status of httpd-2.0
Just for interest: was is the current status of httpd-2.0? Will 2.0.65 be released (soon)? When is it planned to mark httpd-2.0 as EOL?
httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
Hi, I think there is an issue in mod_slotmem_shm / mod_proxy_balancer with httpd 2.4.x when building and installing as root, but trying to run httpd as standard unix-user. Scenario: my httpd is installed as 'root' in /root/httpd-2.4.1/, permissions root:root/0755. When I create a 'user' httpd.conf and load slotmem_shm_module, proxy_module, proxy_http_module and proxy_balancer_module and do some balancer configuration, the httpd doesn't come up. Error log (trace8): [Mon Mar 05 11:36:40.739013 2012] [proxy_balancer:debug] [pid 27793:tid 140642808817440] mod_proxy_balancer.c(751): AH01178: Doing balancers create: 544, 1 (6) [Mon Mar 05 11:36:40.739054 2012] [proxy_balancer:emerg] [pid 27793:tid 140642808817440] (13)Permission denied: AH01179: balancer slotmem_create failed [Mon Mar 05 11:36:40.739080 2012] [:emerg] [pid 27793:tid 140642808817440] AH00020: Configuration Failed, exiting In strace you can see that httpd is trying to create mutex(?) files in installation root directory, which belongs to user 'root' and is not writeable for other users: open("/root/httpd-2.4.1/s29df2056", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666) = -1 EACCES (Permission denied) I tried to change the mutex location with the mutex directive and "proxy-balancer-shm", but that doesn't work: Mutex file:/tmp/ proxy-balancer-shm Syntax seems to be OK, but this configuration item is ignored completely. config extraction: ServerRoot "/root/httpd-2.4.1" LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule slotmem_shm_module modules/mod_slotmem_shm.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so Mutex file:/tmp/ proxy-balancer-shm BalancerMember http://appserver1.localhost:3001 route=0 BalancerMember http://appserver2.localhost:3001 route=1 ProxySet lbmethod=byrequests stickysession=JSESSIONID|jsessionid ProxyPassMatch /servlet/ balancer://default/ ProxyPassReverse / balancer://default/ My quick hack to get my apache instance started: --- httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c +++ httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c @@ -269,7 +269,10 @@ } if (name) { if (name[0] != '/') { -fname = ap_server_root_relative(pool, name); +char file_name[100]; +strcpy(file_name, "/tmp/"); +strcat(file_name, name); +fname = file_name; } else { fname = name; I think it would make sense to check why the mutex configuration of proxy-balancer-shm is ignored. Best regards, Zisis
Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
I can reproduce this on SuSE Linux Enterprise 11sp1 (x86_64, 2.6.32.12-0.7-xen) and Ubuntu 11.04 (x86_64, 2.6.38.x). - Ursprüngliche Mail - Von: "Jim Jagielski" An: dev@httpd.apache.org Gesendet: Montag, 5. März 2012 19:15:03 Betreff: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179) What system is this... I'm assuming that your shm impl does an actual file connection for the shm instance... On Mar 5, 2012, at 10:46 AM, Zisis Lianas wrote: > Hi, > > I think there is an issue in mod_slotmem_shm / mod_proxy_balancer > with httpd 2.4.x when building and installing as root, but trying > to run httpd as standard unix-user. > > Scenario: > my httpd is installed as 'root' in /root/httpd-2.4.1/, permissions > root:root/0755. When I create a 'user' httpd.conf and load slotmem_shm_module, > proxy_module, proxy_http_module and proxy_balancer_module and do some > balancer configuration, the httpd doesn't come up. Error log (trace8): > [Mon Mar 05 11:36:40.739013 2012] [proxy_balancer:debug] [pid 27793:tid > 140642808817440] mod_proxy_balancer.c(751): AH01178: Doing balancers create: > 544, 1 (6) > [Mon Mar 05 11:36:40.739054 2012] [proxy_balancer:emerg] [pid 27793:tid > 140642808817440] (13)Permission denied: AH01179: balancer slotmem_create > failed > [Mon Mar 05 11:36:40.739080 2012] [:emerg] [pid 27793:tid > 140642808817440] AH00020: Configuration Failed, exiting > > > In strace you can see that httpd is trying to create mutex(?) files in > installation root directory, which belongs to user 'root' and is not > writeable for other users: > open("/root/httpd-2.4.1/s29df2056", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such > file or directory) > open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such > file or directory) > open("/root/httpd-2.4.1/s29df2056", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666) > = -1 EACCES (Permission denied) > > > I tried to change the mutex location with the mutex directive and > "proxy-balancer-shm", but that doesn't work: > Mutex file:/tmp/ proxy-balancer-shm > Syntax seems to be OK, but this configuration item is ignored completely. > > > config extraction: > ServerRoot "/root/httpd-2.4.1" > > LoadModule proxy_module modules/mod_proxy.so > LoadModule proxy_http_module modules/mod_proxy_http.so > LoadModule proxy_balancer_module modules/mod_proxy_balancer.so > LoadModule slotmem_shm_module modules/mod_slotmem_shm.so > LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so > > Mutex file:/tmp/ proxy-balancer-shm > > >BalancerMember http://appserver1.localhost:3001 route=0 >BalancerMember http://appserver2.localhost:3001 route=1 >ProxySet lbmethod=byrequests stickysession=JSESSIONID|jsessionid > > > ProxyPassMatch /servlet/ balancer://default/ > ProxyPassReverse / balancer://default/ > > > > My quick hack to get my apache instance started: > --- httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c > +++ httpd-2.4.1/modules/slotmem/mod_slotmem_shm.c > @@ -269,7 +269,10 @@ > } > if (name) { > if (name[0] != '/') { > -fname = ap_server_root_relative(pool, name); > +char file_name[100]; > +strcpy(file_name, "/tmp/"); > +strcat(file_name, name); > +fname = file_name; > } > else { > fname = name; > > > I think it would make sense to check why the mutex configuration of > proxy-balancer-shm is ignored. > > > > Best regards, > Zisis >
Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
Thanks Jim, that works fine for the default-rel-runtimedir configuration. Slotmem file is created as /logs/slotmem-shm-s.shm. Now if also the slotmem-file-target-location directive gets available, this thread is done for me. Regards, Zisis - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Tuesday, March 6, 2012 5:21:22 PM Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179) http://svn.apache.org/viewvc?rev=1297560&view=rev On Mar 6, 2012, at 10:39 AM, Jeff Trawick wrote: > On Tue, Mar 6, 2012 at 10:33 AM, Jim Jagielski wrote: >> Yeah, that seems better, ala ./modules/cache/mod_socache_dbm.c > > On behalf of anyone else reading this thread, here's the idiom from > mod_socache_dbm.c: > > #define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-" > ... > const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace, > NULL); > >ctx->data_file = ap_server_root_relative(p, path); > > >> >> On Mar 6, 2012, at 8:36 AM, Jeff Trawick wrote: >> >>> On Tue, Mar 6, 2012 at 7:56 AM, Jim Jagielski wrote: OK... What I'll do is add a directive which provides a "default" location for slotmem file... >>> >>> Uhh, that seems as endless as per-mutex directives. >>> >>> Is slotmem not using DEFAULT_REL_RUNTIMEDIR already? (not perfect, >>> but a good start) >>> Directive to specify runtime directory (API returns serverroot + >>> DEFAULT_REL_RUNTIMEDIR if not configured). >>> Directive like Mutex but for shmem? >>> >> > > > > -- > Born in Roswell... married an alien... >
Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
