httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Eckert <thomas.r.w.eck...@gmail.com>
Subject Re: [users@httpd] Mod_proxy Slow After a Week
Date Wed, 26 Jun 2013 07:59:41 GMT
This is interesting. I'm seeing similar events at one of my reverse proxy.
After fixing a DNS infrastructure problem I started seeing lots of 304s
with processing times well above 5 seconds. For header-only requests that's
a lot of time. If there is any news here please let us know. At the very
least it would help me.

On Mon, Jun 24, 2013 at 6:43 PM, Robert Gabriel <ephemeric@gmail.com> wrote:

>
>
>
> On 24 June 2013 18:27, Tom Evans <tevans.uk@googlemail.com> wrote:
>
>> On Mon, Jun 24, 2013 at 2:03 PM, Robert Gabriel <ephemeric@gmail.com>
>> wrote:
>> > Hello all,
>> >
>> > We have:
>> >
>> > Apache 2.2.3
>> > CentOS 5.5 x86_64
>> > Splunk 5.0.2
>> >
>> > I only know the basics but Apache has been serving us very well with the
>> > below config
>> >
>> > and only after about a week did pages refresh very slowly, up to a
>> minute to
>> > reload
>> >
>> > sometimes.
>> >
>> > I tailed both httpd and splunkd logs and saw a consistent delay of 30s
>> > between proxy
>> >
>> > and origin server (both on same host) along with plenty of 304s,
>> followed by
>> > what
>> >
>> > appeared to be some timeout and then slowly the 200s started coming
>> back in.
>> >
>> > A restart of httpd cleared up the issue.
>> >
>> > I'm lost, please help.
>> >
>> > Could this be a caching problem?
>> >
>> > Thank you.
>> >
>> > <VirtualHost *:443>
>> >         SSLEngine on
>> >         SSLCertificateFile      /etc/httpd/conf/server.crt
>> >         SSLCertificateKeyFile   /etc/httpd/conf/server.key
>> >       SSLProxyEngine On
>> >       SSLCACertificateFile    /etc/httpd/conf/gsoc.pem
>> >       SSLProtocol all -SSLv2
>> >       SSLVerifyClient require
>> >       SSLVerifyDepth 1
>> >       SSLOptions +StrictRequire
>> >
>> >       RequestHeader set X-Remote-User %{REMOTE_USER}s
>> >
>> >         ServerName      dashboards.gsoc.co.za:443
>> >       ServerAdmin     admin@gsoc.co.za
>> >         DocumentRoot    /srv/http/gdf/
>> >         CustomLog       /var/log/httpd/gdf/access combined
>> >         ErrorLog        /var/log/httpd/gdf/error
>> >       LogLevel        debug
>> >
>> >       ProxyRequests Off
>> >       ProxyPreserveHost Off
>> >       ProxyPass /gdf https://172.20.67.2:8000/gdf
>> >       ProxyPassReverse /gdf https://172.20.67.2:8000/gdf
>> >
>> >        <Directory />
>> >               SSLRequireSSL
>> >               AllowOverride none
>> >               AuthName "GDF"
>> >               AuthType Basic
>> >               AuthDigestProvider file
>> >               AuthUserFile /etc/httpd/conf/passwd
>> >               Require ssl-verify-client
>> >               Require valid-user
>> >               Require ssl
>> >               Satisfy All
>> >         </Directory>
>> >
>> >         <Location /gdf>
>> >               SSLRequireSSL
>> >               AuthName "GDF"
>> >               AuthType Basic
>> >               AuthDigestProvider file
>> >               AuthUserFile /etc/httpd/conf/passwd
>> >               Require ssl-verify-client
>> >               Require valid-user
>> >               Require ssl
>> >               Satisfy All
>> >         </Location>
>> > </VirtualHost>
>>
>> 30 seconds is the length of the default timeout in apache.
>> Unfortunately, that timeout is used in all sorts of cases, so it does
>> not tell us what is timing out.
>>
>> As a rank guess, I would be going for DNS timeout myself. Do you have
>> HostnameLookups set to "On" or "Double", or using host names in ACLs?
>>
>> Cheers
>>
>> Tom
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
> We are not doing any hostname ACLs.
>
> Forgive my limited knowledge, I did RTFM before replying to make sure I
> understood
> the intended config and no, we are not doing any.
>
> "HostnameLookups Off"
>
> How come a restart "fixes" the problem?
>
> Thank you.
>

Mime
View raw message