[us...@httpd] Isolating slow and fast connections using apache/modjk
Hi We have an apache server that load balances two types of applications across different stacks of tomcats. We have a tomcat stack for requests that processes very quickly, lets call this stack A and a tomcat stack for slower running request(different type of application) named stack B. We limit connections on the apache to protect the underlying layers eg: ServerLimit 5 ThreadLimit 10 StartServers 5 ThreadsPerChild 10 MinSpareThreads 10 MaxClients 50 MaxSpareThreads 50 However if stack A or B misbehave and eat up all of the available apache connections it can cause a denial of service for the other stack that is on the same apache. My question really is where I should be doing the isolation to protect slow stacks. I am not sure whether I can achieve this in modjk or whether I should rather be running separate apache instances for tomcat stack A and B. I considered using virtual hosts but I believe they would still share the overall amount of threads as defined above. Regards __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Isolating slow and fast connections using apache/modjk
gerhardus.geldenh...@gta-travel.com wrote: [...] Not a real answer to your question, just some data. VirtualHost's will use the same pool of Apache threads/children. A VirtualHost is only a different "personality" that one Apache thread/child assumes temporarily to handle a request, depending on the "Host:" header of the request. All threads/children are identical, and can handle any request for any VirtualHost at any one time, and it is not so that there is one separate thread/child per VirtualHost. But a thread/child that at any one time is "impersonating" a given VirtualHost can re-direct a request to a different "worker", or set of workers, and thus possibly a different set of back-end servers (be they different Tomcat instances on the same host, or different Tomcats on different hosts). It is not really clear in your question what you mean by "stack A or B misbehave". I mean that if your "slow" back-end can handle 10 requests per second, and 20 requests come in, what would you really like to happen ? Also, are "fast" and "slow" requests arriving on the same VirtualHost's (meaning hostnames), or is it so that there is one set of VirtualHosts that only receives "fast" requests and another that only receives "slow" requests ? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Isolating slow and fast connections using apache/modjk
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: 02 January 2009 10:00 > To: users@httpd.apache.org > Subject: Re: [us...@httpd] Isolating slow and fast connections using > apache/modjk > > gerhardus.geldenh...@gta-travel.com wrote: > [...] > Not a real answer to your question, just some data. > > VirtualHost's will use the same pool of Apache threads/children. > A VirtualHost is only a different "personality" that one Apache > thread/child assumes temporarily to handle a request, depending on the > "Host:" header of the request. All threads/children are identical, and > can handle any request for any VirtualHost at any one time, and it is > not so that there is one separate thread/child per VirtualHost. > > But a thread/child that at any one time is "impersonating" a given > VirtualHost can re-direct a request to a different "worker", or set of > workers, and thus possibly a different set of back-end servers (be they > different Tomcat instances on the same host, or different Tomcats on > different hosts). > > It is not really clear in your question what you mean by "stack A or B > misbehave". I mean that if your "slow" back-end can handle 10 requests > per second, and 20 requests come in, what would you really like to > happen ? By misbehave I mean the following in our context. Our stack is configured for example to handle a max of ten connections at any one time. If stack A suddenly runs into a back end problem we will have a lot of threads waiting in apache while tomcat/database finishes the processing. This then takes up all the available threads in apache and leaves no threads to process request for stack B. What I would like to happen is to always have a guaranteed amount of threads available for different contexts defined in modjk. Thus if one stack of tomcats slow down to a crawl it should not eat up connections for the other stack on the same apache httpd. > > Also, are "fast" and "slow" requests arriving on the same VirtualHost's > (meaning hostnames), or is it so that there is one set of VirtualHosts > that only receives "fast" requests and another that only receives > "slow" > requests ? > We don't currently use virtual hosts but it was a thought as a possible solution. I have confused the issue by describing it as slow and fast requests. What is more important is that there is two(can be more) different types of applications running on two different tomcat clusters using one apache with modjk to loadbalance and route requests. One of these is generally slower and will subsequently use up more connections than the faster application on the apache side. One solution would be to run two different servers(xen, vmware) or run two different apache services on the same physical box. I would however prefer a solution where I can have one server with "intelligent" configuration. That really is what my question is about, can I use intelligent configuration to ring fence different type requests on the same apache or should I be using different apache httpd instances. Regards __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Unable to compile Apache-2.2.11 on Windows using Cygwin
