WordPress not resizing images with Nginx + php-fpm and other issues

Posted by Julian Fernandes on Server Fault See other posts from Server Fault or by Julian Fernandes
Published on 2012-06-29T22:04:52Z Indexed on 2013/06/26 4:23 UTC
Read the original article Hit count: 561

Filed under:
|
|
|
|

Recently i setup a Ubuntu 12.04 VPS with 512mb/1ghz CPU, Nginx + php-fpm + Varnish + APC + Percona's MySQL server + CloudFlare Pro for our Ubuntu LoCo Team's WordPress blog. The blog get about 3~4k daily hits, use about 180MB and 8~20% CPU. Everything seems to be working insanely fast... page load is really good and is about 16x faster than any of our competitors... but there is one problem.

When we upload a image, WordPress don't resize it, so all we can do it insert the full image in the post. If the imagem have, let's say, 30kb, it resize fine... but if the image have 100kb+, it won't...

In nginx error logs i see this:

upstream timed out (110: Connection timed out) while reading response header from upstream, client: 150.162.216.64, server: www.ubuntubrsc.com, request: "POST /wp-admin/async-upload.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.ubuntubrsc.com", referrer: "http://www.ubuntubrsc.com/wp-admin/media-upload.php?post_id=2668&"

It seems to be related with the issue, but i dunno. When that timeout happens, i started to get it when i'm trying to view a post too:

upstream timed out (110: Connection timed out) while reading response header from upstream, client: 150.162.216.64, server: www.ubuntubrsc.com, request: "GET /tutoriais-gimp-6-adicionando-aplicando-novos-pinceis.html HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.ubuntubrsc.com", referrer: "http://www.ubuntubrsc.com/"

And only a restart of php5-fpm fix it.

I tryed increasing some timeouts and stuffs but it did not worked, so i guess it's some kind of limitation i did not figured yet. Could someone help me with it, please?

/etc/nginx/nginx.conf:

user www-data;
worker_processes 1;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
        use epoll;
    multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay off;
    keepalive_timeout 15;
        keepalive_requests 2000;
    types_hash_max_size 2048;
    server_tokens off;
        server_name_in_redirect off;

    open_file_cache max=1000 inactive=300s;
    open_file_cache_valid 360s;
    open_file_cache_min_uses 2;
    open_file_cache_errors off;

    server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

        client_body_buffer_size 128K;
        client_header_buffer_size 1k;
        client_max_body_size 2m;
        large_client_header_buffers 4 8k;

        client_body_timeout   10m;
        client_header_timeout 10m;
        send_timeout          10m;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    error_log /var/log/nginx/error.log;
        access_log off;

    ##
    # CloudFlare's IPs (uncomment when site goes live)
    ##

        set_real_ip_from   204.93.240.0/24;
        set_real_ip_from   204.93.177.0/24;
        set_real_ip_from   199.27.128.0/21;
        set_real_ip_from   173.245.48.0/20;
        set_real_ip_from   103.22.200.0/22;
        set_real_ip_from   141.101.64.0/18;
        set_real_ip_from   108.162.192.0/18;
        set_real_ip_from   190.93.240.0/20;
        real_ip_header     CF-Connecting-IP;
        set_real_ip_from   127.0.0.1/32;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 9;
        gzip_min_length  1000;
        gzip_proxied     expired no-cache no-store private auth;
    gzip_buffers 32 8k;
    # gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # nginx-naxsi config
    ##
    # Uncomment it if you installed nginx-naxsi
    ##

    #include /etc/nginx/naxsi_core.rules;

    ##
    # nginx-passenger config
    ##
    # Uncomment it if you installed nginx-passenger
    ##

    #passenger_root /usr;
    #passenger_ruby /usr/bin/ruby;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

/etc/nginx/fastcgi_params:

fastcgi_param   QUERY_STRING        $query_string;
fastcgi_param   REQUEST_METHOD      $request_method;
fastcgi_param   CONTENT_TYPE        $content_type;
fastcgi_param   CONTENT_LENGTH      $content_length;

fastcgi_param   SCRIPT_FILENAME     $request_filename;
fastcgi_param   SCRIPT_NAME     $fastcgi_script_name;
fastcgi_param   REQUEST_URI     $request_uri;
fastcgi_param   DOCUMENT_URI        $document_uri;
fastcgi_param   DOCUMENT_ROOT       $document_root;
fastcgi_param   SERVER_PROTOCOL     $server_protocol;

fastcgi_param   GATEWAY_INTERFACE   CGI/1.1;
fastcgi_param   SERVER_SOFTWARE     nginx/$nginx_version;

fastcgi_param   REMOTE_ADDR     $remote_addr;
fastcgi_param   REMOTE_PORT     $remote_port;
fastcgi_param   SERVER_ADDR     $server_addr;
fastcgi_param   SERVER_PORT     $server_port;
fastcgi_param   SERVER_NAME     $server_name;

fastcgi_param   HTTPS           $https;

fastcgi_send_timeout                    180;
fastcgi_read_timeout                    180;
fastcgi_buffer_size                     128k;
fastcgi_buffers                         256 4k;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param   REDIRECT_STATUS     200;

