Mit freundlichen Grüßen David Kumar Softwareentwickler, B. Sc. Abteilung Infotech - Interaktiv TELESTAR-DIGITAL GmbH Am Weiher 14 D-56766 Ulmen
Tel.: + 49 (0) 6592 / 712 -2826 Tel.: + 49 (0) 2676 / 9520 -183 Fax: + 49 (0) 6592 / 712 -2829 http://www.telestar.de/ -----Ursprüngliche Nachricht----- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Freitag, 15. März 2013 10:45 An: Tomcat Users List Betreff: Re: AW:AJP suddenly Stopps acting: ajp on 7009 and 9009 : connections keept open >Some notes : >- according to the comments in your Apache config file, you are using the >>"worker MPM". >But are you sure ? what does "/usr/sbin/apache2ctl -l" say ? Compiled in modules: core.c mod_log_config.c mod_logio.c worker.c http_core.c mod_so.c >- we are missing the contents of your "/etc/apache2/workers.properties" file Sry didn't rename properties, see attached.. >- we are missing the JkMounts or equivalent that you are doing from Apache >to >Tomcat. Same to our default website > related questions : you have 2 tomcats. Are you doing load-balancing ? or > >are you just >sending some URLs to tomcat1 and other to tomcat2 ? We doing loadbalacning >Are you proxying everything to the tomcats, or is the Apache httpd front->end >serving some URLs on its own ? if so, what proportion ? Everything goes to the tomcats >- how many hits per second/minute/hour (any of them, approx.) is your >server >handling ? according to our logs yesterday between 8pm and 9pm we had 73667 hits together on both tomcats. >- you do not have any specific timeout parameters set in your Tomcat AJP >><Connectors>, > which is basically a good thing : better to leave the defaults in place, > >than to start >playing with settings that you do not really understand, and make things >>worse. But you do set one : connectionTimeout="200000". Which sounds extremely high to me. Re: http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html >It means that when a client connects to that Connector, a Tomcat thread >will >be started to >handle this connection; then the thread will wait on the connection, to >read >the request. >If the request does not appear, this thread will still wait, up to 200 >>seconds (more than >3 minutes !) for this request to appear, before it gives up, closes that >>connection, and >goes back to the pool of available threads. >A normal client would not do that, but a badly-intentioned client that >tries >to create a >DOS attack on your server, will do that, just to block threads on your >server >until there >are no more threads available. > >In this case, it is even worse, because other parameters are using this >same >value as a >default, like : keepAliveTimeout. >This one means that once one request has been processed by this Tomcat >thread >on that >connection, the thread will not close this connection, but wait to see if >any >other >request appears on that connection from the same client, within the timeout >>given. >In this case, because it defaults to connectionTimeout, the thread will >wait >more than 3 >minutes to see if there is another request. If the client (browser) does >not >send any >additional request on that connection, you have a thread that is blocked >>doing nothing, >for more than 3 minutes. >In this case, the client is in reality the mod_jk module under Apache. So >>the settings of >Apache and mod_jk will matter, and I cannot tell exactly at this point what >>will happen. >But if this was a HTTP Connector open to the external WWW world, what would >>certainly >heppen is that you would run out of threads in Tomcat within a couple of >>minutes, and your >server would stop accepting new requests. > > >Or to put this another way : if this was a HTTP connector open to the >outside >world, and I >knew the address of your server, I could bring it down in 3 seconds, using >>the standard >"ab" program that comes with Apache. that is how our servers are connected together: We have another Webserver (different server) connecting to our Apache - Proxy which is loadbalacning our two tomcats. (Apache and tomcat are together at on server) I will go end reduce the timeout on both worker.properties and server.xml. What will be a value? 30 Seconds? Thanks a lot..
workers.tomcat_home=/opt/tomcat workers.java_home=/usr/lib/jvm/java-6-sun ps=/ worker.list=loadbalancer,status #//siehe https://community.jboss.org/wiki/OptimalModjk12Configuration worker.tomcatX.host=localhost worker.tomcatX.type=ajp13 worker.tomcatX.fail_on_status=404 worker.tomcatX.lbfactor=1 worker.tomcatX.ping_timeout=1000 worker.tomcatX.ping_mode=A worker.tomcatX.socket_timeout=10 worker.tomcatX.connection_pool_timeout=200 worker.tomcat1.reference=worker.tomcatX worker.tomcat1.port=7009 worker.tomcat2.reference=worker.tomcatX worker.tomcat2.port=9009 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 worker.status.type=status
<VirtualHost *:8080> ServerAdmin webmaster@localhost SetEnvIf User-Agent "(internal dummy connection)$" dontlog SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog JkMount /* loadbalancer JKMount /status/* status #JkOptions +DisableReuse DocumentRoot /var/www # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog "|/usr/bin/cronolog ${APACHE_LOG_DIR}/10.100.12.144/access.%Y%m%d.log" combined env=!dontlog ErrorLog "|/usr/bin/cronolog ${APACHE_LOG_DIR}/10.100.12.144/error.%Y%m%d.log" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options FollowSymLinks AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> #<VirtualHost *:80> # <ifModule mod_alias.c> # Redirect 301 / http://10.100.12.144:8080 # </ifModule> #</VirtualHost>
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org