Re: [users@httpd] Howto accept only one connection
On 19/02/16, Oliver Graute wrote: > On 19/02/16, Aurélien Terrestris wrote: > > Hello, > > > > I'm not sure we can accept only one connection at a given time. > > I tested with the "prefork MPM", and I only achieve 1 concurrent request > > being processed at a given time and all others requests are buffered > > (ListenBackLog doesn't seem to work on my server). Once the 1st request has > > been processed, the other ones are processed one after the other. > > > > If running on a Linux, maybe should you configure the iptables to limit > > connections to 1 for the httpd port. Behind a F5 loadbalancer, there is the > > Connection Limit parameter on the virtual server which can be set. > > > > > > my httpd conf : > > > > ./configure . --with-mpm=prefork > > > > > > StartServers 1 > > MinSpareServers 1 > > MaxSpareServers 0 > > MaxRequestWorkers1 > > MaxConnectionsPerChild 0 > > ListenBacklog1 > > ServerLimit 1 > > > > thx for this proposal, i will try it this way... > I tried it this way and it seems to work. If I connect with a second client, the second request is buffered. In the Log I see this message, but this is expected. [mpm_prefork:error] [pid 413] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting Best Regards, Oliver - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Howto accept only one connection
Okay good, thanks for your feedback. A.T. 2016-02-22 11:57 GMT+01:00 Oliver Graute : > On 19/02/16, Oliver Graute wrote: > > On 19/02/16, Aurélien Terrestris wrote: > > > Hello, > > > > > > I'm not sure we can accept only one connection at a given time. > > > I tested with the "prefork MPM", and I only achieve 1 concurrent > request > > > being processed at a given time and all others requests are buffered > > > (ListenBackLog doesn't seem to work on my server). Once the 1st > request has > > > been processed, the other ones are processed one after the other. > > > > > > If running on a Linux, maybe should you configure the iptables to limit > > > connections to 1 for the httpd port. Behind a F5 loadbalancer, there > is the > > > Connection Limit parameter on the virtual server which can be set. > > > > > > > > > my httpd conf : > > > > > > ./configure . --with-mpm=prefork > > > > > > > > > StartServers 1 > > > MinSpareServers 1 > > > MaxSpareServers 0 > > > MaxRequestWorkers1 > > > MaxConnectionsPerChild 0 > > > ListenBacklog1 > > > ServerLimit 1 > > > > > > > thx for this proposal, i will try it this way... > > > > > I tried it this way and it seems to work. If I connect with a second > client, the second request is buffered. In the Log I see this message, but > this > is expected. > > [mpm_prefork:error] [pid 413] AH00161: server reached MaxRequestWorkers > setting, consider raising the MaxRequestWorkers setting > > Best Regards, > > Oliver > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Need Help with SSL Certificate Installation
At 12:28 AM 2/22/2016 -0700, ch...@adamstelecom.com wrote: To whomever may be able to help, I am fairly new to Apache. I have begun developing a CRM software for my company, and chose Linux as my platform. I have been running Apache for several months, in its basic form, while developing. I went online tonight and bought an SSL certificate from GoDaddy, and went to install it. It seems pretty straight forward, and I have plenty of experience with IIS and SSL. However, I can not seem to get it to work. I have added my files to /etc/pki/tls/certs/ folder, and my key to the /etc/pki/tls/private folder. I have opened firewalld port for https. But I continue to get an error in Chrome of "ERR_SSL_PROTOCOL_ERROR". So I am not sure what is going on... FWIW using Firefox 38.3 ESR, your login page works on port 80; forcing https results in: "Secure Connection Failed An error occurred during a connection to tracss.adamstelecom.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)" Googling that error finds a multitude of suggestions Best -- Paul Below is my ssl.conf file: [snip] - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Need Help with SSL Certificate Installation
Quoting Stormy (storm...@stormy.ca): > FWIW using Firefox 38.3 ESR, your login page works on port 80; forcing https > results in: "Secure Connection Failed An error occurred during a connection > to tracss.adamstelecom.com. SSL received a record that exceeded the maximum > permissible length. (Error code: ssl_error_rx_record_too_long)" The webserver behind tracss.adamstelecom.com is talking plain HTTP on TCP/443. | % telnet tracss.adamstelecom.com 443 | Trying 68.187.20.120... | Connected to tracss.adamstelecom.com. | Escape character is '^]'. | GET / HTTP/1.0 | | HTTP/1.1 301 Moved Permanently | [ .. ] Probably missing 'SSLEngine On' for the correct vhost(s). -Sndr. -- | Showering in clothes shows you're crazy. Showering nude shows your nuts. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Need Help with SSL Certificate Installation
Quick update: Upon being onsite with my server, the HTTPS works internally using the server's internal network IP, just get a certificate error becuase of the name mismatch(using the internal IP instead of the domain). I've looked over this so much, and I am still lost. Hoping that insight may help. Chris On Feb 22, 2016 10:24 AM, Sander Smeenk wrote: > > Quoting Stormy (storm...@stormy.ca): > > > FWIW using Firefox 38.3 ESR, your login page works on port 80; forcing > > https > > results in: "Secure Connection Failed An error occurred during a connection > > to tracss.adamstelecom.com. SSL received a record that exceeded the maximum > > permissible length. (Error code: ssl_error_rx_record_too_long)" > > The webserver behind tracss.adamstelecom.com is talking plain HTTP on > TCP/443. > > | % telnet tracss.adamstelecom.com 443 > | Trying 68.187.20.120... > | Connected to tracss.adamstelecom.com. > | Escape character is '^]'. > | GET / HTTP/1.0 > | > | HTTP/1.1 301 Moved Permanently > | [ .. ] > > Probably missing 'SSLEngine On' for the correct vhost(s). > > -Sndr. > -- > | Showering in clothes shows you're crazy. Showering nude shows your nuts. > | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Need Help with SSL Certificate Installation
Chris, By your somments, I am guessing that you have a proxy in front of the http server? Or are you just doing an inbound NAT? Robert On Mon, 22 Feb 2016 12:30:45 -0500 ch...@adamstelecom.com wrote: Quick update: Upon being onsite with my server, the HTTPS works internally using the server's internal network IP, just get a certificate error becuase of the name mismatch(using the internal IP instead of the domain). I've looked over this so much, and I am still lost. Hoping that insight may help. Chris On Feb 22, 2016 10:24 AM, Sander Smeenk wrote: Quoting Stormy (storm...@stormy.ca): > FWIW using Firefox 38.3 ESR, your login page works on port 80; forcing https > results in: "Secure Connection Failed An error occurred during a connection > to tracss.adamstelecom.com. SSL received a record that exceeded the maximum > permissible length. (Error code: ssl_error_rx_record_too_long)" The webserver behind tracss.adamstelecom.com is talking plain HTTP on TCP/443. | % telnet tracss.adamstelecom.com 443 | Trying 68.187.20.120... | Connected to tracss.adamstelecom.com. | Escape character is '^]'. | GET / HTTP/1.0 | | HTTP/1.1 301 Moved Permanently | [ .. ] Probably missing 'SSLEngine On' for the correct vhost(s). -Sndr. -- | Showering in clothes shows you're crazy. Showering nude shows your nuts. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