/etc/nginx/sites-avaiable/default:

##
# DEFAULT HANDLER
# ubuntubrsc.com
##

server {

    listen 8080;

    # Make site available from main domain
    server_name www.ubuntubrsc.com;

    # Root directory
    root /var/www;
    index index.php index.html index.htm;
        include /var/www/nginx.conf;
        access_log off;

    location / {
                try_files $uri $uri/ /index.php?q=$uri&$args;
        }

        location = /favicon.ico {
    log_not_found off;
    access_log off;
        }

        location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
        }

        location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
        }

        location ~* ^/wp-content/uploads/.*.php$ {
    deny all;
    access_log off;
    log_not_found off;
        }

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    error_page 404 = @wordpress;
    log_not_found off;

    location @wordpress {
        include /etc/nginx/fastcgi_params;      
        fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_param SCRIPT_NAME /index.php;
            fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        }

    location ~ \.php$ {
                try_files $uri =404;

        include /etc/nginx/fastcgi_params;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        if (-f $request_filename) {
                fastcgi_pass unix:/var/run/php5-fpm.sock;
            }
    }
      }
server {
  listen 8080;
  server_name ubuntubrsc.* www.ubuntubrsc.net www.ubuntubrsc.org www.ubuntubrsc.com.br www.ubuntubrsc.info www.ubuntubrsc.in;
  return 301 $scheme://www.ubuntubrsc.com$request_uri;
}

/var/www/nginx.conf:

# BEGIN W3TC Minify cache
location ~ /wp-content/w3tc/min.*\.js$ {
    types {}
    default_type application/x-javascript;
    expires modified 31536000s;
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
    add_header Vary "Accept-Encoding";
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
}
location ~ /wp-content/w3tc/min.*\.css$ {
    types {}
    default_type text/css;
    expires modified 31536000s;
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
    add_header Vary "Accept-Encoding";
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
}
location ~ /wp-content/w3tc/min.*js\.gzip$ {
    gzip off;
    types {}
    default_type application/x-javascript;
    expires modified 31536000s;
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
    add_header Vary "Accept-Encoding";
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
    add_header Content-Encoding gzip;
}
location ~ /wp-content/w3tc/min.*css\.gzip$ {
    gzip off;
    types {}
    default_type text/css;
    expires modified 31536000s;
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
    add_header Vary "Accept-Encoding";
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
    add_header Content-Encoding gzip;
}
# END W3TC Minify cache
# BEGIN W3TC Browser Cache
gzip on;
gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location ~ \.(css|js|htc)$ {
    expires 31536000s;
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
}
location ~ \.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
    expires 3600s;
    add_header Pragma "public";
    add_header Cache-Control "max-age=3600, public, must-revalidate, proxy-revalidate";
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
    try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
    expires 31536000s;
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
    add_header X-Powered-By "W3 Total Cache/0.9.2.5b";
}
# END W3TC Browser Cache
# BEGIN W3TC Minify core
rewrite ^/wp-content/w3tc/min/w3tc_rewrite_test$ /wp-content/w3tc/min/index.php?w3tc_rewrite_test=1 last;
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
    set $w3tc_enc .gzip;
}
if (-f $request_filename$w3tc_enc) {
    rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/wp-content/w3tc/min/(.+\.(css|js))$ /wp-content/w3tc/min/index.php?file=$1 last;
# END W3TC Minify core
# BEGIN W3TC Skip 404 error handling by WordPress for static files
if (-f $request_filename) {
    break;
}
if (-d $request_filename) {
    break;
}
if ($request_uri ~ "(robots\.txt|sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?)") {
    break;
}
if ($request_uri ~* \.(css|js|htc|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$) {
    return 404;
}
# END W3TC Skip 404 error handling by WordPress for static files

