Mit freundlichen Grüßen
David Kumar
Softwareentwickler, B. Sc.
Abteilung Infotech - Interaktiv
TELESTAR-DIGITAL GmbH
Am Weiher 14
D-56766 Ulmen
Tel.: + 49 (0) 6592 / 712 -2826
Tel.: + 49 (0) 2676 / 9520 -183
Fax: + 49 (0) 6592 / 712 -2829
http://www.telestar.de/
-----Ursprüngliche Nachricht-----
Von: André Warnier [mailto:a...@ice-sa.com]
Gesendet: Freitag, 15. März 2013 10:45
An: Tomcat Users List
Betreff: Re: AW:AJP suddenly Stopps acting: ajp on 7009 and 9009 : connections
keept open
>Some notes :
>- according to the comments in your Apache config file, you are using the
>>"worker MPM".
>But are you sure ? what does "/usr/sbin/apache2ctl -l" say ?
Compiled in modules:
core.c
mod_log_config.c
mod_logio.c
worker.c
http_core.c
mod_so.c
>- we are missing the contents of your "/etc/apache2/workers.properties" file
Sry didn't rename properties, see attached..
>- we are missing the JkMounts or equivalent that you are doing from Apache >to
>Tomcat.
Same to our default website
> related questions : you have 2 tomcats. Are you doing load-balancing ? or
> >are you just
>sending some URLs to tomcat1 and other to tomcat2 ?
We doing loadbalacning
>Are you proxying everything to the tomcats, or is the Apache httpd front->end
>serving some URLs on its own ? if so, what proportion ?
Everything goes to the tomcats
>- how many hits per second/minute/hour (any of them, approx.) is your >server
>handling ?
according to our logs yesterday between 8pm and 9pm we had 73667 hits together
on both tomcats.
>- you do not have any specific timeout parameters set in your Tomcat AJP
>><Connectors>,
> which is basically a good thing : better to leave the defaults in place,
> >than to start
>playing with settings that you do not really understand, and make things
>>worse.
But you do set one :
connectionTimeout="200000". Which sounds extremely high to me.
Re: http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
>It means that when a client connects to that Connector, a Tomcat thread >will
>be started to
>handle this connection; then the thread will wait on the connection, to >read
>the request.
>If the request does not appear, this thread will still wait, up to 200
>>seconds (more than
>3 minutes !) for this request to appear, before it gives up, closes that
>>connection, and
>goes back to the pool of available threads.
>A normal client would not do that, but a badly-intentioned client that >tries
>to create a
>DOS attack on your server, will do that, just to block threads on your >server
>until there
>are no more threads available.
>
>In this case, it is even worse, because other parameters are using this >same
>value as a
>default, like : keepAliveTimeout.
>This one means that once one request has been processed by this Tomcat >thread
>on that
>connection, the thread will not close this connection, but wait to see if >any
>other
>request appears on that connection from the same client, within the timeout
>>given.
>In this case, because it defaults to connectionTimeout, the thread will >wait
>more than 3
>minutes to see if there is another request. If the client (browser) does >not
>send any
>additional request on that connection, you have a thread that is blocked
>>doing nothing,
>for more than 3 minutes.
>In this case, the client is in reality the mod_jk module under Apache. So
>>the settings of
>Apache and mod_jk will matter, and I cannot tell exactly at this point what
>>will happen.
>But if this was a HTTP Connector open to the external WWW world, what would
>>certainly
>heppen is that you would run out of threads in Tomcat within a couple of
>>minutes, and your
>server would stop accepting new requests.
>
>
>Or to put this another way : if this was a HTTP connector open to the >outside
>world, and I
>knew the address of your server, I could bring it down in 3 seconds, using
>>the standard
>"ab" program that comes with Apache.
that is how our servers are connected together:
We have another Webserver (different server) connecting to our Apache - Proxy
which is loadbalacning our two tomcats. (Apache and tomcat are together at on
server)
I will go end reduce the timeout on both worker.properties and server.xml. What
will be a value? 30 Seconds?
Thanks a lot..
workers.tomcat_home=/opt/tomcat
workers.java_home=/usr/lib/jvm/java-6-sun
ps=/
worker.list=loadbalancer,status
#//siehe https://community.jboss.org/wiki/OptimalModjk12Configuration
worker.tomcatX.host=localhost
worker.tomcatX.type=ajp13
worker.tomcatX.fail_on_status=404
worker.tomcatX.lbfactor=1
worker.tomcatX.ping_timeout=1000
worker.tomcatX.ping_mode=A
worker.tomcatX.socket_timeout=10
worker.tomcatX.connection_pool_timeout=200
worker.tomcat1.reference=worker.tomcatX
worker.tomcat1.port=7009
worker.tomcat2.reference=worker.tomcatX
worker.tomcat2.port=9009
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=tomcat1,tomcat2
worker.status.type=status
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
SetEnvIf User-Agent "(internal dummy connection)$" dontlog
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
JkMount /* loadbalancer
JKMount /status/* status
#JkOptions +DisableReuse
DocumentRoot /var/www
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog "|/usr/bin/cronolog
${APACHE_LOG_DIR}/10.100.12.144/access.%Y%m%d.log" combined env=!dontlog
ErrorLog "|/usr/bin/cronolog
${APACHE_LOG_DIR}/10.100.12.144/error.%Y%m%d.log"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
#<VirtualHost *:80>
# <ifModule mod_alias.c>
# Redirect 301 / http://10.100.12.144:8080
# </ifModule>
#</VirtualHost>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
