Re: Mod_proxy Slow After a Week

[Robert Gabriel <ephemeric@xxxxxxxxx>]

On 24 June 2013 18:27, Tom Evans <tevans.uk@xxxxxxxxxxxxxx> wrote:

On Mon, Jun 24, 2013 at 2:03 PM, Robert Gabriel <ephemeric@xxxxxxxxx> wrote:
> Hello all,
>
> We have:
>
> Apache 2.2.3
> CentOS 5.5 x86_64
> Splunk 5.0.2
>
> I only know the basics but Apache has been serving us very well with the
> below config
>
> and only after about a week did pages refresh very slowly, up to a minute to
> reload
>
> sometimes.
>
> I tailed both httpd and splunkd logs and saw a consistent delay of 30s
> between proxy
>
> and origin server (both on same host) along with plenty of 304s, followed by
> what
>
> appeared to be some timeout and then slowly the 200s started coming back in.
>
> A restart of httpd cleared up the issue.
>
> I'm lost, please help.
>
> Could this be a caching problem?
>
> Thank you.
>
> <VirtualHost *:443>
>         SSLEngine on
>         SSLCertificateFile      /etc/httpd/conf/server.crt
>         SSLCertificateKeyFile   /etc/httpd/conf/server.key
>       SSLProxyEngine On
>       SSLCACertificateFile    /etc/httpd/conf/gsoc.pem
>       SSLProtocol all -SSLv2
>       SSLVerifyClient require
>       SSLVerifyDepth 1
>       SSLOptions +StrictRequire
>
>       RequestHeader set X-Remote-User %{REMOTE_USER}s
>
>         ServerName      dashboards.gsoc.co.za:443
>       ServerAdmin     admin@xxxxxxxxxx
>         DocumentRoot    /srv/http/gdf/
>         CustomLog       /var/log/httpd/gdf/access combined
>         ErrorLog        /var/log/httpd/gdf/error
>       LogLevel        debug
>
>       ProxyRequests Off
>       ProxyPreserveHost Off
>       ProxyPass /gdf https://172.20.67.2:8000/gdf
>       ProxyPassReverse /gdf https://172.20.67.2:8000/gdf
>
>        <Directory />
>               SSLRequireSSL
>               AllowOverride none
>               AuthName "GDF"
>               AuthType Basic
>               AuthDigestProvider file
>               AuthUserFile /etc/httpd/conf/passwd
>               Require ssl-verify-client
>               Require valid-user
>               Require ssl
>               Satisfy All
>         </Directory>
>
>         <Location /gdf>
>               SSLRequireSSL
>               AuthName "GDF"
>               AuthType Basic
>               AuthDigestProvider file
>               AuthUserFile /etc/httpd/conf/passwd
>               Require ssl-verify-client
>               Require valid-user
>               Require ssl
>               Satisfy All
>         </Location>
> </VirtualHost>

30 seconds is the length of the default timeout in apache.
Unfortunately, that timeout is used in all sorts of cases, so it does
not tell us what is timing out.

As a rank guess, I would be going for DNS timeout myself. Do you have
HostnameLookups set to "On" or "Double", or using host names in ACLs

>Sorry, I didn't read your original post. Please upgrade Apache to
>2.2.24 and re-test.

We upgraded Apache and installed CentOS-6.4.

Problem gone.