[Pound Mailing List] Pound 2.7 Hickups on OpenBSD 5.6

Thu, 09 Apr 2015 09:14:18 -0700 

We are running Pound 2.7 on a OpenBSD 5.6 Sever, with LIbreSSL 2.1.6, as
nologin user "_pound" in a jailed environment.

The server itself runs on ESX 5.5  (Dell R620 2*8 Core 192GB Ram with a
20GBit backbone)
The VM got 4 Cores, 4GB Ram, 16GB HDD and one NIC assigned.

In busy times (100-200 users) our pound is experiencing hickups, which
means, the server becomes unresponsive for 3-10 seconds, in this time no
logs are written and no user is able to login via ssh.
After this the server is fine(fast and responsive, the site gets delivered
fast), we don`t see any sign of work overload using top and the vsphere
utillities.

What could be the cause for this behavior?

our config:
________________________________________________________________________________

User "_pound"

Group "_pound"

RootJail "/path/pound/jail"


#Control Socket

Control "/path/pound.socket"


# 0=none, 1=normal, 2=extended, 3=CLF, etc.

LogLevel 5


# backend check interval (in seconds)

Alive 5

# client timeout

Client 5


# backend timeout

TimeOut 300


ListenHTTP

        Address xxx.xxx.xxx.xxx

        Port    80

        # 0=GET/POST/HEAD, 1+=PUT/DELETE, 2+=WebDAV, 3+=MS WebDAV, 4+=MS RPC

        xHTTP 0

        #ErrPages

        Err414 "/path/414.html"

        Err500 "/path/500.html"

        Err501 "/path/501.html"

        Err503 "/anon/503.html"

End


ListenHTTPS

        Address xxx.xxx.xxx.xxx

        Port    443

        # Zertifikatsfile wird vor dem chroot gelesen und im memory gehalten

        Cert "/path/anon.sha256.pem"

        Cert "/path/anon.org.sha256.pem"

        # 0=GET/POST/HEAD, 1+=PUT/DELETE, 2+=WebDAV, 3+=MS WebDAV, 4+=MS RPC

        xHTTP 0

        #ErrPages

        Err414 "/path/414.html"

        Err500 "/path/500.html"

        Err501 "/path/501.html"

        Err503 "/anon/503.html"

#       CIPHER

        SSLHonorCipherOrder 1

        Ciphers
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA"

End

# web1.anon.org

Service

        HeadRequire "Host: (.?)*anon\.org.*"

        BackEnd

                Address xxx.xxx.xxx.xxx

                Port 80

        End

        Session

                Type    Cookie

                ID      "PHPSESSID"

                TTL     10800

        End

End

___________________________________________________________________


Freundliche GrĂ¼sse
Nino Fink

-- 
Netzwerkabteilung

Contria GmbH
Steinackerweg 18
4901 Langenthal

Tel.  +41 62 919 07 90
Fax. +41 62 919 07 99
www.contria.ch

Reply via email to