Re: [users@httpd] MPM Modules Rule of Thumb

[Luca Toscano]

Hi Tony,

usually httpd consumes a very little amount of memory, if it is behaving in
that way it is probably due to some module like mod_php. Can you give us a
bit more info about your mpm used and the list of modules loaded? For
example, the most common use case that we see is mpm-prefork and mod_php
causing a ton of RAM consumed (each httpd process allocates memory for a
PHP interpreter), meanwhile a solution like mpm-worker|event +
mod_proxy_fcgi + php-fpm works way better.

My suggestion would be to narrow down what module is really causing your
memory to saturate before tuning the mpm.

Luca


2017-09-06 1:33 GMT+02:00 Tony DiLoreto :

> Hi Luca,
>
> Basically my server runs out of free memory and freezes. On AWS I have to
> stop/start it again to be able to SSH in. What I'd really like is a
> MAX_PERCENTAGE_AVAILABLE_MEMORY directive that limits Apache to <= some %
> of free memory. That way it can never halt my system.
>
> Hope this helps.
>
> On Tue, Sep 5, 2017 at 1:16 PM Luca Toscano 
> wrote:
>
>> Hi Tony,
>>
>> 2017-08-31 23:43 GMT+02:00 Tony DiLoreto :
>>
>>> Hi All,
>>>
>>> I've been scouring the internet for best practices or heuristics for
>>> specifying parameter values of the MPM directives. My server seems to lock
>>> up regardless of the values I enter. Are there "rules of thumb" for each
>>> MPM type (prefork, worker, event)?
>>>
>>>
>> Can you tell us what do you mean with "lock up"?
>>
>> Luca
>>
> --
> Tony DiLoreto
> President & CEO
> Migliore Technologies Inc
>
> 716.997.2396
> t...@miglioretechnologies.com
>
>
>
> miglioretechnologies.com
> *The best in the business...period!*
>

Re: [users@httpd] Debugging Intermittent 500 Errors

[Eric Covener]

On Tue, Sep 5, 2017 at 8:30 PM, Yehuda Katz  wrote:
> We have set of three servers running Apache 2.4. (version distributed with
> RedHat 7) behind a Kemp LoadMaster load balancer. The configuration is
> managed by Puppet, so all the servers have the same configuration. I put the
> configuration in a Gist to keep the email simple:
> https://gist.github.com/yakatz/b406753f6bdc5e19ef5386361afa4b1c
>
> We have several directories that randomly show 500 errors, but when you
> refresh, everytthing works fine.
> The 500 error is written to the access log on the expected server, but
> nothing shows up in any error log on any of the servers.
>
> I suspect this is caused by mod_authnz_ldap because the errors usually show
> up upon accessing a page that uses basic auth + ldap for the first time
> during the day (or after a long, but undetermined, timeout). The document
> root is also on an NFS mount, but we have good logging for NFS and haven't
> seen any issues, so I don't think that is the source of the issue.
>
> I know the correct virtual host is being used because I added a custom 500
> error page which is being shown and the correct access log is being written
> to.
>
> I did not see any documentation about enabling additional logging for
> mod_ldap or mod_authnz_ldap, but since most connection have no problems, I
> think that will lead to much more noise in the logs.
>

Well in 2.4 you can set individual modules to log at trace8. Depending
on your current level, you could try just debug.  Additionally, you
can set LDAPLibraryDebug to try to get your ldap library to also log
to stderr which will be very noisy.

If you want relief, I'd suggest setting a TTL on the connection LDAP
connection pool based on your description.
But there is likely also a bug if the stale connection in the pool
results in a 500, which would maybe be more clear with debug or traceX
logging.

-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Debugging Intermittent 500 Errors

[Yehuda Katz]

We have set of three servers running Apache 2.4. (version distributed with
RedHat 7) behind a Kemp LoadMaster load balancer. The configuration is
managed by Puppet, so all the servers have the same configuration. I put
the configuration in a Gist to keep the email simple:
https://gist.github.com/yakatz/b406753f6bdc5e19ef5386361afa4b1c

We have several directories that randomly show 500 errors, but when you
refresh, everytthing works fine.
The 500 error is written to the access log on the expected server, but
nothing shows up in any error log on any of the servers.

I suspect this is caused by mod_authnz_ldap because the errors usually show
up upon accessing a page that uses basic auth + ldap for the first time
during the day (or after a long, but undetermined, timeout). The document
root is also on an NFS mount, but we have good logging for NFS and haven't
seen any issues, so I don't think that is the source of the issue.

I know the correct virtual host is being used because I added a custom 500
error page which is being shown and the correct access log is being written
to.

I did not see any documentation about enabling additional logging for
mod_ldap or mod_authnz_ldap, but since most connection have no problems, I
think that will lead to much more noise in the logs.

Is there any other good way to troubleshoot this?

- Y

Re: [users@httpd] MPM Modules Rule of Thumb

[Tony DiLoreto]

Hi Luca,

Basically my server runs out of free memory and freezes. On AWS I have to
stop/start it again to be able to SSH in. What I'd really like is a
MAX_PERCENTAGE_AVAILABLE_MEMORY directive that limits Apache to <= some %
of free memory. That way it can never halt my system.

