RE: mod_proxy_http tuning [EXTERNAL]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Also here is what we use our virtualhost config in apache for this and it works well.

 

    Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

    <Proxy "balancer://loadbalancer">

     BalancerMember http://server:port route=yourjvmroute  connectiontimeout=600 timeout=1200

     BalancerMember http://server:port route=yourjvmroute connectiontimeout=600 timeout=1200

     ProxySet stickysession=ROUTEID

     ProxySet lbmethod=byrequests

     Order deny,allow

     Allow from all

     </Proxy>

    ProxyRequests Off

    ProxyPass / balancer://loadbalancer/

    ProxyPassReverse / balancer://loadbalancer/

 

 

    
Shawn  Beard  • Sr. Systems Engineer
Middleware Engineering
3840 109th Street Urbandale IA  50322
Phone: +1-515-564-2528
Email:  SBeard@xxxxxxxxxxxxx
Website: https://berkleytechnologyservices.com/
Technology Leadership Unleashing Business Potential

 

From: jonmcalexander@xxxxxxxxxxxxxx.INVALID <jonmcalexander@xxxxxxxxxxxxxx.INVALID>
Sent: Wednesday, August 3, 2022 12:14 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: mod_proxy_http tuning [EXTERNAL]

 

** CAUTION: External message

 

Hi Sekhar,

 

Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.

 

Thanks,

 

#-----------httpd-ssl.conf-------------------

 

# for web instance

 

Listen 6750

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

 

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/path/ssl_scache(512000)"

SSLSessionCacheTimeout 300

Mutex "file:/apps/apache/logs/pid/"

 

ErrorDocument 500 /ilapp

 

<VirtualHost _default_:6750>

                SSLEngine on

 

                SSLProtocol -all +TLSv1.2

                SSLCipherSuite <CIPHER LIST>

                SSLHonorCipherOrder on

 

                SSLCertificateFile myapp.cer

                SSLCertificateKeyFile myapp.key

                SSLCertificateChainFile intermediate.pem

 

                <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

                </FilesMatch>

 

 

                BrowserMatch "MSIE [2-5]" \

                nokeepalive ssl-unclean-shutdown \

                downgrade-1.0 force-response-1.0

 

                <IfModule proxy_module>

 

                                SSLProxyEngine On

                                SSLProxyVerify off

                                SSLProxyCheckPeerName on

                                SSLProxyCheckPeerCN on

                                SSLProxyVerifyDepth 5

                                SSLProxyCACertificateFile intermediate.pem

                                SSLProxyMachineCertificateFile myappClient.pem

                                ProxyRequests Off

                                BalancerPersist On

 

                                <Proxy balancer://icluster>

                                                BalancerMember https://tomcat-server:9999

 

                                                ProxySet lbmethod=bybusyness

                                                ProxySet stickysession=JSESSIONID

                                                ProxySet scolonpathdelim=On

 

                                                Order Deny,Allow

                                                Deny from none

                                                Allow from all

                                </Proxy>

 

                                ProxyPass /iapp balancer://icluster/iappp

                                ProxyPassReverse /iapp balancer://icluster/iappp

 

                                ProxyPass /idash balancer://icluster/idash

                                ProxyPassReverse /idash balancer://icluster/idash

 

                </IfModule>

 

</VirtualHost>

 

Dream * Excel * Explore * Inspire

Jon McAlexander

Senior Infrastructure Engineer

Asst. Vice President

He/His

 

Middleware Product Engineering

Enterprise CIO | EAS | Middleware | Infrastructure Solutions

 

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010

Tel 515-988-2508 | Cell 515-988-2508

 

jonmcalexander@xxxxxxxxxxxxxx

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

 

From: Suvendu Sekhar Mondal <suv3ndu@xxxxxxxxx>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: mod_proxy_http tuning

 

Hello Jon,

On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@xxxxxxxxxxxxxx.invalid> wrote:

Hi Fellow Travelers!

 

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.

 

Looking for some ideas as to how to improve the performance.

 

Thanks,

 

Dream * Excel * Explore * Inspire

Jon McAlexander

Senior Infrastructure Engineer

Asst. Vice President

He/His

 

Middleware Product Engineering

Enterprise CIO | EAS | Middleware | Infrastructure Solutions

 

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010

Tel 515-988-2508 | Cell 515-988-2508

 

jonmcalexander@xxxxxxxxxxxxxx

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

 

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux