我有一个在 Docker compose 环境中运行 Nginx、Django、Postgres 和 Golang 微服务的 VPS,最近我注意到它的 CPU 利用率一直达到 100% 并且不再工作。我怀疑这可能是由于 DDoS 攻击或奇怪的 Gunicorn 行为造成的。
VPS 操作系统: Ubuntu 22.04.2 LTS
观察结果:
CPU 使用率较高从昨天左右开始(24 小时前)。
采取的步骤:
设置和配置 ufw 以及 digitalocean 防火墙。
NGINX 日志
...
89.44.9.51 - - [29/Sep/2023:05:09:58 +0000] "OPTIONS /webclient/api/MyPhone/session HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) 3CXDesktopApp/18.13.959 Chrome/112.0.5615.165 Electron/24.3.0 Safari/537.36" "-"
89.44.9.51 - - [29/Sep/2023:05:10:01 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:07 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:12 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:17 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:22 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:27 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:32 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
89.44.9.51 - - [29/Sep/2023:05:10:38 +0000] "GET /provisioning/5lbr5h6kse0q/TcxProvFiles/3cxProv_YU8SR32OGF200.xml HTTP/1.1" 444 0 "-" "electron-fetch/1.0 electron (+https://github.com/arantes555/electron-fetch)" "-"
...
顶部
15284 root 20 0 298336 133468 18568 S 90.7 3.3 4:06.24 gunicorn
15477 lxd 20 0 216928 18104 15104 R 8.6 0.5 0:03.21 postgres
访问Domain时,直接达到CPU限制。我正在实现一些新功能,这些功能(在本地)就像一个魅力,但我不认为它会做这样的事情。实际上我也回滚了所有内容并遇到了同样的问题。
我有点不知道该看哪里。
希望得到任何提示。
PS:如果您需要更多信息,请在评论中告诉我。我不想延长这个时间。
提前谢谢您!
编辑附加信息
docker logs 7e3e93cda248 -f
Collect static files
254 static files copied to '/staticfiles', 756 post-processed.
Apply database migrations
System check identified some issues:
WARNINGS:
?: (urls.W005) URL namespace 'v1' isn't unique. You may not be able to reverse all URLs in this namespace
Operations to perform:
Apply all migrations: admin, app, auth, contenttypes, sessions
Running migrations:
No migrations to apply.
System check identified some issues:
WARNINGS:
?: (urls.W005) URL namespace 'v1' isn't unique. You may not be able to reverse all URLs in this namespace
No changes detected in app 'app'
System check identified some issues:
WARNINGS:
?: (urls.W005) URL namespace 'v1' isn't unique. You may not be able to reverse all URLs in this namespace
Operations to perform:
Apply all migrations: admin, app, auth, contenttypes, sessions
Running migrations:
No migrations to apply.
[2023-09-29 04:52:38 +0000] [10] [INFO] Starting gunicorn 21.2.0
[2023-09-29 04:52:38 +0000] [10] [INFO] Listening at: http://0.0.0.0:8000 (10)
[2023-09-29 04:52:38 +0000] [10] [INFO] Using worker: gthread
[2023-09-29 04:52:38 +0000] [11] [INFO] Booting worker with pid: 11
Not Found: /favicon.ico
gunicorn --pythonpath . app.wsgi:application --bind 0.0.0.0:8000 --timeout 120 --threads=3
2 vCPUs
很明显这是一个应用程序级别的问题,当我看到Postgres PID也消耗大量CPU时我就可以猜到了。
有一个性能不佳的 ORM 操作,不知何故以超时结束。