From users-return-117119-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Tue Mar 6 20:03:44 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id E32C1180652 for ; Tue, 6 Mar 2018 20:03:42 +0100 (CET) Received: (qmail 1444 invoked by uid 500); 6 Mar 2018 19:03:41 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 1433 invoked by uid 99); 6 Mar 2018 19:03:41 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Mar 2018 19:03:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id D6016C012E for ; Tue, 6 Mar 2018 19:03:40 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.88 X-Spam-Level: * X-Spam-Status: No, score=1.88 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id q9rd_hYszXWS for ; Tue, 6 Mar 2018 19:03:37 +0000 (UTC) Received: from mail-ot0-f182.google.com (mail-ot0-f182.google.com [74.125.82.182]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 085C25F475 for ; Tue, 6 Mar 2018 19:03:37 +0000 (UTC) Received: by mail-ot0-f182.google.com with SMTP id f11so19365284otj.12 for ; Tue, 06 Mar 2018 11:03:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=cfroWFoPfhrjvR9hAcksVVaXvMPqxhNF3WMD9b8OfGM=; b=B4CcZzToHcWntiyQVEkB2mRX9orbcUGRbukB5ffFkmjGRp5HMCOfLGXwTPdI8A48L5 GUSQ3ONxMwJxmAcF5uE16mBHeER1IgGKu+v9rM5kLBWb6yzah6PtbkR4a2ITc86yGZTC 1jtu3jEixn+tiZ3bgWGVsNPQaDIFVnDX2NaLKwfW37eAbO/GclT9kiD81NYJEi/qIFTU SsaoOOstlDKucq3pt/ZYm1PiM5zSN3n1he4c2gfOixb+m1aWGFBd6pyAM51GjPeE+TyV kfsHN7J53fv/+431r8NjwwJOvCShq5yTKuFWTMxOXxUEHexLm8TXeUtZjztWZfXswllI wVdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=cfroWFoPfhrjvR9hAcksVVaXvMPqxhNF3WMD9b8OfGM=; b=CaNFEyp2ICKoZVBFVqsUEg5NlaO1oEHKOTy9YiljeDav2q8MMvfdwFBZtqZJujsBv0 +m+Wo72FRtr+GrtANx41d5KgWtyevYyIrvpexh9QP92Oa7kG3XITuaY8g0B7W/HYdGTq y25dIcD4bz6Q51BQTf/Nt4dNeXEdLjfg5t1QH38U7ODAALcjLGou9JMKcxfrpYhjl9qg TI0ZL6La91nFo0+RcpAZm8OKWOD2gy741rZCnm+l4xv/jf1+sZThXgoRYtevFFDELNC6 r1cqZnNljI8p9hUU99+bG0gHh519/sOZLnJZ6bVxpj//ip3APbZhphTrMmYeyZjHBfsE q5BA== X-Gm-Message-State: APf1xPDJwnwJFMRVPIV62w+7u47QINE/Q5uSzTQgdMTKAFjjRep2hyEQ dZe/5Vh5NKj7qpA9MXJ4XqJ5/Wkj8dA9aoX30Cs= X-Google-Smtp-Source: AG47ELtzSChsG+/fLmoGFpIRUvM4fvyKrvak1Wh9o/qMYeJ6ZApS8gCdICzhiJvbA+MwzU2kjLZ4+ScAeO/kqeO/1pk= X-Received: by 10.157.17.13 with SMTP id g13mr14705546ote.240.1520363015877; Tue, 06 Mar 2018 11:03:35 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.84.4 with HTTP; Tue, 6 Mar 2018 11:03:35 -0800 (PST) In-Reply-To: References: From: Herb Burnswell Date: Tue, 6 Mar 2018 11:03:35 -0800 Message-ID: To: users@httpd.apache.org Content-Type: multipart/alternative; boundary="001a113ce5667db8190566c319eb" Subject: Re: [users@httpd] balancing best practices - mod_proxy_balancer --001a113ce5667db8190566c319eb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Daniel, Thanks. I'm reading the docs on sticky sessions. There is a lot of conflicting "how to's" out there but I'm making progress. HB On Wed, Feb 28, 2018 at 12:21 PM, Daniel Ferradal wrote: > > 3: Regarding my inquiry about potential better options, I was more > referring > > to the idea of maybe using Tomcat as a proxy to Tomcat backend > application. > > I've read it can be done was wondering if the like to like might provid= e > > advantages. I am personally not as familiar with Tomcat as I am with > HTTPD > > and therefore would prefer using HTTPD if there are no significant > reasons > > to use Tomcat --> Tomcat. > > IMO it is better to leave the application server to do what it is > supposed to do, handle dynamic content generation. While leaving > static content as well as balancing to httpd, which is what it does > best. > > > > > 4: The sticky sessions need makes sense. > > > > I have attempted to set up the sticky sessions configuration in HTTPD b= ut > > unfortunately I must not have it set up properly. It's probably best i= f > I > > create a new thread for that issue and will do so. > > Sticky sessions can be very tricky to setup correctly. > > In mod_proxy_balancer docs it documents very well that you probably > need to set all these three elements correctly according to how tomcat > was setup: > > stickysession (the most obvious) > scolonpathdelim > route - according to the value jvmroute the tomcats have setup. > > > > > > > Thanks again for your guidance. > > > > HB > > > > On Fri, Feb 23, 2018 at 12:57 AM, Daniel Ferradal > > wrote: > >> > >> Hello, > >> > >> I'll try to answer point by point the best I can. > >> > >> 1=C2=BA You can only use one balancer method, so choose the best strat= egy > >> for your case. There is plenty on the description for each in the docs > >> (TL to explain here). > >> 2=C2=BA No, it does not, you choose one and use only one that suites y= ou > >> best for a specific balancer. > >> 3=C2=BA Inside httpd the only non-third party choice that I know is > >> mod_proxy_balancer, so yes, by all means use it. Unless you find a > >> more suitable product for your needs. > >> 4=C2=BA That will precisely mean you need to use sticky sessions and d= efine > >> how to properly handle them at the balancer level, why? because as > >> long as nodes are up and running you want to deliver the session to > >> the specific node dealing with that session or session will be