tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: AW:AJP suddenly Stopps acting: ajp on 7009 and 9009 : connections keept open
Date Fri, 15 Mar 2013 09:44:38 GMT
> David Kumar wrote:
> 
>> Attached you can find our configuration files, maybe you can find a / 
>> some misconfigurations?
>>
> 
> I'll have a look.
> 

Some notes :

- according to the comments in your Apache config file, you are using the "worker MPM". 
But are you sure ? what does "/usr/sbin/apache2ctl -l" say ?

- we are missing the contents of your "/etc/apache2/workers.properties" file
- we are missing the JkMounts or equivalent that you are doing from Apache to Tomcat.
  related questions : you have 2 tomcats. Are you doing load-balancing ? or are you just 
sending some URLs to tomcat1 and other to tomcat2 ?
Are you proxying everything to the tomcats, or is the Apache httpd front-end serving some

URLs on its own ? if so, what proportion ?
- how many hits per second/minute/hour (any of them, approx.) is your server handling ?
- you do not have any specific timeout parameters set in your Tomcat AJP <Connectors>,
  which is basically a good thing : better to leave the defaults in place, than to start 
playing with settings that you do not really understand, and make things worse.

But you do set one :
connectionTimeout="200000". Which sounds extremely high to me.

Re: http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html

It means that when a client connects to that Connector, a Tomcat thread will be started to

handle this connection; then the thread will wait on the connection, to read the request.
If the request does not appear, this thread will still wait, up to 200 seconds (more than

3 minutes !) for this request to appear, before it gives up, closes that connection, and 
goes back to the pool of available threads.
A normal client would not do that, but a badly-intentioned client that tries to create a 
DOS attack on your server, will do that, just to block threads on your server until there

are no more threads available.

In this case, it is even worse, because other parameters are using this same value as a 
default, like : keepAliveTimeout.

This one means that once one request has been processed by this Tomcat thread on that 
connection, the thread will not close this connection, but wait to see if any other 
request appears on that connection from the same client, within the timeout given.
In this case, because it defaults to connectionTimeout, the thread will wait more than 3 
minutes to see if there is another request. If the client (browser) does not send any 
additional request on that connection, you have a thread that is blocked doing nothing, 
for more than 3 minutes.

In this case, the client is in reality the mod_jk module under Apache.  So the settings of

Apache and mod_jk will matter, and I cannot tell exactly at this point what will happen.
But if this was a HTTP Connector open to the external WWW world, what would certainly 
heppen is that you would run out of threads in Tomcat within a couple of minutes, and your

server would stop accepting new requests.

Or to put this another way : if this was a HTTP connector open to the outside world, and I

knew the address of your server, I could bring it down in 3 seconds, using the standard 
"ab" program that comes with Apache.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message