Hi Jim, for me/us it's needed, because we operate with multi-instancing. e.g.: Apache installation directory ("ServerRoot") is /opt/http-2.4.x/ (belonging to apache:apache). This installation only provides the httpd binaries/modules. Users on this server configure their own apache insances: (user1:group1) /var/www/project1/ \==> logs/ (error/access/pid/mutex) \==> htdocs/ (content) \==> config/ (httpd.conf, includes, etc.) (user2:group2) /var/www/project2/ \==> logs/ \==> htdocs/ \==> config/ (user3:group3) /var/www/project3/ \==> logs/ \==> htdocs/ \==> config/ So a customizable slotmem-shm file would make sense in this scenario. Regards, Zisis - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Tuesday, March 6, 2012 7:26:19 PM Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179) My plan is 2 pronged... to see if r1297560 is enough and if allowing a slotmem override is even needed (or wanted) ... ;) On Mar 6, 2012, at 12:35 PM, Zisis Lianas wrote: > Thanks Jim, that works fine for the default-rel-runtimedir configuration. > Slotmem file is created as /logs/slotmem-shm-s.shm. > > Now if also the slotmem-file-target-location directive gets available, > this thread is done for me. > > > Regards, > Zisis > > - Original Message - > From: "Jim Jagielski" > To: dev@httpd.apache.org > Sent: Tuesday, March 6, 2012 5:21:22 PM > Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179) > > http://svn.apache.org/viewvc?rev=1297560&view=rev > > On Mar 6, 2012, at 10:39 AM, Jeff Trawick wrote: > >> On Tue, Mar 6, 2012 at 10:33 AM, Jim Jagielski wrote: >>> Yeah, that seems better, ala ./modules/cache/mod_socache_dbm.c >> >> On behalf of anyone else reading this thread, here's the idiom from >> mod_socache_dbm.c: >> >> #define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-" >> ... >> const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace, >> NULL); >> >> ctx->data_file = ap_server_root_relative(p, path); >> >> >>> >>> On Mar 6, 2012, at 8:36 AM, Jeff Trawick wrote: >>> >>>> On Tue, Mar 6, 2012 at 7:56 AM, Jim Jagielski wrote: >>>>> OK... What I'll do is add a directive which provides a >>>>> "default" location for slotmem file... >>>> >>>> Uhh, that seems as endless as per-mutex directives. >>>> >>>> Is slotmem not using DEFAULT_REL_RUNTIMEDIR already? (not perfect, >>>> but a good start) >>>> Directive to specify runtime directory (API returns serverroot + >>>> DEFAULT_REL_RUNTIMEDIR if not configured). >>>> Directive like Mutex but for shmem? >>>> >>> >> >> >> >> -- >> Born in Roswell... married an alien... >> >
Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179)
Hi Jim (et all), did you get any other feedback on the slotmem (directory) override? Writing all the slotmem-shm files (for mod_proxy_balancer) in the logs directory looks quite "unlovely", e.g. in my configuration with two balancer and shared logs directory: # ls -F1 logs/ error/ access/ slotmem-shm-s45fb3af_default.shm slotmem-shm-s45fb3af_my_second_balancer.shm slotmem-shm-s45fb3af.shm slotmem-shm-s463b4ab_default.shm slotmem-shm-s463b4ab_my_second_balancer.shm slotmem-shm-s463b4ab.shm It would be nice to have a customizable slotmem-prefix and/or target directory for shm files. What do you think? Best regards, Zisis - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Tuesday, March 6, 2012 7:26:19 PM Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179) My plan is 2 pronged... to see if r1297560 is enough and if allowing a slotmem override is even needed (or wanted) ... ;) On Mar 6, 2012, at 12:35 PM, Zisis Lianas wrote: > Thanks Jim, that works fine for the default-rel-runtimedir configuration. > Slotmem file is created as /logs/slotmem-shm-s.shm. > > Now if also the slotmem-file-target-location directive gets available, > this thread is done for me. > > > Regards, > Zisis > > - Original Message - > From: "Jim Jagielski" > To: dev@httpd.apache.org > Sent: Tuesday, March 6, 2012 5:21:22 PM > Subject: Re: httpd 2.4.1 and mod_slotmem_shm / mod_proxy_balancer (AH01179) > > http://svn.apache.org/viewvc?rev=1297560&view=rev > > On Mar 6, 2012, at 10:39 AM, Jeff Trawick wrote: > >> On Tue, Mar 6, 2012 at 10:33 AM, Jim Jagielski wrote: >>> Yeah, that seems better, ala ./modules/cache/mod_socache_dbm.c >> >> On behalf of anyone else reading this thread, here's the idiom from >> mod_socache_dbm.c: >> >> #define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-" >> ... >> const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace, >> NULL); >> >> ctx->data_file = ap_server_root_relative(p, path); >> >> >>> >>> On Mar 6, 2012, at 8:36 AM, Jeff Trawick wrote: >>> >>>> On Tue, Mar 6, 2012 at 7:56 AM, Jim Jagielski wrote: >>>>> OK... What I'll do is add a directive which provides a >>>>> "default" location for slotmem file... >>>> >>>> Uhh, that seems as endless as per-mutex directives. >>>> >>>> Is slotmem not using DEFAULT_REL_RUNTIMEDIR already? (not perfect, >>>> but a good start) >>>> Directive to specify runtime directory (API returns serverroot + >>>> DEFAULT_REL_RUNTIMEDIR if not configured). >>>> Directive like Mutex but for shmem? >>>> >>> >> >> >> >> -- >> Born in Roswell... married an alien... >> >
httpd 2.4.2 - mod_proxy id name not unique
hi, when mod_proxy currently is generating his "id", the name of this id is not very unique. So if you have a shared config/ logs dir for more instances, the slotmem-shm files generated in DefaultRuntimeDir are the same. Bit unlucky if working with shared file systems. In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see the following code: #if 0 id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, apr_time_now()), PROXY_HASHFUNC_DEFAULT); #else id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT); #endif Primarily checked in with http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749 If activating the first ap_proxy_hashfunc call, the generated names seem to be unique. Is there any reason this code is not used? Maybe we can set the "timed" version as default? best regards, Zisis
httpd-2.4.2 - bug in ProxyErrorOverride
Hi, when setting ProxyErrorOverride to "On" to get the httpd-ErrorDocument instead of the backend-errordoc, httpd is waiting "ProxyTimeout" seconds to respond to the client, even though the response is already read from backend server. The request/response is hanging somewhere in module/proxy/mod_proxy_http -> ap_proxy_http_process_response -> ap_discard_request_body(backend->r) (modules/http/http_filters) before timing out with "ProxyTimeout". ProxyErrorOverride Directive: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride Best regards, Zisis
Re: httpd 2.4.2 - mod_proxy id name not unique
Hi Jim, ok, that looks reasonable. So it would make sense to introduce something like a prefix directive for "proxy_server_conf->id" (e.g. ProxyConfigIdPrefix)? Otherwise we could use some unique host property for that prefix? Also some relative directory directive for all slotmem files in mod_proxy_balancer would be nice (ap_slotmem_provider_t->create). Maybe "BalancerSlotmemDir". So DefaultRuntimeDir + BalancerSlotmemDir would build up the path for the slotmem files. Best regards, Zisis - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Tuesday, May 1, 2012 8:43:46 PM Subject: Re: httpd 2.4.2 - mod_proxy id name not unique Let me look into that... iirc, it was due to us wanting to be able to persist data between restarts and using the time as part of the id prevented that. But I could be mis-remembering. On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote: > hi, > > when mod_proxy currently is generating his "id", the name > of this id is not very unique. So if you have a shared config/ > logs dir for more instances, the slotmem-shm files generated in > DefaultRuntimeDir are the same. Bit unlucky if working with shared > file systems. > > In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see > the following code: > #if 0 >id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, > apr_time_now()), PROXY_HASHFUNC_DEFAULT); > #else >id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT); > #endif > > Primarily checked in with > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749 > > > If activating the first ap_proxy_hashfunc call, the generated names > seem to be unique. Is there any reason this code is not used? Maybe > we can set the "timed" version as default? > > > > best regards, > Zisis >
httpd-2.4.2 - Bug in mod_slotmem_shm/mod_proxy_balancer
