       xxx.xxx.xxx.14
somewebsite.net.                       IN       MX      10 mx1.ourmxserver.com.
somewebsite.net.                       IN       MX      20 mx2.ourmxserver.com.

Agora posso ver as solicitações chegando ao servidor usando o seguinte comando

tcpdump -vvv -s 0 -l -n port 53

o que me leva a acreditar que o problema está em outro lugar? Algumas áreas podem funcionar e outras não com um arquivo de configuração ruim?

Um pedacinho de informação .. Mudamos os servidores que tínhamos nosso NS1 e NS2 apontados há alguns meses, e parece que alguns dos sites nunca "seguiram" completamente o IE a imagem. Isso poderia ser um problema relacionado ao servidor de ligação? Minha configuração está errada/incompleta?

EDIT Eu também verifiquei o named-checkconf -ze checkzone-- E eles conferem:

zone somesite.com/IN: loaded serial 1486765992
OK

Melhor maneira de servir vários sites WorPress – Hospedagem compartilhada em servidor único

Apache trava por 20 minutos a cada poucos dias

Aviso do MySQL "O usuário existe", mas o usuário não está na tabela "usuário"

Sendmail não está enviando para o domínio das máquinas hostname

PTR não aparece na solicitação de escavação

A configuração do Bind Server está abaixo do ideal. DNS é intermitente na melhor das hipóteses

Problemas intermitentes do servidor DNS Bind

Você pode passar usuário/passar para autenticação básica HTTP em parâmetros de URL?

Ping uma porta específica

Verifique se a porta está aberta ou fechada em um servidor Linux?

Como automatizar o login SSH com senha?

Como posso dizer ao Git para Windows onde encontrar minha chave RSA privada?

Qual é o nome de usuário/senha de superusuário padrão para postgres após uma nova instalação?

Qual porta o SFTP usa?

Linha de comando para listar usuários em um grupo do Windows Active Directory?

O que é um arquivo Pem e como ele difere de outros formatos de arquivo de chave gerada pelo OpenSSL?

Como determinar se uma variável bash está vazia?

Zak's questions