httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From allan juul <al...@muly.dk>
Subject Re: [users@httpd] Serious Performance Issues
Date Tue, 20 Sep 2005 18:59:38 GMT
Walter, Oliver (BR/ICA5) wrote:

i am no expert, but maybe you could post a snippet of your ssl.conf ?

on windows we experimented a lot with the ssl caching schemes which had 
a great influence on ssl performance. also the keepalive setting is 
important

have you actually measured/debugged ssl-handshake with openssl?

something like :

  $ openssl s_time -connect IP-address:443/somepath -time 60਀

or maybe it's just something with a very deep certificate ca chain ?

or ...

./allan

> Hello list,
> 
> we have serious performance issues running apache 1.3.26 with ssl. Maybe
> someone here has a hint we can do.
> 
> We are running a cluster with 2 HP DL380 with Dual CPU an 512 MB Ram. The
> operating system is Debian Linux with Linux Virtual Server module ip_vs_wrr
> on Port 80. HTTPS request are processed only on one node.
> 
> We use the server in 3 ways:
> 
> 1. reverse proxy for several application server
> 2. with mod_caucho for the jsp delivery 
> 3. webserver for static content
> 
> The server load is mostly around 1 - 1.5. The server is not swapping.
> 
> 18:39:59 up 201 days, 23:07,  2 users,  load average: 0.74, 0.57, 0.66
> 86 processes: 83 sleeping, 2 running, 1 zombie, 0 stopped
> CPU states:  16.9% user,  27.8% system,   0.0% nice,  55.3% idle
> Mem:    517304K total,   468792K used,    48512K free,   184156K buffers
> Swap:  4048992K total,     1576K used,  4047416K free,   120996K cached
> 
> We found out, that we have a lot of connection in close_wait state 
> the several backend systems (mod_caucho -> resin).
> 
> netstat | grep CLOSE_WAIT 
> ...
> tcp        1      0 bridge15:3157           bridge28:6803           CLOSE_WAIT
> tcp        1      0 bridge15:1912           bridge28:6803           CLOSE_WAIT
> 
> netstat | grep CLOSE_WAIT | wc -l
>    1340
> 
> If they get to high (~4000), apache isn´t able to process any request anymore
> (error_log):
> 
> [Tue Sep 20 15:15:10 2005] [error] [client xx.xx.xx.xx] (11)Resource temporarily 
> unavailable: proxy connect to xxx.xxx.xxx.xxx port 80 failed
> 
> or
> 
> [Tue Sep 20 15:07:20 2005] [error] [client xx.xx.xx.xx] (111)Connection refused: 
> proxy connect to xxx.xxx.xxx.xxx port 80 failed
> 
> We also can find a lot of the follwing error in the log:
> 
> [Tue Sep 20 15:03:34 2005] [error] mod_ssl: SSL handshake interrupted by system 
> [Hint: Stop button pressed in browser?!] (System error follows)
> [Tue Sep 20 15:03:34 2005] [error] System: Connection reset by peer (errno: 104)
> 
> I think too much for canceled browser actions.
> 
> We already changed the value for timeout_closewait from 60 to 30, which reduced 
> the above mentioned connections, but did not achive any performance increase. The 
> only thing was, that the proxy errors stopped.
> 
> HTTPS request are still very poor, even if almost nobody is browsing our website.
> 
> Any ideas what the problem could be, or where we can take another look?
> 
> Best regards
> 
> Oliver Walter (BR/ICA5)
> 
> Zentrale Informationsverarbeitung
> Bosch Rexroth AG
> The Drive & Control Company
> Sandweg 45
> D-97737 Gemünden-Langenprozelten
> phone: +49(0)9352-18-3977
> fax:   +49(0)9352-18-3985
> mailto:oliver.walter@boschrexroth.de
> http://www.boschrexroth.com
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message