Hi guys, when using proxy balancer configuration (" BalancerMember https://appserv6.domain:7000 route=0 BalancerMember https://appserv7.domain:7000 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp ProxyPassReverse / balancer://appcluster-https/ This also works: (balancer config only in virtual hosts) ... BalancerMember http://appserv1.domain:5080 route=0 BalancerMember http://appserv2.domain:5080 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-http/clusterjsp ProxyPassReverse / balancer://appcluster-http/ SSLEngine On ... BalancerMember https://appserv6.domain:7000 route=0 BalancerMember https://appserv7.domain:7000 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp ProxyPassReverse / balancer://appcluster-https/ This fails: BalancerMember http://appserv1.domain:5080 route=0 BalancerMember http://appserv2.domain:5080 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://default/clusterjsp ProxyPassReverse / balancer://default/ BalancerMember https://appserv6.domain:7000 route=0 BalancerMember https://appserv7.domain:7000 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp ProxyPassReverse / balancer://appcluster-https/ error log: [Wed Jun 13 15:37:06.728860 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 544, 1 (6) [Wed Jun 13 15:37:06.728868 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(300): AH02300: create /home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db.shm: 544/6 [Wed Jun 13 15:37:06.728964 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: balancer://default (sc583e3db_default), 512, 2 [Wed Jun 13 15:37:06.728970 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(300): AH02300: create /home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm: 512/2 [Wed Jun 13 15:37:06.729001 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 544, 2 (7) [Wed Jun 13 15:37:06.729007 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(300): AH02300: create /home/zisis/apache-instance-2.4/slotmem-shm-s2d05e7bf.shm: 544/7 [Wed Jun 13 15:37:06.729037 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: balancer://default (sc583e3db_default), 512, 2 [Wed Jun 13 15:37:06.729041 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(584): AH02293: slotmem(/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm) grab failed. Num 2/num_free 0 [Wed Jun 13 15:37:06.729044 2012] [proxy_balancer:emerg] [pid 9588:tid 140210178676512] (22)Invalid argument: AH01186: worker slotmem_grab failed [Wed Jun 13 15:37:06.729069 2012] [:emerg] [pid 9588:tid 140210178676512] AH00020: Configuration Failed, exiting And just a general question: should a balancer-config in server-config be also available in any virtualhost? I didn't find any clue in documentation. At least it does not work, e.g.: BalancerMember http://appserv1.domain:5080 route=0 BalancerMember http://appserv2.domain:5080 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://default/clusterjsp ProxyPassReverse / balancer://default/ ... ProxyPass /anotherapp balancer://default/anotherapp ProxyPassReverse / balancer://default/ Same error as above, maybe also the same issue?: "AH01186: worker slotmem_grab failed". regards, Zisis
Re: httpd-2.4.2 - Bug in mod_slotmem_shm/mod_proxy_balancer
I just was informed that this issue is already known: https://issues.apache.org/bugzilla/show_bug.cgi?id=52402 I uploaded the proposed patch (from Florian Schröder) to the bugid for this issue in patch format. - Original Message - From: "Zisis Lianas" To: dev@httpd.apache.org Sent: Wednesday, June 13, 2012 3:56:52 PM Subject: httpd-2.4.2 - Bug in mod_slotmem_shm/mod_proxy_balancer Hi guys, when using proxy balancer configuration (" BalancerMember https://appserv6.domain:7000 route=0 BalancerMember https://appserv7.domain:7000 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp ProxyPassReverse / balancer://appcluster-https/ This also works: (balancer config only in virtual hosts) ... BalancerMember http://appserv1.domain:5080 route=0 BalancerMember http://appserv2.domain:5080 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-http/clusterjsp ProxyPassReverse / balancer://appcluster-http/ SSLEngine On ... BalancerMember https://appserv6.domain:7000 route=0 BalancerMember https://appserv7.domain:7000 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp ProxyPassReverse / balancer://appcluster-https/ This fails: BalancerMember http://appserv1.domain:5080 route=0 BalancerMember http://appserv2.domain:5080 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://default/clusterjsp ProxyPassReverse / balancer://default/ BalancerMember https://appserv6.domain:7000 route=0 BalancerMember https://appserv7.domain:7000 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster-https/clusterjsp ProxyPassReverse / balancer://appcluster-https/ error log: [Wed Jun 13 15:37:06.728860 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 544, 1 (6) [Wed Jun 13 15:37:06.728868 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(300): AH02300: create /home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db.shm: 544/6 [Wed Jun 13 15:37:06.728964 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: balancer://default (sc583e3db_default), 512, 2 [Wed Jun 13 15:37:06.728970 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(300): AH02300: create /home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm: 512/2 [Wed Jun 13 15:37:06.729001 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(752): AH01178: Doing balancers create: 544, 2 (7) [Wed Jun 13 15:37:06.729007 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(300): AH02300: create /home/zisis/apache-instance-2.4/slotmem-shm-s2d05e7bf.shm: 544/7 [Wed Jun 13 15:37:06.729037 2012] [proxy_balancer:debug] [pid 9588:tid 140210178676512] mod_proxy_balancer.c(807): AH01184: Doing workers create: balancer://default (sc583e3db_default), 512, 2 [Wed Jun 13 15:37:06.729041 2012] [slotmem_shm:debug] [pid 9588:tid 140210178676512] mod_slotmem_shm.c(584): AH02293: slotmem(/home/zisis/apache-instance-2.4/slotmem-shm-sc583e3db_default.shm) grab failed. Num 2/num_free 0 [Wed Jun 13 15:37:06.729044 2012] [proxy_balancer:emerg] [pid 9588:tid 140210178676512] (22)Invalid argument: AH01186: worker slotmem_grab failed [Wed Jun 13 15:37:06.729069 2012] [:emerg] [pid 9588:tid 140210178676512] AH00020: Configuration Failed, exiting And just a general question: should a balancer-config in server-config be also available in any virtualhost? I didn't find any clue in documentation. At least it does not work, e.g.: BalancerMember http://appserv1.domain:5080 route=0 BalancerMember http://appserv2.domain:5080 route=1 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://default/clusterjsp ProxyPassReverse / balancer://default/ ... ProxyPass /anotherapp balancer://default/anotherapp ProxyPassReverse / balancer://default/ Same error as above, maybe also the same issue?: "AH01186: worker slotmem_grab failed". regards, Zisis
Re: httpd-2.4.2 - bug in ProxyErrorOverride
Just raised a bug for this issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=53420 httpd-2.2.x works correctly, error is only reproducable in 2.4.x. - Original Message - From: "Zisis Lianas" To: dev@httpd.apache.org Sent: Wednesday, May 9, 2012 11:00:36 PM Subject: httpd-2.4.2 - bug in ProxyErrorOverride Hi, when setting ProxyErrorOverride to "On" to get the httpd-ErrorDocument instead of the backend-errordoc, httpd is waiting "ProxyTimeout" seconds to respond to the client, even though the response is already read from backend server. The request/response is hanging somewhere in module/proxy/mod_proxy_http -> ap_proxy_http_process_response -> ap_discard_request_body(backend->r) (modules/http/http_filters) before timing out with "ProxyTimeout". ProxyErrorOverride Directive: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride Best regards, Zisis
SSLProxyCheckPeerCN / ProxyPreserveHost issue
