tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)
Date Mon, 08 Aug 2016 16:18:22 GMT
On 08.08.2016 17:48, Mark Eggers wrote:
> Jayaram,
>
> Please don't top post (http://tomcat.apache.org/lists.html#tomcat-users
> item 6).
>
> On 8/8/2016 2:18 AM, Jayaram Ponnusamy wrote:
>> Thanks André,
>>
>> 1. ANS-Question 1 = Both Tomcat & WebServer installed on different
>> Machines, Attached Architecture diagram of our environment. Our
>> Tomcat are configured as Application Clustering, and WebServer1 is
>> pointing to Tomcat1 and WebServer2 is pointing to Tomcat2 Tomcat's IP
>> (Node1): 10.100.0.31 WebServer's IP (Node1): 10.100.15.21
>>
>> Tomcat's IP (Node2): 10.100.0.32 WebServer's IP (Node2):
>> 10.100.15.22
>>
>> 2. ANS-Question 2 = Thanks, Thats fine :)
>>
>> 3. ANS-Question 3 = Attached Architecture diagram for your
>> reference.
>
> Attachments are stripped by the list software. Please do an inline ASCII
> diagram.

This time though, the diagram made it through, at least for me.
It clears things up a bit, but not completely.

It is for example unclear to me, why the front-end Apache server (Virtual Host) would have

a ServerName matching the IP address of the back-end Tomcat server.

ServerName 10.100.0.31

In an Apache httpd configuration, the above seemingly IP-address is not interpreted as an

IP address, but as a literal hostname "10.100.0.31".

But maybe this has to do with something in the way the top front-end F5 load-balancer 
works. (?)

Also, I can easily see some potential problems due to pages coming back from Tomcat, 
containing links to the wrong hostname, so that user clicks never make it back to the same

front-end F5 and/or Apache.

But this is taking us a bit away from the main purpose of this user's list.
The OP stated that when they "access Tomcat directly", things are normal.
But when they access it "through Apache", then things are slow or not happening.
The question is still, what does "accessing through Apache" really mean in this case.
The problem could be at various levels, and we don't have access to them all.

I'll try to figure out some step-by-step procedure and questions, to guide the OP in 
finding out where things block.


