Thanks for the input on the timeouts, having run lb connectors in LAN environment for years now, I never really ran into this issue or stumbled across this document.
What I meant by the stop comment is really in reference to fault-tolerance. [For reference, the current environment has a mesh of 4 machines that have redundant hardware load balancers in front of them. To support the dynamic content this is needed, but unnecessary and expensive to replicate in remote locations that only serve static content.] If an apache server can't support serving dynamic content, I need to re-direct users (as transparently as possible) to a server that can. Thinking out loud, I could continue to have dynamic content from www.mysite.com and static from static.mysite.com and simply embed the full static-site url in the page. Alternatively, as you indicated, if I direct them to an error page, I can redirect them to an apache instance that's fully functional. Will take a bit more coordinate between apache server's maybe using something from the Linux LVS or Linux-HA project. Thanks again. John -----Original Message----- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Monday, November 12, 2007 4:32 PM To: Tomcat Users List Subject: Re: Apache/Tomcat/mod_jk over WAN Hi John, John Moore schrieb: > > I have a cluster of Tomcat 5.5 servers that are running Apache 2.2 to > serve static content; mod_jk 1.2.25 connector is used. I am considering > adding apache servers in separate corners of the country to serve the > static content closer to the user. I can not copy Tomcat to each of > these locations. I was thinking of routing the ajp traffic through an > OpenVPN SSL tunnel to the existing tomcat servers. We did some tests and > were surprised that there seemed to be a decent performance increase. > > Has anyone had any successes, failures, or gotcha's doing this? No real experience. I heard from a couple of people, who had problems with the stability of the tunnel. So using Cping/Cpong etc. could be important here. Read the Timeouts docs page http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html especially the parts related to firewalls (a dropped VPN tunnel might behave similarly to an idle connection drop by a firewall). > Would mod_jk solution use less bandwidth than something like mod_proxy > to redirect the tomcat-destined http/s requests? I would not expect, that AJP13 gives a big bandwidth benefit. Since you are talking about dynamic content only, usually we are in the region of about 5-20KB per request, and the savings from the binary encoded HTTP headers should be well below 1KB. On the other hand AJP13 response packets have a little overhead, so I would expect well below 10% reduction in needed bandwidth. > > Any suggestions on stopping user access to a Apache if AJP link to > Tomcat drops? What do you mean by stop? Presenting well-defined error pages? In case mod_jk can not reach Tomcat it should return a 503, sometimes a 504. You can define a customized ErrorDocument in httpd for this case. I would always include an lb worker between Apache and even a single Tomcat, because this enables you to get better state information via a status worker. > Thanks, > John Regards, Rainer --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