I noticed some different behaviour of SSLProxyCheckPeerCN in combination with activated ProxyPreserveHost since httpd-2.4.3. httpd-2.4.2 and httpd-2.2.22 seem to work 'correctly' (or vice versa). When setting SSLProxyCheckPeerCN and ProxyPreserveHost to "on" in httpd-2.4.3, i get an "AH02005: SSL Proxy: Peer certificate CN mismatch" error. Platform: Linux SLES11 / x64 Configuration excerpt: ### SSLEngine on SSLProxyEngine On ProxyPreserveHost On SSLProxyCheckPeerCN On BalancerMember https://backend01.server.foo:24090 route=0 #SSL CN=backend01.server.foo BalancerMember https://backend02.server.foo:24090 route=1 #SSL CN=backend02.server.foo ProxySet lbmethod=bybusyness nofailover=off stickysession=JSESSIONID|jsessionid ProxyPass /clusterjsp balancer://appcluster/clusterjsp ProxyPassReverse / balancer://appcluster/ ### https://mydispatcher-name.foo/ is the URL i call in my browser. (SSL CN=mydispatcher-name.foo) Test results: Apache 2.4.3 (OpenSSL 1.0.1c): ProxyPreserveHost On SSLProxyCheckPeerCN On [Tue Sep 04 15:21:36.033808 2012] [ssl:info] [pid 17466:tid 140319655495440] [remote x.x.x.x:24090] AH02005: SSL Proxy: Peer certificate CN mismatch: Certificate CN: backend01.server.foo Requested hostname: mydispatcher-name.foo ==> NOT WORKING Apache 2.4.3 (OpenSSL 1.0.1c): ProxyPreserveHost On SSLProxyCheckPeerCN Off ==> WORKING Apache 2.4.3 (OpenSSL 1.0.1c): ProxyPreserveHost Off SSLProxyCheckPeerCN On ==> WORKING Apache 2.4.2 (OpenSSL 1.0.1b): ProxyPreserveHost On SSLProxyCheckPeerCN Off ==> WORKING Apache 2.4.2 (OpenSSL 1.0.1b): ProxyPreserveHost On SSLProxyCheckPeerCN On ==> WORKING Apache 2.2.22 (OpenSSL 1.0.1a): ProxyPreserveHost On SSLProxyCheckPeerCN Off ==> WORKING Apache 2.2.22 (OpenSSL 1.0.1a): ProxyPreserveHost On SSLProxyCheckPeerCN On ==> WORKING Reading the documentation for me it looks like 2.4.3 is working correctly, and all older versions not. Opinions? regards, zisis
Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
There seems to be some problems when trying to proxy "/" with ProxyPass and mod_proxy_balancer. See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=51982 https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 I could reproduce both errors in httpd-2.4.3: 1) error 500 when configuring "ProxyPass / balancer://default" 2) double-slash problem when backend returns 301 Sample config: ProxyPreserveHost Off BalancerMember http://backend1.foo:5080 route=0 BalancerMember http://backend2.foo:5080 route=1 ProxySet lbmethod=bybusyness nofailover=off stickysession=JSESSIONID|jsessionid ProxyPass / balancer://default ProxyPassReverse / balancer://default 1) When configuring "ProxyPass / balancer://default", an error 500 occurs. When using a different ProxyPassMatch config, everything works fine, e.g.: ProxyPassMatch ^/(.*)$ balancer://default/$1 I broke it down to mod_proxy.c::ap_proxy_trans_match(). "r->filename" resp. "found" is set to "proxy:balancer://defaultclusterjsp" when for e.g. the URL "http://mydomain.foo/clusterjsp"; is called. "r->filename" should be "proxy:balancer://default/clusterjsp". I wrote a patch for httpd-2.4.3 (attached) - maybe someone can review and improve it to get it finally in trunk. 2) When the patch from 1) is applied, you will run into another problem. On 301 from backend, an dispensable "/" will be prepended to the URI. E.g. when you call http://mydomain.foo:8080/clusterjsp in you browser, the redirect location will be set wrong: Location: http://mydomain.foo:8080//clusterjsp/ This will result in session problems... (cookie path is "/clusterjsp" and not "//clusterjsp"). See attached logfile for more details. A patch was proposed in https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 for httpd-2.4.x, which is working for me. I did a quick check with: u = apr_pstrcat(r->pool, (strcmp(ent[i].fake, "/") == 0 ? "" : ent[i].fake), &url[l2], NULL); regards, zisis [Wed Sep 05 18:46:03.780655 2012] [core:trace5] [pid 16732:tid 14004746496] protocol.c(627): [client 10.x.x.x:53812] Request received from client: GET /clusterjsp HTTP/1.0 [Wed Sep 05 18:46:03.780880 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(301): [client 10.x.x.x:53812] Headers received from client: [Wed Sep 05 18:46:03.780904 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Host: mydomain.foo:8080 [Wed Sep 05 18:46:03.780918 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0 [Wed Sep 05 18:46:03.780933 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Wed Sep 05 18:46:03.780945 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Accept-Language: en-us,en;q=0.5 [Wed Sep 05 18:46:03.780957 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Accept-Encoding: gzip, deflate [Wed Sep 05 18:46:03.780969 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Cookie: JSESSIONID=74ed1ff134626b3d85e4ec2ebca9.0; __utma=85701643.1776763863.1324649383.1324649383.1324649383.1 [Wed Sep 05 18:46:03.780981 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Via: 1.0 proxyserver.mydomain:3128 (squid/2.7.STABLE5) [Wed Sep 05 18:46:03.780992 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] X-Forwarded-For: 10.x.x.x [Wed Sep 05 18:46:03.781003 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Cache-Control: max-age=259200 [Wed Sep 05 18:46:03.781023 2012] [http:trace4] [pid 16732:tid 14004746496] http_request.c(305): [client 10.x.x.x:53812] Connection: keep-alive ... [Wed Sep 05 18:46:03.781220 2012] [proxy_balancer:trace1] [pid 16732:tid 14004746496] mod_proxy_balancer.c(73): [client 10.x.x.x:53812] canonicalising URL //default/clusterjsp [Wed Sep 05 18:46:03.781300 2012] [proxy_balancer:debug] [pid 16732:tid 14004746496] mod_proxy_balancer.c(292): [client 10.x.x.x:53812] AH01160: Found value 74ed1ff134626b3d85e4ec2ebca9.0 for stickysession JSESSIONID [Wed Sep 05 18:46:03.781319 2012] [proxy_balancer:debug] [pid 16732:tid 14004746496] mod_proxy_balancer.c(302): [client 10.x.x.x:53812] AH01161: Found route 0 [Wed Sep 05 18:46:03.781338 2012] [proxy_balancer:debug] [pid 16732:tid 14004746496] mod_proxy_balancer.c(614): [client 10.x.x.x:53812] AH01172: balancer://default: worker (http://backend1.foo:5080) rewritten to http://backend1.foo:5080/clusterjsp [Wed Sep
Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
Also with the trailing slash the config does not work correctly, see attached logfile. Please keep in mind that this only happens if the backend returns a 301. Status from backend: 301 Location: http://backend01.foo:5080/clusterjsp/ [...] Response sent with status 301, headers: Location: http://mydomain.foo:8080//clusterjsp/ [...] Request received from client: GET //clusterjsp/ HTTP/1.0 - Original Message - From: "Tom Evans" To: dev@httpd.apache.org Sent: Thursday, September 6, 2012 12:49:03 PM Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3) On Wed, Sep 5, 2012 at 6:08 PM, Zisis Lianas wrote: > There seems to be some problems when trying to proxy "/" with > ProxyPass and mod_proxy_balancer. > > See also: > https://issues.apache.org/bugzilla/show_bug.cgi?id=51982 > https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 > > I could reproduce both errors in httpd-2.4.3: > 1) error 500 when configuring "ProxyPass / balancer://default" > 2) double-slash problem when backend returns 301 > > > > Sample config: > > ProxyPreserveHost Off > > BalancerMember http://backend1.foo:5080 route=0 > BalancerMember http://backend2.foo:5080 route=1 > ProxySet lbmethod=bybusyness nofailover=off > stickysession=JSESSIONID|jsessionid > > > ProxyPass / balancer://default > ProxyPassReverse / balancer://default > > > > 1) > When configuring "ProxyPass / balancer://default", an error 500 > occurs. When using a different ProxyPassMatch config, everything > works fine, e.g.: ProxyPassMatch ^/(.