使用docker随机部署的Tomcat 9没有任何webapp，CPU达到200%。

Question

嗨，有一个Tomcat 9在AWS机器上运行，使用下面的docker文件：

version: '3'
services:
  fstomcat:
    image: tomcat:9
    container_name: fstomcat
    ports:
      - 443:443
    volumes:
      - /opt/tomcat/webapps:/usr/local/tomcat/webapps
      - /opt/tomcat/conf:/usr/local/tomcat/conf
      - /opt/tomcat/logs:/usr/local/tomcat/logs

目前还没有网络应用程序(webapp是空的)。这个EC2只有Tomcat。没有Apache，没有其他web服务器或数据库服务器。然而，AWS报告CPU使用量的随机峰值。当我进入容器时，java是199%的CPU。最近的高峰发生在2021-06-2013:30，而我那一天仅有的日志是：

catalina：

20-Jun-2021 09:45:04.595 INFO [https-openssl-nio-443-exec-6] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
        java.lang.IllegalArgumentException: Invalid character found in the request target [/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_$
                at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:490)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
                at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:834)

准入：

192.241.220.30 - - [20/Jun/2021:00:22:53 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:31:59 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:32:03 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:32:03 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:32:03 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:32:04 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:32:06 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:32:08 +0000] "-" 400 -
74.82.47.4 - - [20/Jun/2021:00:33:03 +0000] "-" 400 -
162.216.17.178 - - [20/Jun/2021:00:41:24 +0000] "-" 400 -
128.1.248.42 - - [20/Jun/2021:01:17:50 +0000] "GET / HTTP/1.1" 404 682
192.241.215.206 - - [20/Jun/2021:01:56:40 +0000] "GET /actuator/health HTTP/1.1" 404 682
45.33.79.16 - - [20/Jun/2021:02:19:19 +0000] "-" 400 -
209.17.97.98 - - [20/Jun/2021:02:57:39 +0000] "-" 400 -
162.216.17.71 - - [20/Jun/2021:04:19:13 +0000] "-" 400 -
45.83.67.150 - - [20/Jun/2021:04:58:00 +0000] "-" 400 -
66.240.205.34 - - [20/Jun/2021:06:08:25 +0000] "-" 400 -
45.33.79.16 - - [20/Jun/2021:06:18:56 +0000] "-" 400 -
162.62.123.46 - - [20/Jun/2021:08:04:09 +0000] "GET / HTTP/1.0" 404 682
192.241.218.53 - - [20/Jun/2021:08:12:25 +0000] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 682
162.216.17.71 - - [20/Jun/2021:08:18:54 +0000] "-" 400 -
45.146.165.123 - - [20/Jun/2021:09:44:57 +0000] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:44:59 +0000] "GET /_ignition/execute-solution HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:00 +0000] "GET / HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:02 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:04 +0000] "GET null HTTP/1.1" 400 2273
45.146.165.123 - - [20/Jun/2021:09:45:06 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:06 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:07 +0000] "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:08 +0000] "POST /mifs/.;/services/LogService HTTP/1.1" 404 682
45.146.165.123 - - [20/Jun/2021:09:45:09 +0000] "GET /console/ HTTP/1.1" 404 682
45.33.79.16 - - [20/Jun/2021:10:19:25 +0000] "-" 400 -
193.118.53.210 - - [20/Jun/2021:10:20:10 +0000] "GET / HTTP/1.1" 404 682
162.216.17.71 - - [20/Jun/2021:12:19:00 +0000] "-" 400 -
138.68.175.207 - - [20/Jun/2021:13:28:31 +0000] "-" 400 -
138.68.175.207 - - [20/Jun/2021:13:28:35 +0000] "-" 400 -
138.68.175.207 - - [20/Jun/2021:13:28:35 +0000] "-" 400 -
138.68.175.207 - - [20/Jun/2021:13:28:35 +0000] "-" 400 -
138.68.175.207 - - [20/Jun/2021:13:28:35 +0000] "-" 400 -
165.22.86.42 - - [20/Jun/2021:13:56:50 +0000] "-" 400 -
162.142.125.39 - - [20/Jun/2021:14:01:08 +0000] "-" 400 -
162.142.125.39 - - [20/Jun/2021:14:01:10 +0000] "GET / HTTP/1.1" 404 682
162.142.125.39 - - [20/Jun/2021:14:01:10 +0000] "GET / HTTP/1.1" 404 682
60.217.75.69 - - [20/Jun/2021:14:22:42 +0000] "GET / HTTP/1.1" 404 682
172.105.172.151 - - [20/Jun/2021:14:35:22 +0000] "GET /owa/ HTTP/1.1" 404 682
192.241.214.26 - - [20/Jun/2021:15:04:40 +0000] "GET / HTTP/1.1" 404 682
34.90.100.245 - - [20/Jun/2021:15:18:59 +0000] "GET /.env HTTP/1.1" 404 682
34.90.100.245 - - [20/Jun/2021:15:19:00 +0000] "POST / HTTP/1.1" 404 682
128.14.134.170 - - [20/Jun/2021:16:01:33 +0000] "GET / HTTP/1.1" 404 682
97.107.132.27 - - [20/Jun/2021:16:19:28 +0000] "-" 400 -
173.255.234.116 - - [20/Jun/2021:16:30:04 +0000] "-" 400 -
23.90.160.130 - - [20/Jun/2021:16:37:09 +0000] "GET / HTTP/1.1" 404 682
23.95.191.195 - - [20/Jun/2021:16:50:06 +0000] "POST /GponForm/diag_Form?style/ HTTP/1.1" 404 682
162.216.17.71 - - [20/Jun/2021:18:18:33 +0000] "-" 400 -
193.118.53.210 - - [20/Jun/2021:18:29:39 +0000] "GET / HTTP/1.1" 404 682
51.159.23.43 - - [20/Jun/2021:18:44:34 +0000] "GET / HTTP/1.1" 404 682
45.79.168.6 - - [20/Jun/2021:20:19:38 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:48:59 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:48:59 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:48:59 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:48:59 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:48:59 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:48:59 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:49:00 +0000] "-" 400 -
192.241.220.87 - - [20/Jun/2021:20:49:00 +0000] "-" 400 -
192.241.212.36 - - [20/Jun/2021:21:03:09 +0000] "-" 400 -
128.14.209.162 - - [20/Jun/2021:21:36:20 +0000] "GET / HTTP/1.1" 404 682
192.241.218.97 - - [20/Jun/2021:22:11:38 +0000] "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 404 682
45.79.144.15 - - [20/Jun/2021:22:19:16 +0000] "-" 400 -
162.142.125.40 - - [20/Jun/2021:23:08:05 +0000] "-" 400 -
162.142.125.40 - - [20/Jun/2021:23:08:07 +0000] "GET / HTTP/1.1" 404 682
162.142.125.40 - - [20/Jun/2021:23:08:07 +0000] "GET / HTTP/1.1" 404 682
45.63.12.50 - - [20/Jun/2021:23:49:07 +0000] "-" 400 -

