On 12.05.2009 15:20, Michael Biebl wrote: > 2009/5/12 André Warnier <a...@ice-sa.com>: >> Michael Biebl wrote: >>> Hi, >>> >>> first of all, I'd like to say hi, as I'm new to the list. >>> >>> I hope you can help me with the following problem I have. >>> I run a stock Debian lenny installation with apache 2.2.9 and tomcat >>> 6.0.18 >>> I'm using mod_proxy to forward the request to tomcat using ajp. The >>> apache vhost configuration looks like this: >>> >>> <VirtualHost *:80> >>> >>> ... >>> ProxyRequests Off >>> ProxyVia On >>> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/ >>> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/ >>> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/ >>> ProxyPass / ajp://localhost:8009/barcooWebsite/ >>> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/ >>> ProxyPassReverseCookiePath /barcooWebsite / >>> ... >>> >>> </VirtualHost> >>> >>> The apache mpm prefork modules is used with the following configuration. >>> <IfModule mpm_prefork_module> >>> StartServers 5 >>> MinSpareServers 5 >>> MaxSpareServers 10 >>> MaxClients 200 >>> MaxRequestsPerChild 0 >>> </IfModule> >>> >>> The tomcat ajp connector configuration is as simple as >>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> >>> >>> >>> Now, when I get a lot of users access, the http connection via apache >>> slows down to a crawl >>> and I get a lot of the following messages in the kernel log: >>> >>> [2350915.113736] __ratelimit: 11 messages suppressed >>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping >>> request. >>> >>> apache and tomcat itself seem to be idling along, and the load is not >>> that high on the machine. >>> >>> Has anyone an idea what's going on there? >>> >> It seems to be something entorely outside of Apache and Tomcat. >> I'm no specialist, but a few names come to mind : iptables, denyhosts, >> SELinux ? > > No selinux enabled, no iptables rules loaded, no denyhosts installed. > > My guess somehow is, that apache is opening too many ajp connections > to tomcat... > > Michael
Have a look at "netstat -an". Also check the httpd documentation page about mod_proxy, which contains lots of additional parameters needed to tune the proxy connection pool (timeouts, persistent connction pool etc.). Not that mod_proxy_ajp is not as old as many other httpd components, so there is still active development and there might be some need to switch to recent versions. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