*)$ balancer://default/$1 > > I broke it down to mod_proxy.c::ap_proxy_trans_match(). > "r->filename" resp. "found" is set to "proxy:balancer://defaultclusterjsp" > when for e.g. the URL "http://mydomain.foo/clusterjsp"; is called. > "r->filename" should be "proxy:balancer://default/clusterjsp". > > I wrote a patch for httpd-2.4.3 (attached) - maybe someone can > review and improve it to get it finally in trunk. This is because the configuration is incorrect. Your ProxyPassMatch corresponds to this ProxyPass line ProxyPass / balancer://default/ Not this ProxyPass / balancer://default The trailing slash is relevant, as you have found out. > > > 2) > When the patch from 1) is applied, you will run into another problem. > On 301 from backend, an dispensable "/" will be prepended to the URI. > E.g. when you call http://mydomain.foo:8080/clusterjsp in you browser, the > redirect location will be set wrong: > Location: http://mydomain.foo:8080//clusterjsp/ > > This will result in session problems... (cookie path is "/clusterjsp" and > not "//clusterjsp"). > > See attached logfile for more details. > > A patch was proposed in > https://issues.apache.org/bugzilla/show_bug.cgi?id=51489 > for httpd-2.4.x, which is working for me. > > I did a quick check with: > u = apr_pstrcat(r->pool, (strcmp(ent[i].fake, "/") == 0 ? "" : ent[i].fake), > &url[l2], NULL); This "problem" comes from incorrectly fixing problem 1. Cheers Tom [Thu Sep 06 13:24:00.102345 2012] [core:trace5] [pid 29121:tid 139699051894528] protocol.c(627): [client 10.x.x.x:56178] Request received from client: GET /clusterjsp HTTP/1.0 [Thu Sep 06 13:24:00.102556 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(301): [client 10.x.x.x:56178] Headers received from client: [Thu Sep 06 13:24:00.102579 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Host: mydomain.foo:8080 [Thu Sep 06 13:24:00.102594 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0 [Thu Sep 06 13:24:00.102609 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Thu Sep 06 13:24:00.102621 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Accept-Language: en-us,en;q=0.5 [Thu Sep 06 13:24:00.102640 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Accept-Encoding: gzip, deflate [Thu Sep 06 13:24:00.102643 2012] [http:trace4] [pid 29121:tid 139699051894528] http_request.c(305): [client 10.x.x.x:56178] Cookie: JSESSIONID=b4bee73f75211ee7b66c2182126d.0; __utma=85701643.1776763863.1324649383.1324649383.1324649383.1 [Thu Sep 06 13:24:00.102647 2012] [http:trace4] [pid 29121:t
Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
Tom, thanks for your feedback. The main difference between our configurations is that you do ProxyPassReverse the single BalancerMember (http://app05/...), which is also working for me - in my configuration I ProxyPassReverse the "balancer://cluster". And this is the configuration which does not work correctly. So... ProxyPassReverse / http://app05/ => WORKS ProxyPassReverse / balancer://cluster/ => DOES NOT WORK CORRECTLY As documented the balancer://... ProxyPassReverse should work: http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html#example So I think this is a bug. - Original Message - From: "Tom Evans" To: dev@httpd.apache.org Sent: Thursday, September 6, 2012 4:40:18 PM Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3) On Thu, Sep 6, 2012 at 12:42 PM, Zisis Lianas wrote: > Also with the trailing slash the config does not work correctly, > see attached logfile. Please keep in mind that this only happens > if the backend returns a 301. > > Status from backend: 301 > Location: http://backend01.foo:5080/clusterjsp/ > [...] > Response sent with status 301, headers: > Location: http://mydomain.foo:8080//clusterjsp/ > [...] > Request received from client: GET //clusterjsp/ HTTP/1.0 > > Only if your configuration is incorrect. The behaviour you are talking about is solely concerned with how you have configured ProxyPassReverse, which you have not shown. If you have incorrectly matched '/'s on ProxyPassReverse, you will also have issues. With ProxyPass and ProxyPassReverse, if the first argument ends in a slash, so should the second. Eg, straight from my production httpd.conf: BalancerMember http://app05 retry=0 BalancerMember http://app07 retry=0 status=+H ProxyPass / balancer://cluster/ ProxyPassReverse / http://app05/ ProxyPassReverse / http://app07/ This configuration works correctly in all cases. Cheers Tom
Re: httpd 2.4.2 - mod_proxy id name not unique
Hi Jim, what do you think about the suggested directives of "ProxyConfigIdPrefix" and "BalancerSlotmemDir"? (any other way to solve this problem is also welcome) Today I just ran into the same problem with httpd-2.4.3. The apache config/logs directory is shared (NFS) on two servers - when trying to restart both apache instances at same time, the last one throws an error: [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers create: 544,1 (6) [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create /apache/logs/slotmem-shm-sbf751527.shm: 544/6 [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create failed When I restart this instance when the first one is up, the restart is successful. regards, Zisis - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Tuesday, May 1, 2012 8:43:46 PM Subject: Re: httpd 2.4.2 - mod_proxy id name not unique Let me look into that... iirc, it was due to us wanting to be able to persist data between restarts and using the time as part of the id prevented that. But I could be mis-remembering. On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote: > hi, > > when mod_proxy currently is generating his "id", the name > of this id is not very unique. So if you have a shared config/ > logs dir for more instances, the slotmem-shm files generated in > DefaultRuntimeDir are the same. Bit unlucky if working with shared > file systems. > > In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see > the following code: > #if 0 >id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, > apr_time_now()), PROXY_HASHFUNC_DEFAULT); > #else >id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT); > #endif > > Primarily checked in with > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749 > > > If activating the first ap_proxy_hashfunc call, the generated names > seem to be unique. Is there any reason this code is not used? Maybe > we can set the "timed" version as default? > > > > best regards, > Zisis >
Re: httpd 2.4.2 - mod_proxy id name not unique
Currently the default location of the slotmem file is the "DefaultRuntimeDir", since on slotmem creation only the "conf->id" is defined as filename: modules/proxy/mod_proxy_balancer.c, 762: rv = storage->create(&new, conf->id, ALIGNED_PROXY_BALANCER_SHARED_SIZE, conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf); modules/slotmem/mod_slotmem_shm.c, 275: fname = slotmem_filename(pool, name); modules/slotmem/mod_slotmem_shm.c, 137: const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL); There is no possibility to customize the shm-filename resp. the shm-target-directory. Thats a big issue when working with shared filesystems. So my idea was to define some shm-target-directory and slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname` (exported as shell variable), the final shm file would be /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm. - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Tuesday, September 11, 2012 6:16:08 PM Subject: Re: httpd 2.4.2 - mod_proxy id name not unique I have to admit, I never really considered that case, but can't you simply change the default location of the slotmem on one? On Sep 11, 2012, at 10:01 AM, Zisis Lianas wrote: > Hi Jim, > > what do you think about the suggested directives of > "ProxyConfigIdPrefix" and "BalancerSlotmemDir"? > (any other way to solve this problem is also welcome) > > > Today I just ran into the same problem with httpd-2.4.3. > The apache config/logs directory is shared (NFS) on two > servers - when trying to restart both apache instances > at same time, the last one throws an error: > [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers > create: 544,1 (6) > [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create > /apache/logs/slotmem-shm-sbf751527.shm: 544/6 > [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create > failed > > When I restart this instance when the first one is up, > the restart is successful. > > > regards, > Zisis > > - Original Message - > From: "Jim Jagielski" > To: dev@httpd.apache.org > Sent: Tuesday, May 1, 