syslog：

Jun 20 13:00:24 ip-172-30-1-110 systemd-timesyncd[21286]: Network configuration changed, trying to establish connection.
Jun 20 13:00:24 ip-172-30-1-110 systemd-networkd[13629]: ens5: Configured
Jun 20 13:00:24 ip-172-30-1-110 systemd-timesyncd[21286]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
Jun 20 13:17:01 ip-172-30-1-110 CRON[21362]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Jun 20 13:30:24 ip-172-30-1-110 systemd-networkd[13629]: ens5: Configured
Jun 20 13:30:24 ip-172-30-1-110 systemd-timesyncd[21286]: Network configuration changed, trying to establish connection.
Jun 20 13:30:24 ip-172-30-1-110 systemd-timesyncd[21286]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).

服务器就是这样启动的：

23-Jun-2021 17:37:03.904 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [maxSpareThreads] to [75]
23-Jun-2021 17:37:03.999 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.41
23-Jun-2021 17:37:04.000 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Dec 3 2020 11:43:00 UTC
23-Jun-2021 17:37:04.001 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.41.0
23-Jun-2021 17:37:04.003 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
23-Jun-2021 17:37:04.003 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.4.0-1029-aws
23-Jun-2021 17:37:04.004 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
23-Jun-2021 17:37:04.004 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/openjdk-11
23-Jun-2021 17:37:04.005 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           11.0.10+9
23-Jun-2021 17:37:04.005 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
23-Jun-2021 17:37:04.006 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
23-Jun-2021 17:37:04.006 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
23-Jun-2021 17:37:04.007 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
23-Jun-2021 17:37:04.008 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
23-Jun-2021 17:37:04.008 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
23-Jun-2021 17:37:04.008 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
23-Jun-2021 17:37:04.009 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
23-Jun-2021 17:37:04.009 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
23-Jun-2021 17:37:04.010 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
23-Jun-2021 17:37:04.016 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
23-Jun-2021 17:37:04.017 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
23-Jun-2021 17:37:04.018 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
23-Jun-2021 17:37:04.018 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
23-Jun-2021 17:37:04.018 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
23-Jun-2021 17:37:04.025 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.25] using APR version [1.6.5].
23-Jun-2021 17:37:04.025 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
23-Jun-2021 17:37:04.026 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
23-Jun-2021 17:37:04.030 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1d  10 Sep 2019]
23-Jun-2021 17:37:04.634 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-443"]
23-Jun-2021 17:37:05.225 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [1569] milliseconds
23-Jun-2021 17:37:05.324 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
23-Jun-2021 17:37:05.324 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.41]
23-Jun-2021 17:37:05.365 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-443"]
23-Jun-2021 17:37:05.396 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [170] milliseconds

我们禁用了EC2机器中的任何自动更新，以消除码头上的更新导致这种情况的可能性。但我们唯一能做的就是重新启动它。

我想知道是否有人曾经处理过这样的事情，并对如何纠正它有想法。

Answer 1

您的服务器经常被bot网络/病毒扫描是否存在漏洞。如果这会导致服务中断，您可以使用fail2ban将in列入黑名单，这会在短时间内导致大量400错误。

您可能会对404错误执行同样的操作，但请确保只匹配站点上从未存在的请求URI，否则可能会禁止搜索引擎爬虫。