On 24 June 2013 18:27, Tom Evans <tevans...@googlemail.com> wrote:
> On Mon, Jun 24, 2013 at 2:03 PM, Robert Gabriel <epheme...@gmail.com>
> wrote:
> > Hello all,
> >
> > We have:
> >
> > Apache 2.2.3
> > CentOS 5.5 x86_64
> > Splunk 5.0.2
> >
> > I only know the basics but Apache has been serving us very well with the
> > below config
> >
> > and only after about a week did pages refresh very slowly, up to a
> minute to
> > reload
> >
> > sometimes.
> >
> > I tailed both httpd and splunkd logs and saw a consistent delay of 30s
> > between proxy
> >
> > and origin server (both on same host) along with plenty of 304s,
> followed by
> > what
> >
> > appeared to be some timeout and then slowly the 200s started coming back
> in.
> >
> > A restart of httpd cleared up the issue.
> >
> > I'm lost, please help.
> >
> > Could this be a caching problem?
> >
> > Thank you.
> >
> > <VirtualHost *:443>
> > SSLEngine on
> > SSLCertificateFile /etc/httpd/conf/server.crt
> > SSLCertificateKeyFile /etc/httpd/conf/server.key
> > SSLProxyEngine On
> > SSLCACertificateFile /etc/httpd/conf/gsoc.pem
> > SSLProtocol all -SSLv2
> > SSLVerifyClient require
> > SSLVerifyDepth 1
> > SSLOptions +StrictRequire
> >
> > RequestHeader set X-Remote-User %{REMOTE_USER}s
> >
> > ServerName dashboards.gsoc.co.za:443
> > ServerAdmin ad...@gsoc.co.za
> > DocumentRoot /srv/http/gdf/
> > CustomLog /var/log/httpd/gdf/access combined
> > ErrorLog /var/log/httpd/gdf/error
> > LogLevel debug
> >
> > ProxyRequests Off
> > ProxyPreserveHost Off
> > ProxyPass /gdf https://172.20.67.2:8000/gdf
> > ProxyPassReverse /gdf https://172.20.67.2:8000/gdf
> >
> > <Directory />
> > SSLRequireSSL
> > AllowOverride none
> > AuthName "GDF"
> > AuthType Basic
> > AuthDigestProvider file
> > AuthUserFile /etc/httpd/conf/passwd
> > Require ssl-verify-client
> > Require valid-user
> > Require ssl
> > Satisfy All
> > </Directory>
> >
> > <Location /gdf>
> > SSLRequireSSL
> > AuthName "GDF"
> > AuthType Basic
> > AuthDigestProvider file
> > AuthUserFile /etc/httpd/conf/passwd
> > Require ssl-verify-client
> > Require valid-user
> > Require ssl
> > Satisfy All
> > </Location>
> > </VirtualHost>
>
> 30 seconds is the length of the default timeout in apache.
> Unfortunately, that timeout is used in all sorts of cases, so it does
> not tell us what is timing out.
>
> As a rank guess, I would be going for DNS timeout myself. Do you have
> HostnameLookups set to "On" or "Double", or using host names in ACLs?
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
We are not doing any hostname ACLs.
Forgive my limited knowledge, I did RTFM before replying to make sure I
understood
the intended config and no, we are not doing any.
"HostnameLookups Off"
How come a restart "fixes" the problem?
Thank you.