lost. > >> It is when that backend node is down that httpd should look for other > >> nodes to deliver the session. Afaik is called session persistence. Or > >> at least this is the usual way to balance with sessions dealt by a > >> backend cluster. > >> > >> About docs you can also visit: > >> http://httpd.apache.org/docs/2.4/howto/reverse_proxy.html > >> and mod_proxy itself: http://httpd.apache.org/docs/ > 2.4/mod/mod_proxy.html > >> > >> Cheers! > >> > >> 2018-02-23 1:48 GMT+01:00 Herb Burnswell = : > >> > All, > >> > > >> > I am looking for some guidance on using HTTPD as a proxy and load > >> > balancer > >> > to a backend Tomcat application. Specifically, I'm interested in ho= w > to > >> > best handle the balancing of requests. The configuration would be > very > >> > much > >> > like the 'typical implementation' shown in this Reverse Proxy Guide: > >> > https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html (I'm > using > >> > version 2.4.6): > >> > > >> > +--------------------- + > >> > | Firewall Public | > >> > +--------------------- + > >> > +-------------------------------------------+ > >> > | +------+ +-------+ +-------+ | > >> > | | httpd| | httpd | | httpd | | > >> > | | 1 | | 2 | | 3 | | > >> > | +------+ +-------+ +-------+ | > >> > +-------------------------------------------+ > >> > +---------------------- + > >> > | Firewall Private | > >> > +---------------------- + > >> > +---------------------------------------------+ > >> > | +--------+ +---------+ +--------+ | > >> > | | tomcat| |tomcat | |tomcat | | > >> > | | 1 | | 2 | | 3 | | > >> > | +--------+ +---------+ +--------+ | > >> > +---------------------------------------------+ > >> > > >> > > >> > We have this working fine with a vanity URL to a VIP on our public > >> > firewall > >> > --> to the 3 httpd proxy load balancer pool --> to one of the 3 > backend > >> > Tomcat server pool. We want everything to run over SSL and the > >> > currently > >> > working config on the httpd servers is basic: > >> > > >> > > >> > > >> > ServerName example.com > >> > > >> > SSLEngine on > >> > SSLProtocol all -SSLv2 -SSLv3 > >> > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA > >> > > >> > SSLCertificateFile /etc/pki/tls/certs/ssl.crt > >> > > >> > # ------------------------------------------------ > >> > # Proxy Load Balancer > >> > # ------------------------------------------------ > >> > > >> > > >> > > >> > BalancerMember https://app1.example.com:9009 > >> > BalancerMember https://app2.example.com:9009 > >> > > >> > > >> > > >> > SSLProxyEngine on > >> > SSLProxyVerify none > >> > SSLProxyCheckPeerCN off > >> > SSLProxyCheckPeerName off > >> > SSLProxyCheckPeerExpire off > >> > > >> > ProxyPass / balancer://mycluster/ > >> > ProxyPassReverse / balancer://mycluster/ > >> > > >> > > >> > > >> > > >> > As mentioned, this works fine. But now we need to dig into the > request > >> > management. I read here: > >> > https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html that > the > >> > scheduler algorithm is provided by 'at least one of': > >> > > >> > mod_lbmethod_byrequests > >> > mod_lbmethod_bytraffic > >> > mod_lbmethod_bybusyness > >> > mod_lbmethod_heartbeat > >> > > >> > Questions: > >> > > >> > 1. Am I correct in reading 'at least one of' that multiple of these > >> > algorithms can be used together? If so, is there a hierarchy betwee= n > >> > them? > >> > > >> > 2. Does it make sense to use multiple algorithms? > >> > > >> > - It sounds like each could be desirable: > >> > mod_lbmethod_byrequests -> We do want to have an even distribution o= f > >> > request/sessions. > >> > > >> > mod_lbmethod_bytraffic -> Some requests/sessions could be more > intensive > >> > than others. > >> > > >> > mod_lbmethod_bybusyness -> Sounds similar to byrequests? > >> > > >> > mod_lbmethod_heartbeat -> Definately need to backend to be listening > but > >> > would be nice to distribute or overlook a server based upon response > >> > time. > >> > Is that part of how this works? > >> > > >> > 3. Is using HTTPD mod_proxy_balancer the best way to handle what we > are > >> > looking to do? Or are there better options? > >> > > >> > 4. On the backend we plan on using Tomcat session clustering for hig= h > >> > availability. That being the case, would that mean that we would NO= T > >> > want > >> > to use sticky sessions at the HTTPD level in case a backend Tomcat > node > >> > goes > >> > offline and the session is picked up on one of the other nodes? > >> > > >> > Sorry if I've confused anything here, any guidance is greatly > >> > appreciated. > >> > I'm happy to read any documentation directed to.. > >> > > >> > Thanks in advance, > >> > > >> > HB > >> > > >> > >> > >> > >> -- > >> Daniel Ferradal > >> HTTPD Docs. I translate to Spanish. > >> #httpd help at Freenode > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > >> For additional commands, e-mail: users-help@httpd.apache.org > >> > > > > > > -- > Daniel Ferradal > HTTPD is the best! > #httpd help at Freenode > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --001a113ce5667db8190566c319eb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Daniel,

