- Endchan Magrathea

Anonymous
10/3/2019 22:03:00 No. 9123 [Reply] report
 >>/9111/
Woah, dem some digits. Maybe this board really is compromised... :)

"Flood detected" from the dmesg/kmsg logs? Those can be disregarded. Happens all the time just for having an open port. Maybe some broken traffic from India, maybe some script kiddie, but nothing legitimate is going to use such an old known technique.

What I mean is that the requests will take longer. So what happens is you have some slightly smaller subset of 65534 "private ports" available. Somebody connects to 443 or 3, the server can have a max backlog of 5 requests on a tcp socket which the kernel will handle. So what happens is that main process grabs the request, forks (copies itself and diverges), and the "main" loop goes back to sitting on that 5-limited socket to feed another request.
The TCP Handshake provides a private port, so other than 443, and client and webserver then interact directly.

There is apache tuning for default number of children and whatnot, I think default is something like 900 in the threaded-fork model. Nginx has even way more.

Anyway, so what happens is all these requests just become individual processes on the system. They fetch the data from disk, maybe hit the database a few times, and serve the result to the client.
This all takes time, for static files it's taking me about 150ms including latency (I get world-wide in < 20ms, so almost all of that is server latency). There's a max timeout, but it's like 30 seconds.
Anyway, if the server doubles in number of requests, you can assume that -- roughly, you will get a slightly above doubling of response time. So maybe * 1.6 so 150ms per request would move up to 240ms per request.

So stuff just takes longer, the server just doesn't explode.

Check your memory levels (I recommend installing "htop" but you can just use free -m to see the memory usage and swap usage). That can run out, and will lead to server implosion. So can disk space.
Good thing about a fork() is that it is CoW -- which means "copy on write." Windows doesn't have this. So it's instant -- no memory actually has to be copied (other than some kernel structures outside your purview) unless that address it changed -- then it is copied and set to two separate physical addresses.
So additional static data is probably just slightly above twice the file size as a rough estimate for small files, and maybe 110% of size of larger files.

With apache and nginx both there are plugins you can use which work like this:

1. For a request, before sending it, see if the file on disk changed (modified time)

2. If so, recompute hash and figure out if it really did change (file content)

3. If so, send and update cache

4. If not to any above, serve from cache


Just adding a plugin to do that automatically for you will reduce your load requirements by 1000% at least.

Enjoy!