mod_fcgid: read data timeout in 40 seconds - mod-fcgid

we're running centos/cPanel on a good size dedicated server with only one website. we need speed and ability to upload files under 'nobody'. that means suPHP and DSO are out. so the php handler is mod_fcgid. from time to time apache error logs will show mod_fcgid: read data timeout in 40 seconds. we assume it means mod_fcgid is not properly configured when installed using easyapache.
after reading up on g about how to fix we found two tidbits. one deals with MPM. the other, surprisingly, shows how to increase the timeout response (normally increasing timeout response is bad thing as there is something worse inside the server).
should we use MPM event, prefork, and/or worker with mod_fcgid? we currently have prefork configured.
if we do increase the timeout should we use the following settings:
IPCConnectTimeout 20
ProcessLifeTime 120
IdleTimeout 60
IdleScanInterval 30
MaxRequestsPerProcess 499
MaxProcessCount 100
OR
FcgidProcessLifeTime 8200
FcgidIOTimeout 8200
FcgidConnectTimeout 400
FcgidMaxRequestLen 1000000000
And if we do use either of these settings where should they be set: 1) in php.fcgi script, or 2) FastCGI configuration in Apache.

My tested solution, same issue
target config file :
/usr/local/apache/conf/includes/pre_virtualhost_global.conf
target value :
FcgidIOTimeout
applying changes :
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
reference :
https://wiki.mikejung.biz/Fcgid#FcgidMaxRequestLen

/etc/apache2/mods-enable/fcgid.conf
*/mods-available/fcgid.conf
*/sites-enable/site.com.vhost
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
IdleTimeout 300
BusyTimeout 300
ProcessLifeTime 7200
IPCConnectTimeout 300
IPCCommTimeout 7200
</IfModule>

Related

haproxy direct syslog data flow with log-forward

I’ve been working on creating a new syslog setup and have run into an issue, that i cannot find a solution for, so i thought maybe someone here could help me out.
I have a setup with 2 syslog servers and 2 haproxy nodes(in HA with keepalived). i have 2 endpoints on configured on the haproxy nodes: “endpoint_X” and “endpoint_Y” for different types of logs. I would like to control the flow of syslog messages, so that when syslog is send to “endpoint_X”:514 its send to syslog01 and when “endpoint_Y”:514 its send to syslog02. this is normally done with the use of ACL’s for normal frontends. But for syslog I use HAproxy’s “log-forward” function, where ACL’s is not supported for.
Below is an example of my config:
ring syslog01
description " "
format rfc3164
maxlen 1200
size 357913941
server syslog01 XXXXX_01:514 source YYYYY check
timeout client 90s
timeout connect 10s
timeout server 90s
timeout check 10s
ring syslog02
description " "
format rfc3164
maxlen 1200
size 357913941
server syslog02 XXXXX_02:514 source YYYYYY check
timeout client 90s
timeout connect 10s
timeout server 90s
timeout check 10s
log-forward syslog
bind 0.0.0.0:514
bind [::]:514
dgram-bind 0.0.0.0:514
dgram-bind [::]:514
log ring#syslog01 local0
log ring#syslog02 local0
does anyone have an idea if there is something i can do to get around this issue , so i can control the data flow in log-forward, other than using differen ports? I use haproxy version 2.6
i have tried some like the following, but as stated ACL does not work with log-forward:
acl acl_endpoint_X hdr(host) -i endpoint_X
acl acl_endpoint_X hdr(host) -i endpoint_Y
log ring#syslog01 local0 if endpoint_X hdr(host)
log ring#syslog02 local0 if endpoint_Y hdr(host)

Partial results are valid but processing is incomplete ERROR

4Core CPU VPS
i have only 2 WP site
taking heavy pain traffic.
Centos 7
PHP 7.4
Apache fcgid
Problem, i am getting apache error as bellow.
Partial results are valid but processing is incomplete: [client 162.158.165.32:27176] mod_fcgid: can't get data from http client, referer: https://gocloudo.com/
Here is my fcgid.conf
# This is the Apache server configuration file for providing FastCGI support
# through mod_fcgid
#
# Documentation is available at
# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
# Use FastCGI to process .fcg .fcgi & .fpl scripts
AddHandler fcgid-script fcg fcgi fpl
# Sane place to put sockets and shared memory file
FcgidIPCDir /run/mod_fcgid
FcgidProcessTableFile /run/mod_fcgid/fcgid_shm
AddHandler fcgid-script .fcgi
# FcgidConnectTimeout 120
FcgidMaxRequestLen 1073741824
FcgidIOTimeout 9600
FcgidConnectTimeout 3600
FcgidBusyTimeout 9600
FcgidIdleTimeout 9600
FcgidProcessLifeTime 9600
IPCCommTimeout 9999
Is there everything okay?