Thanks.=C2=A0 I'm reading t= he docs on sticky sessions.=C2=A0 There is a lot of conflicting "how t= o's" out there but I'm making progress.

HB

= On Wed, Feb 28, 2018 at 12:21 PM, Daniel Ferradal <dferradal@apache.org= > wrote:
&= gt; 3: Regarding my inquiry about potential better options, I was more refe= rring
> to the idea of maybe using Tomcat as a proxy to Tomcat backend=C2=A0 a= pplication.
> I've read it can be done was wondering if the like to like might p= rovide
> advantages.=C2=A0 I am personally not as familiar with Tomcat as I am = with HTTPD
> and therefore would prefer using HTTPD if there are no significant rea= sons
> to use Tomcat --> Tomcat.

IMO it is better to leave the application server to do what it is supposed to do, handle dynamic content generation. While leaving
static content as well as balancing to httpd, which is what it does
best.

>
> 4:=C2=A0 The sticky sessions need makes sense.
>
> I have attempted to set up the sticky sessions configuration in HTTPD = but
> unfortunately I must not have it set up properly.=C2=A0 It's proba= bly best if I
> create a new thread for that issue and will do so.

Sticky sessions can be very tricky to setup correctly.

In mod_proxy_balancer docs it documents very well that you probably
need to set all these three elements correctly according to how tomcat
was setup:

stickysession (the most obvious)
scolonpathdelim
route - according to the value jvmroute the tomcats have setup.