Hi Apache folks, I am trying to compile Apache-2.2.11 on Windows-XP using VC7.1 in a Cygwin shell which was priorly passing (compiling sucessfully) with Apache-2.2.9. (I actually have these steps embedded as a part of my shell script) The compilation didn't go through fine for Apache-2.2.11 with the following error message, = To change these options use 'nmake -f Makefile.win [option=value]' Example: nmake -f Makefile.win PORT=8080 Building Win32 Debug targets (D suffixes) 'msdev' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'msdev' : return code '0x1' Stop. NMAKE : fatal error U1077: 'd:\buildtools\vcc7.1\bin\nmake.exe' : return code '0 x2' By looking at the difference in the source tree between Apache-2.2.9 & Apache-2.2.11, I could see that "*.mak" & ".dep" are removed from the latest source tree of Apache-2.2.11 & thus causing the problem. By looking more into "Makefile.win" I could realise that, since these .mak/.dep were present on Apache-2.2.9, it was probably using "nmake.exe" & thus things were working as expected. As these files are not present now, its using "msdev" and causing the problem. Could you please help me out with the actual reason because of which build files where removed from the latest source tree & do let me know if this is a known defect with the latest apache. Please do also let me know the counter measure to fix this problem. Thanks and regards, Sathya
[us...@httpd] Unable to compile Apache-2.2.11 on Windows using Cygwin
Hi Apache folks, I am trying to compile Apache-2.2.11 on Windows-XP using VC7.1 in a Cygwin shell which was priorly passing (compiling sucessfully) with Apache-2.2.9. (I actually have these steps embedded as a part of my shell script) The compilation didn't go through fine for Apache-2.2.11 with the following error message, = To change these options use 'nmake -f Makefile.win [option=value]' Example: nmake -f Makefile.win PORT=8080 Building Win32 Debug targets (D suffixes) 'msdev' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'msdev' : return code '0x1' Stop. NMAKE : fatal error U1077: 'd:\buildtools\vcc7.1\bin\nmake.exe' : return code '0 x2' By looking at the difference in the source tree between Apache-2.2.9 & Apache-2.2.11, I could see that "*.mak" & ".dep" are removed from the latest source tree of Apache-2.2.11 & thus causing the problem. By looking more into "Makefile.win" I could realise that, since these .mak/.dep were present on Apache-2.2.9, it was probably using "nmake.exe" & thus things were working as expected. As these files are not present now, its using "msdev" and causing the problem. Could you please help me out with the actual reason because of which build files where removed from the latest source tree & do let me know if this is a known defect with the latest apache. Please do also let me know the counter measure to fix this problem. Thanks and regards, Sathya
Re: [us...@httpd] Isolating slow and fast connections using apache/modjk
gerhardus.geldenh...@gta-travel.com wrote: [...] I am not a specialist in high-throughput Apache/Tomcat configurations, but just some basic data : First, I think that other people on this list more qualified than I am, will tell you to set up a test configuration, try it out by simulating the real situation you are expecting as closely as possible, and look at where the bottlenecks really are. Second, assuming you are indeed running a threaded Apache (worker mpm), there is not much stopping you from allowing a lot more threads at the Apache level. I have seen numbers mentioned on this list higher than 500 threads in a single Apache. Apparently, each additional thread uses very little additional memory. The numbers you see under Linux using "top" for instance are a bit misleading, because much of what you see actually overlaps. What I mean is that you can probably totally saturate your back-end Tomcats, before you really run out of threads at the Apache level. Of course I may be wrong there, since I don't know which real number of simultaneous requests you are expecting to have in total, nor how long your slow requests can really take to process. But the calculation should be straightforward. Say a slow request takes on average 5 seconds to process, and you expect a maximum of 20 of these to arrive per second. Then you need 100 threads in Tomcat to process them (the first one is free again after 5 seconds and can be re-used). And you need also at least 100 threads in Apache to handle those connections (*). Then do the same for your "fast" requests, and add up the numbers. And add up another 20% just for breathing space. Then add another 20% to the number of Apache threads, just for peaks. (**) Does that lead to an outlandish number ? If yes, then you need a bigger boat ;-) If not, then all you need is a mechanism to select, at the Apache level, which request is re-directed where. There are several possibilities there, from JkMount/JkUnMount to mod_rewrite and mod_proxy and mod_setenvif, to sections with "SetHandler jakarta-servlet", and all the balancing stuff. Running 2 instances of Apache, either on the same host or separate virtual machines, will not make a big difference, but will introduce some inconvenients (such as needing two different hostnames or ports). Unless you put yet another Apache in front again; but that's getting a bit devious, no ? (although I'm sure that there are people out there who have and need that kind of stuff). (*) otherwise you would indeed run out of threads in Apache to handle front-end client connections, while you have idle capacity at the Tomcat level. That would be silly indeed. (**) If an Apache thread tries to connect to a Tomcat, and that Tomcat has temporarily run out of threads to process the call, the connection will be held for a while in the wait queue of the TCP socket of the Tomcat connector. As soon as a Tomcat thread is available again, the connection will go through and grab the Tomcat thread. I believe the standard Tomcat configuration allows for 100 waiting connections per Connector, but that is configurable too. Now also, as a parting shot, do not loose track of the fundamentals : if your average slow request takes 5 seconds to process, and you can shave 1 second off that by optimising your application, you gain 20% of your front-end and back-end threads and servers. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Unsubscribe
unsubscribe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Can't compile libssl and libz into httpd 2.2.11
xPostings wrote: > > I really don't know if it's only a config problem on my side or > if it's a change from apache 2.2.8 to 2.2.11: > How can I compile httpd WITHOUT any linkings to libssl and libz > (that means compile it into httpd). Also the httpd 2.2.8 is bigger > in filesize than 2.2.11 (bacause libz and libssl is not compiled into...) > > My box is a debian etch only basic netinstall with There were libz security flaws back in the early 1.1 and 1.2 series and periodic security updates to libssl. If you have the debian folks offering you updated / patched / secured flavor, why on earth would you want to lock into the flavor of the day and deprive yourself of the fixes to criticial SSL/TLS vulnerability fixes as more are discovered in the future? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] RE: 32 bit Apache on 64 bit RHEL5.2 machine
Tamer Embaby wrote: > Vinay, > > You should use: > > $ export CFLAGS="-m32" > > Then continue with the ./configure and Apache compilation > as usual. You might discover autoconf is broken with that advice, if so just use CC="gcc -m32" instead, which will ensure all autoconf tests in ./configure are using 32 bit compilation. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Unable to compile Apache-2.2.11 on Windows using Cygwin
sathya sai wrote: > > By looking at the difference in the source tree between Apache-2.2.9 & > Apache-2.2.11, I could see that "*.mak" & ".dep" are removed from the > latest source tree of Apache-2.2.11 & thus causing the problem. nope - .mak/.dep files are added to the httpd-2.2.x-win32-src.zip package. If you want a native build from the command line (sounds like you do) you just need to grab the right package and ensure ms tools/sdk are in your path. FYI the other way 'round is to run srclib\apr\build\cvtdsp -2005 and then load apache.dsw into devenv (visual studio 2003+++). Even running the command line make when then run them through the console devenv mode from the imported .sln / .vcproj files. If you want a command line cyg/mingw build you don't do any of the above, including using makefile.win. You run ./configure and proceed as if you were running in any other unix package. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Unsubscribe
As the bottom of every message says: To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org At 06:15 AM 1/2/2009, you wrote: unsubscribe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] 32 bit Apache2.2.11 on 64 bit RHEL5.2
Hi, Can anyone help me on following queries : 1) How to find the existing apache web server mode? (running command 'file httpd' from Apache -> bin will give the mode. Is it correct?) 2) If we install Apache web server 2.2 on 64 bit RHEL5.2, what will be its mode by default i.e., default installation mode? 3) Can we convert its mode from 64 bit to 32 bit? i.e., is it possible to have Apache web server in 32 bit mode on 64 bit RHEL? 4) If possible, how to do it? -Vinay <>- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] 32 bit Apache2.2.11 on 64 bit RHEL5.2
On Fri, Jan 2, 2009 at 11:44 AM, Vinay Purohit wrote: > 1) How to find the existing apache web server mode? (running command 'file > httpd' from Apache -> bin will give the mode. Is it correct?) Yes -- Or, find apachectl or httpd and run -V|grep Architecture > 2) If we install Apache web server 2.2 on 64 bit RHEL5.2, what will be its > mode by default i.e., default installation mode? >From source or from a package? Can't you try it and see? > > 3) Can we convert its mode from 64 bit to 32 bit? i.e., is it possible to > have Apache web server in 32 bit mode on 64 bit RHEL? > > 4) If possible, how to do it? > In another thread, the compilation enviromnet was described to you. Did you try it? What happened? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] 32 bit Apache2.2.11 on 64 bit RHEL5.2
Hi Vinay,
- Original Message -
From: "Vinay Purohit"
To: users@httpd.apache.org
Sent: Friday, January 2, 2009 10:44:09 AM GMT -06:00 US/Canada Central
Subject: [us...@httpd] 32 bit Apache2.2.11 on 64 bit RHEL5.2
>1) How to find the existing apache web server mode? (running command 'file
>httpd' from Apache -> >bin will give the mode. Is it correct?)
Yes. ldd /usr/sbin/httpd will also confirm that, showing you that it's been
linked to /lib64/ libraries.
>2) If we install Apache web server 2.2 on 64 bit RHEL5.2, what will be its
>mode by default i.e., >default installation mode?
It will be 64 bit by default. You could probably install the httpd packages
from 32bit RHEL5.2 and they would work so long as you included all of the other
32 bit dependencies (and dependencies of dependencies).
