Near
Posts: 6
Joined: Mon May 06, 2013 11:59 pm

Important notice for rpi public servers

Tue May 07, 2013 5:11 pm

Hello guys!

After I have got my first rpi I installed the services I needed. Before making it online I wanted to test it with some automatic tools to see if it can go public. My SD card crashed then.

The problem comes when you write the same part of an SD card many times - if you have a public server, apache for example - users or maybe attackers can send a lot of requests which are logged.

Logging means IO usage - write. That's what flash cards don't like.

After sending thousand of requests to my rpi it' not a big deal to find out what happened. An attacker can use this method to DOS you server.

Of course there is protection for this: use ramfs and/or tmps.

Using ramfs won't hurt your SD card at all and make the system load decrease, but if you shut down the server you loose the logs. Using tmps with "noatime" mount option will decrease the IO usage - it won't save when was the file last accessed but after shut down you will have your logs.

Turning off swap is also a good idea, so not even tmpfs will use it. However that needs some more space management to not to run out of space for logging.

Be careful with big logs - they can destroy your SD card fast.
Last edited by Near on Tue May 07, 2013 5:30 pm, edited 2 times in total.

User avatar
rpdom
Posts: 17029
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Important notice for rpi public servers

Tue May 07, 2013 5:21 pm

The problem with tmpfs is that if there is not enough free memory to hold the files they will be written to the swap file or partition instead. That swap will be on your SD card and so you will only have reduced the writes somewhat.
Using tmps will decrease the IO usage, but after shut down you will have your logs.
I don't understand this statement. As the tmpfs partition is just a ram disk that allows swap to be used when needed, how is it going to save your logs across shutdowns?

One of the best ways to prevent the SD card from wearing out too soon is to have the root partition (and a swapfile/partition if you need one) on a USB HD. A small drive should be sufficient as long as it has its own power supply.

Near
Posts: 6
Joined: Mon May 06, 2013 11:59 pm

Re: Important notice for rpi public servers

Tue May 07, 2013 5:31 pm

rpdom wrote:The problem with tmpfs is that if there is not enough free memory to hold the files they will be written to the swap file or partition instead. That swap will be on your SD card and so you will only have reduced the writes somewhat.
Using tmps will decrease the IO usage, but after shut down you will have your logs.
I don't understand this statement. As the tmpfs partition is just a ram disk that allows swap to be used when needed, how is it going to save your logs across shutdowns?

One of the best ways to prevent the SD card from wearing out too soon is to have the root partition (and a swapfile/partition if you need one) on a USB HD. A small drive should be sufficient as long as it has its own power supply.
I just forgot to mention swap and "noatime" mount option, but I have edited and corrected it. Hope it's ok now.

technion
Posts: 238
Joined: Sun Dec 02, 2012 9:49 am

Re: Important notice for rpi public servers

Wed May 08, 2013 6:56 am

As someone who runs a public Pi server, and regularly demonstrates its power by running ApacheBench against it (and throwing 5000 connections at it at once.. repeatedly), I would dispute the view that a Pi is DoS'ed any more easily than any traditional server.

I've had multiple experiences with "poweful" cPanel servers effectively going offline due to slightly increased load.

Issues around SD cards crashing come up here often, and it's often attributed to cheap cards moreso than running public web servers.

Near
Posts: 6
Joined: Mon May 06, 2013 11:59 pm

Re: Important notice for rpi public servers

Wed May 08, 2013 9:51 am

technion wrote:As someone who runs a public Pi server, and regularly demonstrates its power by running ApacheBench against it (and throwing 5000 connections at it at once.. repeatedly), I would dispute the view that a Pi is DoS'ed any more easily than any traditional server.

I've had multiple experiences with "poweful" cPanel servers effectively going offline due to slightly increased load.

Issues around SD cards crashing come up here often, and it's often attributed to cheap cards moreso than running public web servers.
DoS is caused by making the SD card wear out. Normally, even good quality cards can take ~100.000 writes. On a stress and/or pentest ten thousands of requests are sent and logged. 100.000 writes are not so much if we speak about logs, mainly if the logs rewrite itself and not expanding.

pgix
Posts: 34
Joined: Wed Jan 25, 2012 3:53 pm
Contact: Website

Re: Important notice for rpi public servers

Wed May 08, 2013 10:38 am

Hi,

If it's really a big worry, use a USB hard drive for the logs (or a large capacity [wear levelling?] pen drive/SSD)?

Cheers,
Adam

EDIT: Sorry - I missed this:
rpdom wrote:One of the best ways to prevent the SD card from wearing out too soon is to have the root partition (and a swapfile/partition if you need one) on a USB HD. A small drive should be sufficient as long as it has its own power supply.

tdaemon
Posts: 4
Joined: Sun Oct 28, 2012 9:43 pm

Re: Important notice for rpi public servers

Wed May 08, 2013 3:01 pm

Near wrote: DoS is caused by making the SD card wear out. Normally, even good quality cards can take ~100.000 writes. On a stress and/or pentest ten thousands of requests are sent and logged. 100.000 writes are not so much if we speak about logs, mainly if the logs rewrite itself and not expanding.
I am afraid that it is 3 000-10 000 writes for MLC cards, not 100 000. And for newer cards using TLC it can be as low as 1 000.

BTW you can also use separate /tmp partition with very long commit interval and may be without journal (ext2) to reduce writes.
I am running web server on Pi for few mounth now, and still have no problems with card. But site which is hosted there is not too popular, something like 100 hosts/day.

1pi2much
Posts: 99
Joined: Sun Feb 24, 2013 6:58 pm

Re: Important notice for rpi public servers

Wed May 08, 2013 7:32 pm

It might be good to have a table somewhere for webservers

card brand, size, low/med/hi loaded site, time to failure

on some wiki to track this issue. Some people think it is a big fuss about nothing.

Do the current sd/microsd cards have wear levelling? In which case a larger sd card
might solve the problem for smaller sites.
I have disabled swap, and put my logs in tmpfs. Also changed logrotate to keep fewer
logs so they dont fill up the space. I also awstat the web logs frequently enough to not care
much when I lose them on a reboot.

Some interesting commands to check for io writes are

1. iotop -oa (its a top for io)
2. iostat -d <time> <count> to see how many writes to sd happen per <time> seconds.

The goal is to get it 0 writes when the pi is not busy.
--

RPiJunior
Posts: 21
Joined: Tue May 07, 2013 6:12 pm

Re: Important notice for rpi public servers

Thu May 09, 2013 6:49 am

I'm getting a 512MB SD Card with the boot partition on it. :mrgreen:

Then I will add USB HDD of some form with the OS. :mrgreen: :mrgreen:

Finally I will change config.txt to reflect the USB HDD. :mrgreen: :mrgreen: :mrgreen:

Code: Select all

int main() {
    try
        throw "off table";
    } catch (void e) {
        printf("Phew...");
    }
}
WARNING: I destroy! :twisted:

Return to “Advanced users”