David Kumar wrote:
Attached you can find our configuration files, maybe you can find a /
some misconfigurations?
I'll have a look.
Some notes :
- according to the comments in your Apache config file, you are using the "worker MPM".
But are you sure ? what does "/usr/sbin/apache2ctl -l" say ?
- we are missing the contents of your "/etc/apache2/workers.properties" file
- we are missing the JkMounts or equivalent that you are doing from Apache to
Tomcat.
related questions : you have 2 tomcats. Are you doing load-balancing ? or are you just
sending some URLs to tomcat1 and other to tomcat2 ?
Are you proxying everything to the tomcats, or is the Apache httpd front-end serving some
URLs on its own ? if so, what proportion ?
- how many hits per second/minute/hour (any of them, approx.) is your server
handling ?
- you do not have any specific timeout parameters set in your Tomcat AJP
<Connectors>,
which is basically a good thing : better to leave the defaults in place, than to start
playing with settings that you do not really understand, and make things worse.
But you do set one :
connectionTimeout="200000". Which sounds extremely high to me.
Re: http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
It means that when a client connects to that Connector, a Tomcat thread will be started to
handle this connection; then the thread will wait on the connection, to read the request.
If the request does not appear, this thread will still wait, up to 200 seconds (more than
3 minutes !) for this request to appear, before it gives up, closes that connection, and
goes back to the pool of available threads.
A normal client would not do that, but a badly-intentioned client that tries to create a
DOS attack on your server, will do that, just to block threads on your server until there
are no more threads available.
In this case, it is even worse, because other parameters are using this same value as a
default, like : keepAliveTimeout.
This one means that once one request has been processed by this Tomcat thread on that
connection, the thread will not close this connection, but wait to see if any other
request appears on that connection from the same client, within the timeout given.
In this case, because it defaults to connectionTimeout, the thread will wait more than 3
minutes to see if there is another request. If the client (browser) does not send any
additional request on that connection, you have a thread that is blocked doing nothing,
for more than 3 minutes.
In this case, the client is in reality the mod_jk module under Apache. So the settings of
Apache and mod_jk will matter, and I cannot tell exactly at this point what will happen.
But if this was a HTTP Connector open to the external WWW world, what would certainly
heppen is that you would run out of threads in Tomcat within a couple of minutes, and your
server would stop accepting new requests.
Or to put this another way : if this was a HTTP connector open to the outside world, and I
knew the address of your server, I could bring it down in 3 seconds, using the standard
"ab" program that comes with Apache.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