>3) Can we convert its mode from 64 bit to 32 bit? i.e., is it possible to have
>Apache web server >in 32 bit mode on 64 bit RHEL?
You can't convert a binary from 64 to 32 bit, but you could either install the
32 bit packages or build a 32bit httpd on 64 bit RHEL5.2
>4) If possible, how to do it?
I used the following config line to build 32 bit httpd on 64 bit RHEL:
./configure CFLAGS=-m32 CXXFLAGS=-m32 FFLAGS=m32 FCFLAGS=-m32
--prefix=/usr/local/httpd-2.2.11-32bit {plus any further configs you need}
That should give you a 32 bit httpd. Note that you'll need to do similar for
any modules you compile against it (can't link 64 bit PHP to 32 bit httpd for
instance).
Matt
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] segmentation fault on shutdown with dbd
When I shut down apache via apachectl top, it gives me this error /usr/local/apache2/bin/apachectl: line 77: 5034 Segmentation fault $HTTPD -k $ARGV the log reports [Fri Jan 02 10:28:51 2009] [notice] seg fault or similar nasty error detected in the parent process If I take mod_dbd and mod_authn_dbd out of the compile, there is no problem. This is apache 2.11 on fedora 64. Anyone else experience this?
[us...@httpd] more authn_dbd woes
I have a server with several hundred directories, each password protected against their own database. I added a file, httpd-auth.conf in conf/extra that I include from httpd.conf. This file has many entries that look like this: AuthType Basic AuthName "Z-TEC International, Inc.: Onepage Plans" AuthBasicProvider dbd Require valid-user AuthDBDUserPWQuery "select password from onepage_1pbpdemo.structure where userid = %s AuthType Basic AuthName "Z-TEC International, Inc. Admin Area" AuthBasicProvider dbd Require valid-user AuthDBDUserPWQuery "select adminPasswd from onepage_1pbpdemo.master where adminUser = %s when there are only a few of these entries, the system works. However, when the file is complete with all 17,000 lines, the server produces errors and no longer does authentication correctly. I get this error: Internal error: DBD: failed to prepare SQL statements: I grep 'failed to prepare' in modules/aaa and srclib/apr and srclib/apr-util, but it isn't found. As usual, this isn't a terribly informative error. It would be great if it said WHAT SQL statement it failed to prepare, or if it was out of memory or whatever. Any help?
[us...@httpd] issue with apache proxy to tomcat with apache simple authentication.
Hey all,
Here's what I'm trying to achieve. I have a tomcat application deployed on
another server and have configured apache to proxy to it using mod_jk.
Works great. So, if I go to http://huskar/ apache reads through, does some
rewrites and sends me to http://huskar/clearspace/index.jspa (which is
actually http://luna:8080/clearspace/index.jspa)
Now, I want apache to do some simple authentication. I downloaded and
loaded mod_auth, created a htpasswd file, and put in the following
configuration.. (ignore, or pay attention to, the commented stuff... I was
trying a bunch of different things).
I read online that location should be used when you're protecting a url and
not a actual filesystem on the apache host..Once this is enabled, it
does prompt me to login, and I login, but then it forwards me to a blank
page(the redirect works), so I end up at
http://huskar/clearspace/index.jspa, but it seems like it stops responding.
However, if I do... http://huskar/clearspace/admin (the admin page) it
authenticates me(if I close my browser) and redirects me fine... which is
really bizarre.
If I disable authentication, both work.
Below is my location statements, as well as the redirects I have in place..
Any help is most appreciated.
Options FollowSymLinks
AllowOverride None
#AllowOverride FileInfo Indexes AuthConfig
#Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
AuthName "restricted stuff"
AuthType Basic
AuthUserFile /usr/local/apache/2.0.63/conf/htpasswd
require valid-user
#
#Order allow,deny
#Allow from all
#
#
#Order deny,allow
#Deny from all
#
RewriteEngine On
# Redirect to correct hostname
RewriteCond %{HTTP_HOST} !huskar\.bedford\.progress\.com
RewriteRule ^(.*)$ http://huskar.bedford.progress.com$1
# Load ClearSpace by default
RewriteRule ^/$ /clearspace/index.jspa [R=301,L]
and for fun... my jk statements.
JkWorkersFile "/usr/local/apache/2.0.63/conf/workers.properties"
JkLogFile "/var/logs/www/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /examples/* worker1 - testing
JkMount /manager/* worker2 - testing
JkMount /clearspace/* worker3
--
View this message in context:
http://www.nabble.com/issue-with-apache-proxy-to-tomcat-with-apache-simple-authentication.-tp21258350p21258350.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