# BEGIN Better WP Security
    location ~ /\.ht {
        deny all;
    }

    location ~ wp-config.php {
        deny all;
    }

    location ~ readme.html {
        deny all;
    }

    location ~ readme.txt {
        deny all;
    }

    location ~ /install.php {
        deny all;
    }

    set $susquery 0;
    set $rule_2 0;
    set $rule_3 0;

    rewrite ^wp-includes/(.*).php /not_found last;
    rewrite ^/wp-admin/includes(.*)$ /not_found last;

    if ($request_method ~* "^(TRACE|DELETE|TRACK)"){
        return 403;
    }

    set $rule_0 0;

    if ($request_method ~ "POST"){
        set $rule_0 1;
    }

    if ($uri ~ "^(.*)wp-comments-post.php*"){
        set $rule_0 2$rule_0;
    }

    if ($http_user_agent ~ "^$"){
        set $rule_0 4$rule_0;
    }

    if ($rule_0 = "421"){
        return 403;
    }

    if ($args ~* "\.\./") {
        set $susquery 1;
    }

    if ($args ~* "boot.ini") {
        set $susquery 1;
    }

    if ($args ~* "tag=") {
        set $susquery 1;
    }

    if ($args ~* "ftp:") {
        set $susquery 1;
    }

    if ($args ~* "http:") {
        set $susquery 1;
    }

    if ($args ~* "https:") {
        set $susquery 1;
    }

    if ($args ~* "(<|%3C).*script.*(>|%3E)") {
        set $susquery 1;
    }

    if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") {
        set $susquery 1;
    }

    if ($args ~* "base64_encode") {
        set $susquery 1;
    }

    if ($args ~* "(%24&x)") {
        set $susquery 1;
    }

    if ($args ~* "(\[|\]|\(|\)|<|>|ê|\"|;|\?|\*|=$)"){
        set $susquery 1;
    }

    if ($args ~* "(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;|%24&x)"){
        set $susquery 1;
    }

    if ($args ~* "(%0|%A|%B|%C|%D|%E|%F|127.0)") {
        set $susquery 1;
    }

    if ($args ~* "(globals|encode|localhost|loopback)") {
        set $susquery 1;
    }

    if ($args ~* "(request|select|insert|concat|union|declare)") {
        set $susquery 1;
    }

    if ($http_cookie !~* "wordpress_logged_in_" ) {
        set $susquery "${susquery}2";
        set $rule_2 1;
        set $rule_3 1;
    }

    if ($susquery = 12) {
        return 403;
    }


# END Better WP Security

/etc/php5/fpm/php-fpm.conf:

pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
emergency_restart_threshold = 3
emergency_restart_interval = 1m
process_control_timeout = 10s
events.mechanism = epoll

/etc/php5/fpm/php.ini (only options i changed):

open_basedir ="/var/www/"
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,dl,system,shell_exec,fsockopen,parse_ini_file,passthru,popen,proc_open,proc_close,shell_exec,show_source,symlink,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec ,highlight_file,escapeshellcmd,define_syslog_variables,posix_uname,posix_getpwuid,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellarg,posix_uname,ftp_exec,ftp_connect,ftp_login,ftp_get,ftp_put,ftp_nb_fput,ftp_raw,ftp_rawlist,ini_alter,ini_restore,inject_code,syslog,openlog,define_syslog_variables,apache_setenv,mysql_pconnect,eval,phpAds_XmlRpc,phpA ds_remoteInfo,phpAds_xmlrpcEncode,phpAds_xmlrpcDecode,xmlrpc_entity_decode,fp,fput,virtual,show_source,pclose,readfile,wget

expose_php = off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
display_errors = Off
post_max_size = 2M
allow_url_fopen = off
default_socket_timeout = 60

APC settings:

[APC]
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 64M
apc.optimization = 0
apc.num_files_hint = 4096
apc.ttl = 60
apc.user_ttl = 7200
apc.gc_ttl = 0
apc.cache_by_default = 1
apc.filters = ""
apc.mmap_file_mask = "/tmp/apc.XXXXXX"
apc.slam_defense = 0
apc.file_update_protection = 2
apc.enable_cli = 0
apc.max_file_size = 10M
apc.stat = 1
apc.write_lock = 1
apc.report_autofilter = 0
apc.include_once_override = 0
apc.localcache = 0
apc.localcache.size = 512
apc.coredump_unmap = 0
apc.stat_ctime = 0

/etc/php5/fpm/pool.d/www.conf

user = www-data
group = www-data
listen = /var/run/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 3s;
pm.max_requests = 50

I also started to get 404 errors in front page if i use W3 Total Cache's Page Cache (Disk Enhanced). It worked fine untill somedays ago, and then, out of nowhere, it started to happen. Tonight i will disable my mobile plugin and activate only W3 Total Cache to see if it's a conflict with them...

And to finish all this, i have been getting this error:

PHP Warning:  apc_store(): Unable to allocate memory for pool. in /var/www/wp-content/plugins/w3-total-cache/lib/W3/Cache/Apc.php on line 41

I already modifed my APC settings, but no sucess. So... could anyone help me with those issuees, please?

Ooohh... if it helps, i instaled PHP like this:

sudo apt-get install php5-fpm php5-suhosin php-apc php5-gd php5-imagick php5-curl

And Nginx from the official PPA. Sorry for my bad english and thanks for your time people! (:

© Server Fault or respective owner

Related posts about ubuntu

Related posts about nginx