haproxy - layer 7 health check failure

I am getting occasional layer 7 health check failures. This happens on production machine seemingly at random, maybe once a minute or every few minutes on average. Here is the configuration:
backend api
mode http
option httpchk GET /api/v1/status HTTP/1.0
http-check expect status 200
balance roundrobin
server api1 127.0.0.1:8001 check fall 3 rise 2
server api2 127.0.0.1:8002 check fall 3 rise 2
The HAproxy log tells me the following:
Health check for server api/api2 failed, reason: Layer7 timeout, check duration: 10001ms, status: 2/3 UP.
Strange thing is when I run a script to fetch the same URL at a much faster pace than HAproxy, it never fails to return 200 response. It never hangs like it seems to do for HAproxy.
In addition, I'm getting occasional HAProxy error for various API calls, not just health checks, all looking quite similar:
https-in~ api/api1 45/0/0/-1/30045 504 194 - - sHVN 50/49/13/10/0 0/0 "POST /api/v1/accounts HTTP/1.1"
What could be the issue here? This one really got me stumped.

How to upload the siacs HttpUploadComponent for file sharing in openfire localhost

I am implementing the chat appliation using https://github.com/siacs/Conversations in android. There are no image sharing for group chat thats why It required the HTTP Upload component on openfire server (https://github.com/siacs/HttpUploadComponent). I made the changes in config.yml as per required. I am able to connected but in android eu:siacs:conversations:http:upload" not coming in feature list.
config.yml looks like below:-
component_jid: upload.andreis-mac-mini-2.local
component_secret: test
component_port: 5275
storage_path : /Users/enovate/Documents/Jagdish/Test
whitelist:
# andreis-mac-mini-2.local
# - someotherdomain.tld
# - dude#domain.tld
max_file_size: 20971520 #20MiB
http_address: 127.0.0.1 #use 0.0.0.0 if you don't want to use a proxy
http_port: 8080
# http_keyfile: /etc/ssl/private/your.key
# http_certfile: /etc/ssl/certs/your.crt
get_url: http://andreis-mac-mini-2.local
put_url: http://andreis-mac-mini-2.local
expire_interval: 82800 #time in secs between expiry runs (82800 secs = 23 hours). set to '0' to disable
expire_maxage: 2592000 #files older than this (in secs) get deleted by expiry runs (2592000 = 30 days)
user_quota_hard: 104857600 #100MiB. set to '0' to disable rejection on uploads over hard quota
user_quota_soft: 78643200 #75MiB. set to '0' to disable deletion of old uploads over soft quota an expiry runs
If anyone have idea. Please help me. Thanks in advance...

Spray.can.server.request-timeout property has no effect

In my src/main/resources/application.conf I include:
spray.can.server {
request-timeout = 1s
}
In order to test this, in the Future which is servicing my request I put a Thread.sleep(10000).
When I issue a request, the server waits 10 seconds and responds with no hint of a timeout being sent to the client.
I am not overriding the timeout handler.
Why are my clients (chrome and curl) not receiving a timeout?
The configuration looks correct, so Spray request timeout should be working. One of the frequent reasons for it not working is that your config application.conf is not being used by the application.
The reasons for config being ignored could be that it's in the wrong place, not included in your classpath, or not included in a JAR that you package.
To troubleshoot first check that default Spray timeout is working. By default it's 20 sec. Make your code sleep for 30sec and see if you get timeouts triggered.
Check what's in your final config values by printing it. Set this in your conf:
akka {
# Log the complete configuration at INFO level when the actor system is started.
# This is useful when you are uncertain of what configuration is used.
log-config-on-start = on
}
Finally, keep in mind other timeouts like timeout-timeout = 2 s.
I think the request-timeout is for the http client, if the response is not returned before that value, the client will get a timeout from spray, see the spary doc
# If a request hasn't been responded to after the time period set here
# a `spray.http.Timedout` message will be sent to the timeout handler.
# Set to `infinite` to completely disable request timeouts.
For example, in my web browser, I can got a below message:
Ooops! The server was not able to produce a timely response to your request.
Please try again in a short while!
If the timeout is long enough, the browser will keep waiting until a response is returned