>
> Thanks again for your guidance.
>
> HB
>
> On Fri, Feb 23, 2018 at 12:57 AM, Daniel Ferradal <dferradal@apache.org>
> wrote:
>>
>> Hello,
>>
>> I'll try to answer point by point the best I can.
>>
>> 1=C2=BA You can only use one balancer method, so choose the best s= trategy
>> for your case. There is plenty on the description for each in the = docs
>> (TL to explain here).
>> 2=C2=BA No, it does not, you choose one and use only one that suit= es you
>> best for a specific balancer.
>> 3=C2=BA Inside httpd the only non-third party choice that I know i= s
>> mod_proxy_balancer, so yes, by all means use it. Unless you find a=
>> more suitable product for your needs.
>> 4=C2=BA That will precisely mean you need to use sticky sessions a= nd define
>> how to properly handle them at the balancer level, why? because as=
>> long as nodes are up and running you=C2=A0 want to deliver the ses= sion to
>> the specific node dealing with that session or session will be los= t.
>> It is when that backend node is down that httpd should look for ot= her
>> nodes to deliver the session. Afaik is called session persistence.= Or
>> at least this is the usual way to balance with sessions dealt by a=
>> backend cluster.
>>
>> About docs you can also visit:
>> http://httpd.apache.org/docs/= 2.4/howto/reverse_proxy.html
>> and mod_proxy itself: http://httpd.apach= e.org/docs/2.4/mod/mod_proxy.html
>>
>> Cheers!
>>
>> 2018-02-23 1:48 GMT+01:00 Herb Burnswell <herbert.burnswell@gmail.com>:
>> > All,
>> >
>> > I am looking for some guidance on using HTTPD as a proxy and = load
>> > balancer
>> > to a backend Tomcat application.=C2=A0 Specifically, I'm = interested in how to
>> > best handle the balancing of requests.=C2=A0 The configuratio= n would be very
>> > much
>> > like the 'typical implementation' shown in this Rever= se Proxy Guide:
>> > https://httpd.apache.org/doc= s/2.4/howto/reverse_proxy.html=C2=A0 (I'm using
>> > version 2.4.6):
>> >
>> > +---------------------=C2=A0 +
>> > |=C2=A0 =C2=A0 =C2=A0Firewall Public |
>> > +---------------------=C2=A0 +
>> > +-------------------------------------------+
>> > |=C2=A0 =C2=A0 =C2=A0 +------+=C2=A0 =C2=A0+-------+=C2=A0 +-= ------+=C2=A0 =C2=A0 =C2=A0 |
>> > |=C2=A0 =C2=A0 =C2=A0 | httpd|=C2=A0 =C2=A0| httpd=C2=A0 |=C2= =A0 =C2=A0| httpd |=C2=A0 =C2=A0 =C2=A0 |
>> > |=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0 1=C2=A0 =C2=A0|=C2=A0 = =C2=A0|=C2=A0 =C2=A02=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0|=C2=A0 =C2=A03=C2= =A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 |
>> > |=C2=A0 =C2=A0 =C2=A0 +------+=C2=A0 =C2=A0+-------+=C2=A0 +-= ------+=C2=A0 =C2=A0 =C2=A0 |
>> > +-------------------------------------------+
>> > +----------------------=C2=A0 +
>> > |=C2=A0 =C2=A0 =C2=A0Firewall Private |
>> > +----------------------=C2=A0 +
>> > +---------------------------------------------+
>> > |=C2=A0 =C2=A0 +--------+=C2=A0 +---------+=C2=A0 +--------+= =C2=A0 =C2=A0 =C2=A0 |
>> > |=C2=A0 =C2=A0 | tomcat|=C2=A0 |tomcat |=C2=A0 =C2=A0|tomcat = |=C2=A0 =C2=A0 =C2=A0 =C2=A0|
>> > |=C2=A0 =C2=A0 |=C2=A0 =C2=A01=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2= =A0 |=C2=A0 =C2=A0 2=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A0|=C2=A0 =C2=A03=C2= =A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 |
>> > |=C2=A0 =C2=A0 +--------+=C2=A0 +---------+=C2=A0 +--------+= =C2=A0 =C2=A0 =C2=A0 |
>> > +---------------------------------------------+
>> >
>> >
>> > We have this working fine with a vanity URL to a VIP on our p= ublic
>> > firewall
>> > --> to the 3 httpd proxy load balancer pool --> to one = of the 3 backend
>> > Tomcat server pool.=C2=A0 We want everything to run over SSL = and the
>> > currently
>> > working config on the httpd servers is basic:
>> >
>> > <VirtualHost _default_:443>
>> >
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ServerName example.com
>> >
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SSLEngine on
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SSLProtocol all -SSLv2 -SSLv= 3
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SSLCipherSuite HIGH:MEDIUM:!= aNULL:!MD5:!SEED:!IDEA
>> >
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SSLCertificateFile /etc/pki/= tls/certs/ssl.crt
>> >
>> > # ------------------------------------------------
>> > # Proxy Load Balancer
>> > # ------------------------------------------------
>> >
>> > <Proxy balancer://mycluster>
>> >
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0BalancerMember https://a= pp1.example.com:9009
>> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0BalancerMember https://a= pp2.example.com:9009
>> >
>> > </Proxy>
>> >
>> > SSLProxyEngine on
>> > SSLProxyVerify none
>> > SSLProxyCheckPeerCN off
>> > SSLProxyCheckPeerName off
>> > SSLProxyCheckPeerExpire off
>> >
>> > ProxyPass / balancer://mycluster/
>> > ProxyPassReverse / balancer://mycluster/
>> >
>> > </VirtualHost>
>> >
>> >
>> > As mentioned, this works fine.=C2=A0 But now we need to dig i= nto the request
>> > management.=C2=A0 I read here:
>> > https://httpd.apache.org/= docs/2.4/mod/mod_proxy_balancer.html that the
>> > scheduler algorithm is provided by 'at least one of':=
>> >
>> > mod_lbmethod_byrequests
>> > mod_lbmethod_bytraffic
>> > mod_lbmethod_bybusyness
>> > mod_lbmethod_heartbeat
>> >
>> > Questions:
>> >
>> > 1. Am I correct in reading 'at least one of' that mul= tiple of these
>> > algorithms can be used together?=C2=A0 If so, is there a hier= archy between
>> > them?
>> >
>> > 2. Does it make sense to use multiple algorithms?
>> >
>> > - It sounds like each could be desirable:
>> > mod_lbmethod_byrequests -> We do want to have an even dist= ribution of
>> > request/sessions.
>> >
>> > mod_lbmethod_bytraffic -> Some requests/sessions could be = more intensive
>> > than others.
>> >
>> > mod_lbmethod_bybusyness -> Sounds similar to byrequests? >> >
>> > mod_lbmethod_heartbeat -> Definately need to backend to be= listening but
>> > would be nice to distribute or overlook a server based upon r= esponse
>> > time.
>> > Is that part of how this works?
>> >
>> > 3. Is using HTTPD mod_proxy_balancer the best way to handle w= hat we are
>> > looking to do?=C2=A0 Or are there better options?
>> >
>> > 4. On the backend we plan on using Tomcat session clustering = for high
>> > availability.=C2=A0 That being the case, would that mean that= we would NOT
>> > want
>> > to use sticky sessions at the HTTPD level in case a backend T= omcat node
>> > goes
>> > offline and the session is picked up on one of the other node= s?
>> >
>> > Sorry if I've confused anything here, any guidance is gre= atly
>> > appreciated.
>> > I'm happy to read any documentation directed to..
>> >
>> > Thanks in advance,
>> >
>> > HB
>> >
>>
>>
>>
>> --
>> Daniel Ferradal
>> HTTPD Docs. I translate to Spanish.
>> #httpd help at Freenode
>>
>> ------------------------------------------------------------<= wbr>---------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>



--
Daniel Ferradal
HTTPD is the best!
#httpd help at Freeno= de

-----------------------------------------------------------------= ----
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


--001a113ce5667db8190566c319eb--