WordPress 4.x random crashes on nginx/PHP-FPM with SSH2

Hat tip to the Ubuntu bugs mailing list for pointing us in the right direction in solving this problem.

Like any good WordPress host we are using SSH keys to provide secure FTP communications for installing/updating our WordPress sites.  Recently we noticed a perplexing issue where WordPress 4.x would crash when accessing the Settings screen or trying to delete a plugin. After disabling the SSH2 extension it loaded fine. The problem lies in the SSH2 header library.

This bug can be identified by the dreaded “Connection reset by peer while reading header from upstream” entry in your site’s error_log (if you have catch_workers_output = yes):

2015/02/24 17:47:41 [error] 3008#0: *23504 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: xxx.xxx.xxx.xxx, request: “GET /wp-admin/options-general.php HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “www.nva.org”, referrer: “http://domain/wp-admin/”

If you look in /var/log/messages you will see something like this:

Feb 24 18:28:58 server_name kernel: php-fpm[9262]: segfault at 0 ip 00007fb00bd1d57f sp 00007fff450dfad8 error 4 in libc-2.12.so[7fb00bbea000+18a000]

Here is how to fix the problem. FWIW all of our servers run CentOS 6.x.

You can download the original patch file or the one hosted on our servers. I’m not sure how long that will be around so I put the file on our server as well. It doesn’t matter because it’s contained in the following script.

You will need to have the following installed before this will work:

  • patch
  • php-devel (we’re using PHP 5.5 so it’s called php55w-devel)
  • wget (or cURL)

This will install patch and wget:

yum install -y patch wget

If you’re OK with running that you don’t need to be told how to install the PHP development libraries.

This will overwrite any SSH2 extension you have installed. But if you’re reading this that doesn’t matter because it’s broke.

cd /tmp
 
wget http://www.sononaco.com/builds/fix-php-segfault.patch
 
wget http://pecl.php.net/get/ssh2-0.12.tgz
 
tar zxvf ssh2-0.12.tgz
 
patch -p1 < fix-php-segfault.patch
 
cd ssh2-0.12
 
phpize
 
./configure
 
make
 
make install
 
echo "extension=ssh2.so" > /etc/php-fpm.d/ssh2.so
 
/etc/init.d/php-fpm restart
 
rm -Rf fix-php-segfault.patch ssh2-0.12.tgz ssh2-0.12

That’s it! You should now be able to log into your WordPress Settings page and continue using SFTP/SSH2 with public keys without the system blowing up.

Alternatively, you can put everything above in a nice BASH script, chmod it to 700 and run it (as root):

#!/bin/bash
 
 
 
cd /tmp
 
wget http://www.sononaco.com/builds/fix-php-segfault.patch
 
wget http://pecl.php.net/get/ssh2-0.12.tgz
 
tar zxvf ssh2-0.12.tgz
 
patch -p1 < fix-php-segfault.patch
 
cd ssh2-0.12
 
phpize
 
./configure
 
make
 
make install
 
echo "extension=ssh2.so" > /etc/php-fpm.d/ssh2.so
 
/etc/init.d/php-fpm restart
 
rm -Rf /tmp/fix-php-segfault.patch /tmp/ssh2-0.12.tgz /tmp/ssh2-0.12
 
echo "Done!"
 
echo ""
 
exit