Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4EAADC942 for ; Mon, 24 Jun 2013 16:44:08 +0000 (UTC) Received: (qmail 93669 invoked by uid 500); 24 Jun 2013 16:44:05 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 93592 invoked by uid 500); 24 Jun 2013 16:44:04 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 93385 invoked by uid 99); 24 Jun 2013 16:44:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Jun 2013 16:44:04 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ephemeric@gmail.com designates 209.85.220.45 as permitted sender) Received: from [209.85.220.45] (HELO mail-pa0-f45.google.com) (209.85.220.45) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Jun 2013 16:44:00 +0000 Received: by mail-pa0-f45.google.com with SMTP id bi5so11283312pad.32 for ; Mon, 24 Jun 2013 09:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=VaMUc3MLLj1sIBXKvLMYimBuO7QScVWI40SS9AxdwWA=; b=PbaCtav8Wo8uGde3GUu/ntxAdLXJSTwVdd9/9trPdUs+6m7KvsoNR6CmCBCVnOYpoG Y3UR2YL3PHAJmVYAi7G7Ml2PEPUkz4yS3qpqoA80dpshxCygRLUabHWEh9qXB6hPMACz B4KXJb0cAhG4e5fLCjlsvXm+M8pgAt2ZzxtarbchY+vr4zXSkap1Szj35NwL4xNCVgx/ c2KwiwASQQZPkSM8MG9lxLKR4sl1V17NATCcI6FL3ZgD812s02d96Sf9dkmtBWr+wJZ3 tfxOsI6Bp5L1bG/49GtleERrQstAQIDGjfu0uvtyvgL2FtDlAeECCeuqapdKRz3foImD p6kQ== MIME-Version: 1.0 X-Received: by 10.66.191.40 with SMTP id gv8mr28987649pac.19.1372092219913; Mon, 24 Jun 2013 09:43:39 -0700 (PDT) Received: by 10.66.221.68 with HTTP; Mon, 24 Jun 2013 09:43:39 -0700 (PDT) In-Reply-To: References: Date: Mon, 24 Jun 2013 18:43:39 +0200 Message-ID: From: Robert Gabriel To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=047d7bdc1b245dff4b04dfe91d20 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Mod_proxy Slow After a Week --047d7bdc1b245dff4b04dfe91d20 Content-Type: text/plain; charset=ISO-8859-1 On 24 June 2013 18:27, Tom Evans wrote: > On Mon, Jun 24, 2013 at 2:03 PM, Robert Gabriel > wrote: > > Hello all, > > > > We have: > > > > Apache 2.2.3 > > CentOS 5.5 x86_64 > > Splunk 5.0.2 > > > > I only know the basics but Apache has been serving us very well with the > > below config > > > > and only after about a week did pages refresh very slowly, up to a > minute to > > reload > > > > sometimes. > > > > I tailed both httpd and splunkd logs and saw a consistent delay of 30s > > between proxy > > > > and origin server (both on same host) along with plenty of 304s, > followed by > > what > > > > appeared to be some timeout and then slowly the 200s started coming back > in. > > > > A restart of httpd cleared up the issue. > > > > I'm lost, please help. > > > > Could this be a caching problem? > > > > Thank you. > > > > > > SSLEngine on > > SSLCertificateFile /etc/httpd/conf/server.crt > > SSLCertificateKeyFile /etc/httpd/conf/server.key > > SSLProxyEngine On > > SSLCACertificateFile /etc/httpd/conf/gsoc.pem > > SSLProtocol all -SSLv2 > > SSLVerifyClient require > > SSLVerifyDepth 1 > > SSLOptions +StrictRequire > > > > RequestHeader set X-Remote-User %{REMOTE_USER}s > > > > ServerName dashboards.gsoc.co.za:443 > > ServerAdmin admin@gsoc.co.za > > DocumentRoot /srv/http/gdf/ > > CustomLog /var/log/httpd/gdf/access combined > > ErrorLog /var/log/httpd/gdf/error > > LogLevel debug > > > > ProxyRequests Off > > ProxyPreserveHost Off > > ProxyPass /gdf https://172.20.67.2:8000/gdf > > ProxyPassReverse /gdf https://172.20.67.2:8000/gdf > > > > > > SSLRequireSSL > > AllowOverride none > > AuthName "GDF" > > AuthType Basic > > AuthDigestProvider file > > AuthUserFile /etc/httpd/conf/passwd > > Require ssl-verify-client > > Require valid-user > > Require ssl > > Satisfy All > > > > > > > > SSLRequireSSL > > AuthName "GDF" > > AuthType Basic > > AuthDigestProvider file > > AuthUserFile /etc/httpd/conf/passwd > > Require ssl-verify-client > > Require valid-user > > Require ssl > > Satisfy All > > > > > > 30 seconds is the length of the default timeout in apache. > Unfortunately, that timeout is used in all sorts of cases, so it does > not tell us what is timing out. > > As a rank guess, I would be going for DNS timeout myself. Do you have > HostnameLookups set to "On" or "Double", or using host names in ACLs? > > Cheers > > Tom > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > We are not doing any hostname ACLs. Forgive my limited knowledge, I did RTFM before replying to make sure I understood the intended config and no, we are not doing any. "HostnameLookups Off" How come a restart "fixes" the problem? Thank you. --047d7bdc1b245dff4b04dfe91d20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable



On 24 June 2013 18:27, Tom Evans <tevans.uk@googlemail.com<= /a>> wrote:
On Mon, Jun 24, 2013 at 2:03 PM, Robert Gabriel <ephemeric@gmail.com> wrote:
> Hello all,
>
> We have:
>
> Apache 2.2.3
> CentOS 5.5 x86_64
> Splunk 5.0.2
>
> I only know the basics but Apache has been serving us very well with t= he
> below config
>
> and only after about a week did pages refresh very slowly, up to a min= ute to
> reload
>
> sometimes.
>
> I tailed both httpd and splunkd logs and saw a consistent delay of 30s=
> between proxy
>
> and origin server (both on same host) along with plenty of 304s, follo= wed by
> what
>
> appeared to be some timeout and then slowly the 200s started coming ba= ck in.
>
> A restart of httpd cleared up the issue.
>
> I'm lost, please help.
>
> Could this be a caching problem?
>
> Thank you.
>
> <VirtualHost *:443>
> =A0 =A0 =A0 =A0 SSLEngine on
> =A0 =A0 =A0 =A0 SSLCertificateFile =A0 =A0 =A0/etc/httpd/conf/server.c= rt
> =A0 =A0 =A0 =A0 SSLCertificateKeyFile =A0 /etc/httpd/conf/server.key > =A0 =A0 =A0 SSLProxyEngine On
> =A0 =A0 =A0 SSLCACertificateFile =A0 =A0/etc/httpd/conf/gsoc.pem
> =A0 =A0 =A0 SSLProtocol all -SSLv2
> =A0 =A0 =A0 SSLVerifyClient require
> =A0 =A0 =A0 SSLVerifyDepth 1
> =A0 =A0 =A0 SSLOptions +StrictRequire
>
> =A0 =A0 =A0 RequestHeader set X-Remote-User %{REMOTE_USER}s
>
> =A0 =A0 =A0 =A0 ServerName =A0 =A0 =A0dashboards.gsoc.co.za:443
> =A0 =A0 =A0 ServerAdmin =A0 =A0 ad= min@gsoc.co.za
> =A0 =A0 =A0 =A0 DocumentRoot =A0 =A0/srv/http/gdf/
> =A0 =A0 =A0 =A0 CustomLog =A0 =A0 =A0 /var/log/httpd/gdf/access combin= ed
> =A0 =A0 =A0 =A0 ErrorLog =A0 =A0 =A0 =A0/var/log/httpd/gdf/error
> =A0 =A0 =A0 LogLevel =A0 =A0 =A0 =A0debug
>
> =A0 =A0 =A0 ProxyRequests Off
> =A0 =A0 =A0 ProxyPreserveHost Off
> =A0 =A0 =A0 ProxyPass /gdf https://172.20.67.2:8000/gdf
> =A0 =A0 =A0 ProxyPassReverse /gdf https://172.20.67.2:8000/gdf
>
> =A0 =A0 =A0 =A0<Directory />
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 SSLRequireSSL
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AllowOverride none
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthName "GDF"
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthType Basic
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthDigestProvider file
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthUserFile /etc/httpd/conf/passwd
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Require ssl-verify-client
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Require valid-user
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Require ssl
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Satisfy All
> =A0 =A0 =A0 =A0 </Directory>
>
> =A0 =A0 =A0 =A0 <Location /gdf>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 SSLRequireSSL
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthName "GDF"
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthType Basic
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthDigestProvider file
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 AuthUserFile /etc/httpd/conf/passwd
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Require ssl-verify-client
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Require valid-user
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Require ssl
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 Satisfy All
> =A0 =A0 =A0 =A0 </Location>
> </VirtualHost>

30 seconds is the length of the default timeout in apache.
Unfortunately, that timeout is used in all sorts of cases, so it does
not tell us what is timing out.

As a rank guess, I would be going for DNS timeout myself. Do you have
HostnameLookups set to "On" or "Double", or using host = names in ACLs?

Cheers

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


We are not doing any hostname ACLs.
Forgive my limited knowledge, I did RTFM before replying to make sure = I understood
the intended config and no, we are not doing any.

"HostnameLookups Off"

How come a restart "fixes" the problem?

Thank you.
--047d7bdc1b245dff4b04dfe91d20--