I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:
sudo mkdir -p /var/log/php5-fpm sudo vim /etc/php5/fpm/pool.d/www.conf
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
After a day or so I read the logs and found lots of slow requests to
xmlrpc.php for WordPress vhosts.
A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.
Edit your Apache vhost configuration (or
.htaccess if you don’t have access to this):
Deny from all
#Allow from x.x.x.x
I noticed considerably lower latency when serving requests to PHP pages after this change.