Hope this helps.

On Tue, Sep 5, 2017 at 1:16 PM Luca Toscano  wrote:

> Hi Tony,
>
> 2017-08-31 23:43 GMT+02:00 Tony DiLoreto :
>
>> Hi All,
>>
>> I've been scouring the internet for best practices or heuristics for
>> specifying parameter values of the MPM directives. My server seems to lock
>> up regardless of the values I enter. Are there "rules of thumb" for each
>> MPM type (prefork, worker, event)?
>>
>>
> Can you tell us what do you mean with "lock up"?
>
> Luca
>
-- 
Tony DiLoreto
President & CEO
Migliore Technologies Inc

716.997.2396
t...@miglioretechnologies.com



miglioretechnologies.com
*The best in the business...period!*

[users@httpd] mod_authz_core and http response 451

[Galen Johnson]

Hello,

I've googled a bit and I can't find a way to handle this without using a
rewrite rule.

I'm setting up a rule using mod_geoip to block embargoed countries.  I set
up the config as follows:


  # Blocking a client based on country
  SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry
  SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry
  SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
  SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry

  
Require all granted

  Require env BlockCountry

  


This works but returns a 403.  I'd like for it to return a 451.  Is this
possible?  Or am I going to have to stick with using a rewrite rule
(without the require block)?


RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CU|IR|KP|SY)$
RewriteRule ^(.*)$ https://example.com/$1 [NE,R=451,L]


If there is a preferred way to handle this, I'd be interested in that as
well.

thanks

=G=

[users@httpd] How to pass query string as encoded value to another parameter?

[Srinivas Reddy]

In my use case, I need to encode {QUERY_STRING} value and pass this value
as a separate parameter. Here it is how it should work:

http://www.example.com?param1=value1=value2=value3


The URL can have n number of parameters and values may contain special
characters and value is an alphanumeric string.

I need to transform the URL to:

http://www.example.com?param1=value1=value2=value3;

*originalQP=param1=value1%26param2=value2%26param3=value3*

I added parameter called originalQP and it should be always encoded.

How can I get this encoded string using mod rewrite flags?

I tried using B and NE flags but neither of them worked. I am not getting
'&' being encoded in the transformed URL instead originalQP value is being
passed as param1=value1.

How can I get complete value?

Re: [users@httpd] MPM Modules Rule of Thumb

[Luca Toscano]

Hi Tony,

2017-08-31 23:43 GMT+02:00 Tony DiLoreto :

> Hi All,
>
> I've been scouring the internet for best practices or heuristics for
> specifying parameter values of the MPM directives. My server seems to lock
> up regardless of the values I enter. Are there "rules of thumb" for each
> MPM type (prefork, worker, event)?
>
>
Can you tell us what do you mean with "lock up"?

Luca

[users@httpd] How to pass query string as encoded value to another parameter?

[Srinivas Reddy]

down votefavorite


In my use case, I need to encode {QUERY_STRING} value and pass this value
as a separate parameter. Here it is how it should work:

http://www.example.com?param1=value1=value2=value3


The URL can have n number of parameters and values may contain special
characters and value is an alphanumeric string.

I need to transform the URL to:

http://www.example.com?param1=value1=value2=value3;

*originalQP=param1=value1%26param2=value2%26param3=value3*

I added parameter called originalQP and it should be always encoded.

How can I get this encoded string using mod rewrite flags?

I tried using B and NE flags but neither of them worked. I am not getting
'&' being encoded in the transformed URL instead originalQP value is being
passed as param1=value1.

How can I get complete value?

Re: [users@httpd] mod_rewrite + proxy + unix socket results in 400 bad request

[Daniel]

IIRC it was by design yes, but I don't know the reasons behind it,
perhaps the dev mailing list or some developers reading this can
provide more information. You could also try #httpd-dev at Freenode.

I think you could reach your goals without using captured groups
though, I see in the initial virtualhost you shared, that there is no
servername, so probably you are only using that one for a few or
several hostnames, so you could just define separate virtualhosts with
their names and their own socket path, you can use "in-config"
variables with Define directive to avoid typing the same thing several
times or even use mod_macro, here is a brief example with in-config
variables:

Define subdomain1 printers

   ServerAdmin webmaster@localhost
   ServerName ${subdomain1}.example.com
   DocumentRoot /var/www/html
   LogLevel trace2

   UseCanonicalName Off

   ProxyPass / unix:/home/user/${subdomain1}/server.sock|http://127.0.0.1/
   ProxyPassReverse /
unix:/home/user/${subdomain1}/server.sock|http://127.0.0.1/
...


Define subdomain2 mail

   ServerAdmin webmaster@localhost
   ServerName ${subdomain2}.example.com
etc

2017-09-04 11:03 GMT+02:00 David Mugnai :
> Excerpts from Daniel's message of settembre 1, 2017 9:57 :
>>
>> AFAIK you can't use variables of captured groups when using sockets,
>> but I don't have an answer to why. To check If I'm correct you could
>> try using a tcp port instead of socket.
>
>
> You are right, switching the test environment to tcp works.
> Unfortunatley this not works with our planned deploy; do you know if the
> limitation is by desing?
>
> david
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org