[users@httpd] High CPU and scoreboard full of W sending reply
Hello All,Not sure if this is a common known tuning/configuration issue or not but I could not find any direct hits searching online for what could be causing this. I have an Apache server configured *purely* as a reverse proxy for a few apps. One of the recent apps added behind it has some really slow responding pages which may contribute to this issue. My issue is that at random times of the day (not network bandwidth or load driven that I can tell from xymon) the Apache CPU maxes out the host (4 cores @ 100%) and the last good apache-status I could pull shows all items on the scoreboard in W "sending reply" state, and just a death cycle of workers being consumed and more Ws till no response at all. The only way to recover is to stop Apache and most of the time kill one of the processes that wont stop fully then restart. I have tweaked the timeouts for the overall apache and the proxypass elements for timeout, ttl, smax, disablereuse to prevent pooling, etc but something still hangs everything out to dry. I have seen this on 2.4.10 and 2.4.25 versions and again only using purely as a reverse proxy.. There are no local databases, no local php scripts, no local session management, etc that can account for this (like some other online posts suggests when not being used as a RP)Any ideas are greatly appreciatedDanny
RE: [users@httpd] Let's Encrypt (LE) and port 80
You can just setup a global redirect on your 80 listener but exclude LE root
pathRewriteEngine On RewriteCond %{REQUEST_URI}
!^/.well-known/acme-challenge/.* RewriteRule ^
https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]Danny
Original message From: Tom Browder
Date: 6/17/20 8:06 AM (GMT-06:00) To: users@httpd.apache.org Subject:
[users@httpd] Let's Encrypt (LE) and port 80 Before LE came along, I tightened
my single server down to redirect http to https. With LE I've been using the
cert generation method where I stop Apache, create the required certs with a
Raku program, and restart Apache.Now with my new Apache 2.4.43 I'm ready to
automate the process. Is there any way to allow port 80 access but only from an
LE server?The only time that would be needed, as far as I know, is when I first
add a new domain and it obviously would not have a cert yet.Thanks.Best
regards,-Tom
Re: [users@httpd] Let's Encrypt (LE) and port 80
I have never used that module and always preferred to keep 80 open purely for redirects (and LE)Danny Original message From: Tom Browder Date: 6/17/20 11:20 AM (GMT-06:00) To: users@httpd.apache.org Subject: Re: [users@httpd] Let's Encrypt (LE) and port 80 pOn Wed, Jun 17, 2020 at 09:55 dmallor wrote:You can just setup a global redirect on your 80 listener but exclude LE root path...Thanks, Danny.I've never used rewrites before, but that looks like a good idea. But which of the two solutions would you prefer?What is the downside of blocking port 80 entirely since mod_md doesn't need it?Using my wife as an example, when looking for a site she usually doesn't specify http[s?] at all--she just clicks on what Google shows her. [:-(Cheers!-Tom
Re: [users@httpd] Default 403 response when no matching vhost
Appreciate the feedback. Rewrite was certainly my first choice and allows me to exclude paths. Danny Original message From: Eric Covener Date: 7/13/20 12:39 PM (GMT-06:00) To: users@httpd.apache.org Subject: Re: [users@httpd] Default 403 response when no matching vhost On Mon, Jul 13, 2020 at 1:02 PM Danny Mallory wrote:>> Figure I would ask this here for the most graceful answer before making up my own. When running Apache for many vhosts (websites or acting as a reverse proxy), is there a way to make the default site (no matching vhost) return a 403 or 400 bad request similar to how Akamai does when no matching vhost is found. Currently I have a default site that just returns the standard "It works" 200 ok when no match is found..You can use mod_asis which is pretty obscure, or RewriteRule ^ =[R=4xx] (it accepts non-redirect codes and mostly works)Or for 403, you could have a `require all denied` block in the vhostfor -To unsubscribe, e-mail: users-unsubscribe@httpd.apache.orgFor additional commands, e-mail: users-h...@httpd.apache.org