2012 8:43:46 PM > Subject: Re: httpd 2.4.2 - mod_proxy id name not unique > > Let me look into that... iirc, it was due to us wanting to > be able to persist data between restarts and using the time > as part of the id prevented that. But I could be mis-remembering. > > On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote: > >> hi, >> >> when mod_proxy currently is generating his "id", the name >> of this id is not very unique. So if you have a shared config/ >> logs dir for more instances, the slotmem-shm files generated in >> DefaultRuntimeDir are the same. Bit unlucky if working with shared >> file systems. >> >> In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see >> the following code: >> #if 0 >> id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, >> apr_time_now()), PROXY_HASHFUNC_DEFAULT); >> #else >> id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT); >> #endif >> >> Primarily checked in with >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749 >> >> >> If activating the first ap_proxy_hashfunc call, the generated names >> seem to be unique. Is there any reason this code is not used? Maybe >> we can set the "timed" version as default? >> >> >> >> best regards, >> Zisis >> >
Re: httpd 2.4.2 - mod_proxy id name not unique
That's right, but on shared filesystems, "DefaultRuntimeDir" (logs/) and the non-unique shm-filenames state a problem. So what do you think about a shm-file-target-directory directive? - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Wednesday, September 12, 2012 2:28:07 PM Subject: Re: httpd 2.4.2 - mod_proxy id name not unique Yes, that's the reason why the location of the file can be user selectable. There's no need to adjust the name when you can adjust the location/path. On Sep 12, 2012, at 7:00 AM, Zisis Lianas wrote: > Currently the default location of the slotmem file > is the "DefaultRuntimeDir", since on slotmem creation > only the "conf->id" is defined as filename: > modules/proxy/mod_proxy_balancer.c, 762: > rv = storage->create(&new, conf->id, > ALIGNED_PROXY_BALANCER_SHARED_SIZE, > conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf); > > modules/slotmem/mod_slotmem_shm.c, 275: > fname = slotmem_filename(pool, name); > > modules/slotmem/mod_slotmem_shm.c, 137: > const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, > slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL); > > > There is no possibility to customize the shm-filename > resp. the shm-target-directory. Thats a big issue when > working with shared filesystems. > > So my idea was to define some shm-target-directory and > slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory > is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname` > (exported as shell variable), the final shm file would be > /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm. > > > > - Original Message - > From: "Jim Jagielski" > To: dev@httpd.apache.org > Sent: Tuesday, September 11, 2012 6:16:08 PM > Subject: Re: httpd 2.4.2 - mod_proxy id name not unique > > I have to admit, I never really considered that case, but can't > you simply change the default location of the slotmem on one? > > On Sep 11, 2012, at 10:01 AM, Zisis Lianas wrote: > >> Hi Jim, >> >> what do you think about the suggested directives of >> "ProxyConfigIdPrefix" and "BalancerSlotmemDir"? >> (any other way to solve this problem is also welcome) >> >> >> Today I just ran into the same problem with httpd-2.4.3. >> The apache config/logs directory is shared (NFS) on two >> servers - when trying to restart both apache instances >> at same time, the last one throws an error: >> [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers >> create: 544,1 (6) >> [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create >> /apache/logs/slotmem-shm-sbf751527.shm: 544/6 >> [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create >> failed >> >> When I restart this instance when the first one is up, >> the restart is successful. >> >> >> regards, >> Zisis >> >> - Original Message - >> From: "Jim Jagielski" >> To: dev@httpd.apache.org >> Sent: Tuesday, May 1, 2012 8:43:46 PM >> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique >> >> Let me look into that... iirc, it was due to us wanting to >> be able to persist data between restarts and using the time >> as part of the id prevented that. But I could be mis-remembering. >> >> On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote: >> >>> hi, >>> >>> when mod_proxy currently is generating his "id", the name >>> of this id is not very unique. So if you have a shared config/ >>> logs dir for more instances, the slotmem-shm files generated in >>> DefaultRuntimeDir are the same. Bit unlucky if working with shared >>> file systems. >>> >>> In httpd-2.4.2/modules/proxy/mod_proxy.c line 1146 I can see >>> the following code: >>> #if 0 >>> id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, >>> apr_time_now()), PROXY_HASHFUNC_DEFAULT); >>> #else >>> id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", ps), PROXY_HASHFUNC_DEFAULT); >>> #endif >>> >>> Primarily checked in with >>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?r1=1065749&r2=1065748&pathrev=1065749 >>> >>> >>> If activating the first ap_proxy_hashfunc call, the generated names >>> seem to be unique. Is there any reason this code is not used? Maybe >>> we can set the "timed" version as default? >>> >>> >>> >>> best regards, >>> Zisis >>> >> >
Re: httpd 2.4.2 - mod_proxy id name not unique
That's right, Jeff, that's exactly what I want. For other directives we never had collisions with a shared runtime directory (2.0 and 2.2), since we could differ by hostname: PidFile ${project_home}/logs/apache/${hostname}.httpd.pid CustomLog ${project_home}/logs/apache/${hostname}.access_log combined env=!dontlog ErrorLog ${project_home}/logs/apache/${hostname}.error_log - Original Message - From: "Jeff Trawick" To: dev@httpd.apache.org Sent: Wednesday, September 12, 2012 2:53:38 PM Subject: Re: httpd 2.4.2 - mod_proxy id name not unique On Wed, Sep 12, 2012 at 8:40 AM, Zisis Lianas wrote: > That's right, but on shared filesystems, "DefaultRuntimeDir" > (logs/) and the non-unique shm-filenames state a problem. Clarification: Do you want multiple web server instances to share the same runtime directory without collisions of individual files in that directory? > So what do you think about a shm-file-target-directory directive? > > > - Original Message - > From: "Jim Jagielski" > To: dev@httpd.apache.org > Sent: Wednesday, September 12, 2012 2:28:07 PM > Subject: Re: httpd 2.4.2 - mod_proxy id name not unique > > Yes, that's the reason why the location of the file can be > user selectable. There's no need to adjust the name when you > can adjust the location/path. > > On Sep 12, 2012, at 7:00 AM, Zisis Lianas wrote: > >> Currently the default location of the slotmem file >> is the "DefaultRuntimeDir", since on slotmem creation >> only the "conf->id" is defined as filename: >> modules/proxy/mod_proxy_balancer.c, 762: >> rv = storage->create(&new, conf->id, >> ALIGNED_PROXY_BALANCER_SHARED_SIZE, >> conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf); >> >> modules/slotmem/mod_slotmem_shm.c, 275: >> fname = slotmem_filename(pool, name); >> >> modules/slotmem/mod_slotmem_shm.c, 137: >> const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, >> slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL); >> >> >> There is no possibility to customize the shm-filename >> resp. the shm-target-directory. Thats a big issue when >> working with shared filesystems. >> >> So my idea was to define some shm-target-directory and >> slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory >> is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname` >> (exported as shell variable), the final shm file would be >> /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm. >> >> >> >> - Original Message - >> From: "Jim Jagielski" >> To: dev@httpd.apache.org >> Sent: Tuesday, September 11, 2012 6:16:08 PM >> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique >> >> I have to admit, I never really considered that case, but can't >> you simply change the default location of the slotmem on one? >> >> On Sep 11, 2012, at 10:01 AM, Zisis Lianas wrote: >> >>> Hi Jim, >>> >>> what do you think about the suggested directives of >>> "ProxyConfigIdPrefix" and "BalancerSlotmemDir"? >>> (any other way to solve this problem is also welcome) >>> >>> >>> Today I just ran into the same problem with httpd-2.4.3. >>> The apache config/logs directory is shared (NFS) on two >>> servers - when trying to restart both apache instances >>> at same time, the last one throws an error: >>> [proxy_balancer:debug] mod_proxy_balancer.c(760): AH01178: Doing balancers >>> create: 544,1 (6) >>> [slotmem_shm:debug] mod_slotmem_shm.c(300): AH02300: create >>> /apache/logs/slotmem-shm-sbf751527.shm: 544/6 >>> [proxy_balancer:emerg] (17)File exists: AH01179: balancer slotmem_create >>> failed >>> >>> When I restart this instance when the first one is up, >>> the restart is successful. >>> >>> >>> regards, >>> Zisis >>> >>> - Original Message - >>> From: "Jim Jagielski" >>> To: dev@httpd.apache.org >>> Sent: Tuesday, May 1, 2012 8:43:46 PM >>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique >>> >>> Let me look into that... iirc, it was due to us wanting to >>> be able to persist data between restarts and using the time >>> as part of the id prevented that. But I could be mis-remembering. >>> >>> On Apr 30, 2012, at 7:50 AM, Zisis Lianas wrote: >>> >>>> hi, >>>> >
Re: httpd 2.4.2 - mod_proxy id name not unique
Ok, got it. So I will have to change the solution for 2.4 as Jim described it (/var/shared/logs/system1, /var/shared/logs/system2, ...). Jeff, Jim, thanks for your feedback. - Original Message - From: "Jeff Trawick" To: dev@httpd.apache.org Sent: Wednesday, September 12, 2012 3:45:44 PM Subject: Re: httpd 2.4.2 - mod_proxy id name not unique On Wed, Sep 12, 2012 at 9:31 AM, Zisis Lianas wrote: > That's right, Jeff, that's exactly what I want. > > For other directives we never had collisions with a shared > runtime directory (2.0 and 2.2), since we could differ by hostname: > PidFile ${project_home}/logs/apache/${hostname}.httpd.pid > CustomLog ${project_home}/logs/apache/${hostname}.access_log combined > env=!dontlog > ErrorLog ${project_home}/logs/apache/${hostname}.error_log I don't think that exact pattern is going to be possible with all run-time files. It should be easy enough to make ${hostname} refer to a directory, at which point DefaultRuntimeDir fits in. There's an ever-growing set of run-time files, and traditionally these were inconsistent in their default location (/tmp? DEFAULT_RUNTIME_DIR? logs?), configurability (related directive or not), and instance-specific naming (including pid in the filename or not). It isn't practical for us to continue with the endless configuration of each individual item, and DefaultRuntimeDir should be the way these are configured* when a single compiled-in directory isn't appropriate. Run-time files are special in that they often need to be moved as a group to a different filesystem because of the filesystem implementation (e.g., move way from some shared filesystem that doesn't implement locking or Unix sockets, move to a RAM-based filesystem for speed and automatic cleanup on reboot, whatever). DefaultRuntimeDir makes that easy. *Unfortunately, DefaultRuntimeDir isn't respected throughout 2.4.x. There are even a few run-time files in trunk that don't respect it. > > > - Original Message - > From: "Jeff Trawick" > To: dev@httpd.apache.org > Sent: Wednesday, September 12, 2012 2:53:38 PM > Subject: Re: httpd 2.4.2 - mod_proxy id name not unique > > On Wed, Sep 12, 2012 at 8:40 AM, Zisis Lianas wrote: >> That's right, but on shared filesystems, "DefaultRuntimeDir" >> (logs/) and the non-unique shm-filenames state a problem. > > Clarification: Do you want multiple web server instances to share the > same runtime directory without collisions of individual files in that > directory? > >> So what do you think about a shm-file-target-directory directive? >> >> >> - Original Message - >> From: "Jim Jagielski" >> To: dev@httpd.apache.org >> Sent: Wednesday, September 12, 2012 2:28:07 PM >> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique >> >> Yes, that's the reason why the location of the file can be >> user selectable. There's no need to adjust the name when you >> can adjust the location/path. >> >> On Sep 12, 2012, at 7:00 AM, Zisis Lianas wrote: >> >>> Currently the default location of the slotmem file >>> is the "DefaultRuntimeDir", since on slotmem creation >>> only the "conf->id" is defined as filename: >>> modules/proxy/mod_proxy_balancer.c, 762: >>> rv = storage->create(&new, conf->id, >>> ALIGNED_PROXY_BALANCER_SHARED_SIZE, >>> conf->max_balancers, AP_SLOTMEM_TYPE_PREGRAB, pconf); >>> >>> modules/slotmem/mod_slotmem_shm.c, 275: >>> fname = slotmem_filename(pool, name); >>> >>> modules/slotmem/mod_slotmem_shm.c, 137: >>> const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, >>> slotmemname, DEFAULT_SLOTMEM_SUFFIX, NULL); >>> >>> >>> There is no possibility to customize the shm-filename >>> resp. the shm-target-directory. Thats a big issue when >>> working with shared filesystems. >>> >>> So my idea was to define some shm-target-directory and >>> slotmemname-prefix in httpd.conf. So e.g. when shm-target-directory >>> is /shared-fs/logs/shm/ and slotmemname-prefix is `hostname` >>> (exported as shell variable), the final shm file would be >>> /shared-fs/logs/shm/slotmem-shm-myhostname-sbf751527.shm. >>> >>> >>> >>> - Original Message - >>> From: "Jim Jagielski" >>> To: dev@httpd.apache.org >>> Sent: Tuesday, September 11, 2012 6:16:08 PM >>> Subject: Re: httpd 2.4.2 - mod_proxy id name not unique >>> >
Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
With this configuration I get a 500 error because of "[proxy_balancer:trace1] ... mod_proxy_balancer.c(73): ... canonicalising URL //defaultclusterjsp", when trying to access "/clusterjsp": ProxyPass / balancer://default ProxyPassReverse / balancer://default Maybe this also expected. But: With this configuration I get the doubleslash bug, when the backend is returning a 301: ProxyPass / balancer://default/ ProxyPassReverse / balancer://default/ See also "proxypass_20120906.0.txt" attachment in one of my emails before with the logfile trace. - Original Message - From: "Jim Jagielski" To: dev@httpd.apache.org Sent: Thursday, September 13, 2012 6:54:36 PM Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3) On Sep 6, 2012, at 11:07 AM, Zisis Lianas wrote: > Tom, thanks for your feedback. > > The main difference between our configurations is that you do > ProxyPassReverse the single BalancerMember (http://app05/...), > which is also working for me - in my configuration I ProxyPassReverse > the "balancer://cluster". And this is the configuration which does > not work correctly. > > So... > ProxyPassReverse / http://app05/ => WORKS > ProxyPassReverse / balancer://cluster/ => DOES NOT WORK CORRECTLY > > As documented the balancer://... ProxyPassReverse should work: > http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html#example > > How is it not working for you?
Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
- Original Message - > From: "Jim Jagielski" > To: dev@httpd.apache.org > Sent: Thursday, September 13, 2012 8:59:27 PM > Subject: Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes > (httpd-2.4.3) > > > > So in the case it is correctly adjusting the backend URL Location > (backend01.foo:5080 -> mydomain.foo:8080) > > So is the "bug" that it's > > http://mydomain.foo:8080//clusterjsp/ > > and not > > http://mydomain.foo:8080/clusterjsp/ > > ?? > > Certainly the redirect still works, right? That's exactly the problem. The redirect works, but the subsequent request looks like "//clusterjsp/", which a problem because of the cookie set by the backend (Path=/clusterjsp). So the cookie is ignored and on each new request you get a new session.
Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
- Original Message - > Can you forward over your exact config again? > e.g.: ProxyPreserveHost Off BalancerMember http://backend01:5080 route=0 BalancerMember http://backend02:5080 route=2 BalancerMember http://backend01:5180 route=1 BalancerMember http://backend02:5180 route=3 ProxySet lbmethod=bybusyness nofailover=Off stickysession=JSESSIONID|jsessionid ProxyPass / balancer://default/ ProxyPassReverse / balancer://default/
Re: Bug with "ProxyPass /" and mod_proxy_balancer + double-slashes (httpd-2.4.3)
- Original Message - > Try > > ProxyPreserveHost Off > > >BalancerMember http://backend01:5080/ route=0 >BalancerMember http://backend02:5080/ route=2 >BalancerMember http://backend01:5180/ route=1 >BalancerMember http://backend02:5180/ route=3 >ProxySet lbmethod=bybusyness nofailover=Off >stickysession=JSESSIONID|jsessionid > > > ProxyPass / balancer://default/ > ProxyPassReverse / balancer://default > This configuration seems to work correctly - but this a false conclusion. If you look deeper in log output/files, you will see that there is still a double slash inside. Fortunately the final request the browser is sending to the apache-httpd is "/clusterjsp/", so the cookie is considered and the session is not lost. But on backend servers you still get the double-slashed request, e.g.: "10.x.x.x" "17/Sep/2012:10:43:04 +0100" "GET //clusterjsp/ HTTP/1.1" 200 1590 So when you perform someting like javax.servlet.http.HttpServletRequest.getRequestURI() on an applicationserver, you still will see the "//clusterjsp/". Errorlog debug: [Mon Sep 17 10:47:55.699519 2012] [proxy_balancer:trace1] [pid 5463:tid 140065930422016] mod_proxy_balancer.c(73): [client 10.x.x.x:59115] canonicalising URL //default/clusterjsp/ [Mon Sep 17 10:47:55.699558 2012] [proxy_balancer:debug] [pid 5463:tid 140065930422016] mod_proxy_balancer.c(614): [client 10.x.x.x:59115] AH01172: balancer://default: worker (http://backend02.foo:5180/) rewritten to http://backend02.foo:5180//clusterjsp/ (attached you will find the whole logfile) Also with the two patches I mentioned in my first email, its depended on your config whether you get the doubleslashes or not in backend. Maybe we can improve the URL canonicalisation, so that we are independent of the config? The rfc is on our side ;) http://www.ietf.org/rfc/rfc3986.txt -> 3.3. Path [...] path = path-abempty; begins with "/" or is empty / path-absolute ; begins with "/" but not "//" / path-noscheme ; begins with a non-colon segment / path-rootless ; begins with a segment / path-empty ; zero characters [Mon Sep 17 10:47:55.603666 2012] [core:trace5] [pid 5463:tid 140065930422016] protocol.c(627): [client 10.x.x.x:59115] Request received from client: GET /clusterjsp HTTP/1.0 [Mon Sep 17 10:47:55.603847 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(301): [client 10.x.x.x:59115] Headers received from client: [Mon Sep 17 10:47:55.603877 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Host: mydomain.foo:8080 [Mon Sep 17 10:47:55.603884 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1 [Mon Sep 17 10:47:55.603892 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [Mon Sep 17 10:47:55.603898 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Accept-Language: en-us,en;q=0.5 [Mon Sep 17 10:47:55.603903 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Accept-Encoding: gzip, deflate [Mon Sep 17 10:47:55.603921 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Cookie: JSESSIONID=359c3bad94690428541d6c226f6d.3; __utma=85701643.1776763863.1324649383.1324649383.1324649383.1 [Mon Sep 17 10:47:55.603927 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Via: 1.0 proxy.foo:3128 (squid/2.7.STABLE5) [Mon Sep 17 10:47:55.603934 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] X-Forwarded-For: 10.x.x.x [Mon Sep 17 10:47:55.603939 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Cache-Control: max-age=259200 [Mon Sep 17 10:47:55.603967 2012] [http:trace4] [pid 5463:tid 140065930422016] http_request.c(305): [client 10.x.x.x:59115] Connection: keep-alive [Mon Sep 17 10:47:55.604025 2012] [authz_core:debug] [pid 5463:tid 140065930422016] mod_authz_core.c(828): [client 10.x.x.x:59115] AH01628: authorization result: granted (no directives) [Mon Sep 17 10:47:55.604058 2012] [core:trace3] [pid 5463:tid 140065930422016] request.c(227): [client 10.x.x.x:59115] request authorized without authentication by access_checker_ex hook: /clusterjsp [Mon Sep 17 10:47:55.604094 2012] [proxy_balancer:trace1] [pid 5463:tid 140065930422016] mod_proxy_balancer.c(73): [client 10.x.x.x:59115] canonicalising URL //default/clusterjsp [Mon Sep 17 10:47:55.604155 2012] [proxy_balancer:debug] [pid 5463:tid 140065930422016] mod_proxy_balancer.c(292): [client
default build httpd-2.4 and loadmodule/shm
It's always annoying after building an httpd-2.4 to see the AH01177 error message when doing a quick start-check with "apachectl start": [Fri Nov 16 16:29:19.093450 2012] [proxy_balancer:emerg] [pid 15902:tid 47671748469040] AH01177: Failed to lookup provider 'shm' for 'slotmem': is mod_slotmem_shm loaded?? Maybe its possible to comment in slotmem_shm_module in the default httpd.conf? Also commenting out the "lbmethod_heartbeat_module" line makes sense to me, since there is no mod_heartbeat* module loaded/configured in the default conf. This would prevent the "AH02282: No slotmem from mod_heartmonitor" warning. regards, zisis
Re: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive
Hi Pravesh, this is the expected behaviour of SSLProxyCheckPeerCN. When set to "on" (default), the certificate CN of the backend server has to match the configured BalancerMember's name. In your case, your BalancerMember seems to be "https://15.146.153.101/"; (so the name is "15.146.153.101"), which has configured an SSL certificate with "CN=y". This constellation can't work. Normally "SSLProxyCheckPeerCN off" should solve your issue - what do you mean with 'is not helping much in our case'? What is the error message when turning SSLProxyCheckPeerCN off? Perhaps you can also post the relevant part of your configuration. The links you posted are not really applicable for this configuration issue. Please also consider that this is more an users-issue than dev (-> users mailinglist). Regards, Zisis - Original Message - > From: "Pravesh R Rai (STSD)" > To: dev@httpd.apache.org > Cc: "Tariq Mahmood (Tariq Mahmood Dar (IESL))" , > "Arshad Mohammed (STSD)" > , "William Chow" , "William A. > Rowe Jr. (wr...@rowe-clan.net)" > , "Scott Lamons (Open Source Program Office)" > , "Bryan Sutula (Open Source > Program Office)" > Sent: Tuesday, November 20, 2012 12:17:13 PM > Subject: Apache 2.4.3 issue related to SLProxyCheckPeerCN directive > > Hi All, > > While trying to use Apache 2.4.3, we are getting following error > messages (in error_log), when trying to access a link to another > application running on Tomcat web server: > > -- > [ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH02005: SSL Proxy: > Peer certificate CN mismatch: Certificate CN: y Requested hostname: > 15.146.153.101 > [ssl:info] [pid 3264] [remote 127.0.0.1:1188] AH01998: Connection > closed to child 0 with abortive shutdown (server localhost:2381) > [proxy_http:error] [pid 3264] (502)Unknown error 502: [client > 16.154.173.74:52712] AH01084: pass request body failed to > 127.0.0.1:1188 (localhost), referer: > https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AServiceguard&chppage=Serviceguard%20Manager&chpurl=/sgmgr/main/main.do&chptarget=undefined > [proxy:error] [pid 3264] [client 16.154.173.74:52712] AH00898: Error > during SSL Handshake with remote server returned by > /sgmgr/main/main.do, referer: > https://15.146.153.101:2381/chplinkstrt.php?chppath=Tools%3A%3AServiceguard&chppage=Serviceguard%20Manager&chpurl=/sgmgr/main/main.do&chptarget=undefined > [proxy_http:error] [pid 3264] [client 16.154.173.74:52712] AH01097: > pass request body failed to 127.0.0.1:1188 (localhost) from > 16.154.173.74 (), referer: https://15.146.153.101:2381/chpl > -- > > Also found that, the same bug is reported at some Apache & Bugzilla > sites: > > https://issues.apache.org/bugzilla/show_bug.cgi?id=53006 > http://mail-archives.apache.org/mod_mbox/httpd-bugs/201203.mbox/%3cbug-53006-7...@https.issues.apache.org/bugzilla/%3E > http://osdir.com/ml/bugs-httpd/2012-03/msg00324.html > > but none of those points to the right direction. After going through > Apache-2.4.3 docs/forum: > > http://apache-http-server.18135.n6.nabble.com/SSLProxyCheckPeerCN-ProxyPreserveHost-issue-td447.html > http://httpd.apache.org/docs/2.4/upgrading.html#misc > http://httpd.apache.org/docs/trunk/mod/mod_ssl.html > > found that, it is observed only with Apache-2.4.3 & is due to one > directive "SLProxyCheckPeerCN", which is now "on" by default. But > even setting this to "off" is not helping much in our case. > > Can anybody please provide some clue about this behavior? > > Regards, > Pravesh >