>
> Also, in your diagram, please show the location of all involved firewalls.
>
> . . . just my two cents
> /mde/
>
>> Thanks Jayaram
>>
>> On Mon, Aug 8, 2016 at 11:20 AM, André Warnier (tomcat)
>> <aw@ice-sa.com> wrote:
>>
>>> On 08.08.2016 09:14, Jayaram Ponnusamy wrote:
>>>
>>>> Thanks for your Quick & Valuable Response,
>>>>
>>>> 1. ANS-Question 1: No Both Are different Machine, We are using
>>>> VirtualHost configuration
>>>>
>>>
>>> That is not consistent with the configuration that you sent. You
>>> have a ServerName (in Apache) named as "ServerName 10.100.0.31"
>>> (which is not a proof, but a suggestion that the IP of this machine
>>> is 10.100.0.31). And you have this line in workers.properties :
>>> worker.prod_live_svr.host=10.100.0.31 which suggest that Tomcat
>>> answers to the same address. So why are you saying "different
>>> machine" ?
>>>
>>> 2. ANS-Question 2: Kindly please share Optimal Value to Set for
>>>> ConnectionTimeout & KeepAliveTimeout if required
>>>>
>>>
>>> One again, there is no "optimal" value for all cases. But the
>>> default values should cover most of the usual cases. The default
>>> values are the ones that are active if you do not specify the
>>> parameter at all.  So just remove these parameters, and you should
>>> be ok. If there is a problem such as you mention below, it is NOT
>>> because of the default value of these parameters.
>>>
>>> 3. ANS-Question 3: Yes We have Firewall, but there is no rules. I
>>> just
>>>> googled and updated this value to tuning server. Now I removed
>>>>
>>>
>>> Can you draw a simple schema of your configuration ? (ASCII-art)
>>> Showing clearly : - where is the workstation - where is Apache
>>> httpd - where is the firewall - where is Tomcat
>>>
>>> We do not have access to your server, so it is more complicated
>>> for helping you, unless you provide us with precise information.
>>>
>>>
>>> 4. ANS-Question 4: I am new to Apache, While searching in Google,
>>> Based on
>>>> some recommandationI tried. I removed all these items.
>>>>
>>>>
>>> Good.
>>>
>>> Now I am monitoring systems, whether still its closing connections
>>> or not.
>>>>
>>>> sir, While directly using Tomcat URL, pages are loading 1-2
>>>> Seconds, but the same page taking 6-7 Seconds in WebServer URL.
>>>> Also, If I didn't use WebServer URL for 30minutes and hit any
>>>> URL, first time its taking more than 30 Seconds to load a page.
>>>>
>>>> Is there any option to tuning the system.
>>>>
>>>>
>>> See item 3 above. Clearly, you have a problem.  But without knowing
>>> your exact configuration, we can only guess.  Clearly also, it is
>>> not a problem of Tomcat per se. To me, with the little information
>>> available so far, it sounds like it could be a problem with DNS or
>>> routing, but that's just a wild guess so far.
>>>
>>>
>>>
>>>
>>>> On Mon, Aug 8, 2016 at 12:53 AM, André Warnier (tomcat)
>>>> <aw@ice-sa.com> wrote:
>>>>
>>>> On 07.08.2016 11:08, Jayaram Ponnusamy wrote:
>>>>>
>>>>> Hi,
>>>>>> We are using Tomcat 7.0.42.0, AJP/1.3 with Apache 2.2.21.
>>>>>> Connecting Apache to Tomcat as VirtualHost, The Problem is
>>>>>> Apache and Tomcat losing its connection every 20-30 Minutes.
>>>>>> Either We have to hit the WebServer URL multiple times or
>>>>>> Reboot Apache & Tomcat to resolve the issue for short-time.
>>>>>> Also accessing WebServer URL is very very slow than tomcat
>>>>>> URL (Mostly it takes 30-45seconds to load a Page).
>>>>>>
>>>>>> I have added tomcat/Apache configurations below, Kindly
>>>>>> please help me to resolve this issue.
>>>>>>
>>>>>>
>>>>>> Tomcat (Server.xml): <Connector port="9090"
>>>>>>
>>>>>> protocol="HTTP/1.1"
>>>>>
>>>>> connectionTimeout="600000"
>>>>>> redirectPort="8443" URIEncoding="UTF-8"
>>>>>> emptySessionPath="true"/>
>>>>>>
>>>>>>
>>>>> <Connector port="9009" protocol="AJP/1.3" redirectPort="8443"
>>>>>
>>>>>> URIEncoding="UTF-8" connectionTimeout="600000"/>  <------
>>>>>> (*)
>>>>>>
>>>>>>
>>>>>> Apache (Workers.properties): worker.list=prod_live_svr
>>>>>> worker.prod_live_svr.type=ajp13
>>>>>>
>>>>>> worker.prod_live_svr.host=10.100.0.31
>>>>>> worker.prod_live_svr.port=9009
>>>>>> worker.prod_live_svr.lbfactor=50
>>>>>> worker.prod_live_svr.socket_keepalive=1
>>>>>>
>>>>>> worker.prod_live_svr.connection_pool_size=100
>>>>>> worker.prod_live_svr.connection_pool_minsize=50
>>>>>> worker.prod_live_svr.connection_pool_timeout=500
>>>>>>
>>>>>>
>>>>>> VirtualHost.conf: <VirtualHost *:80>
>>>>>>
>>>>>> ServerName 10.100.0.31
>>>>>>
>>>>>>
>>>>>> ErrorLog logs/live/http_error.log RewriteLog
>>>>>> logs/live/http_rewrite.log
>>>>>>
>>>>>> RewriteEngine on RewriteCond %{REMOTE_ADDR}
>>>>>> !^10\.100\.0\.31$ RewriteRule ^/+$ /sites/  [R,L]
>>>>>>
>>>>>> <IfModule rewrite_module> Options +FollowSymlinks
>>>>>> RewriteEngine On
>>>>>>
>>>>>> RewriteOptions Inherit RewriteLog logs/rewrite.log
>>>>>>
>>>>>> </IfModule> JkMount   /*        prod_live_svr
>>>>>>
>>>>>> JkOptions +ForwardURICompatUnparsed
>>>>>>
>>>>>> </VirtualHost>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 1) Question : are Apache httpd and Tomcat on the same machine
>>>>>> ?
>>>>>
>>>>> And if yes, why do you not set
>>>>>
>>>>> worker.prod_live_svr.host=127.0.0.1
>>>>>
>>>>>>
>>>>>>
>>>>> 2) why : connectionTimeout="600000"  (*) That is 5 minutes. By
>>>>> default, "keepAliveTimeout" is also that same value. It means
>>>>> that after a request is processed (and finished) on one
>>>>> instance of a Connector, this Connector will remain "stuck" on
>>>>> the same connection for another 5 minutes, before it gives up
>>>>> and closes it.  That is kind of wasteful.
>>>>>
>>>>> 3) Why this : worker.prod_live_svr.socket_keepalive=1 Do you
>>>>> have a firewall between Apache httpd and Tomcat ?
>>>>>
>>>>> 4) Why these ?
>>>>>
>>>>> worker.prod_live_svr.connection_pool_size=100
>>>>>> worker.prod_live_svr.connection_pool_minsize=50
>>>>>> worker.prod_live_svr.connection_pool_timeout=500
>>>>>>
>>>>>>
>>>>> See :
>>>>> http://tomcat.apache.org/connectors-doc/reference/workers.html
>>>>> --> connection_pool_size --> connection_pool_minsize -->
>>>>> connection_pool_timeout  (see also (*) above)
>>>>>
>>>>> In general (and particularly since you do not seem to be an
>>>>> expert in this kind of configuration), you should not set
>>>>> parameters when you do not understand exactly what they are
>>>>> doing. The default configurations of Apache httpd, Tomcat and
>>>>> AJP are set by experts (who know what they are doing), to
>>>>> values which fit a wide range of realistic use cases.
>>>>>
>>>>> I would suggest to rewrite your configuration as follows :
>>>>>
>>>>> I) Tomcat server.xml :
>>>>>
>>>>> <Connector port="9009" protocol="AJP/1.3" redirectPort="8443"
>>>>> URIEncoding="UTF-8">
>>>>>
>>>>> II) Apache httpd, workers.properties :
>>>>>
>>>>> worker.list=prod_live_svr
>>>>>
>>>>> worker.prod_live_svr.type=ajp13
>>>>> worker.prod_live_svr.host=127.0.0.1
>>>>> worker.prod_live_svr.port=9009
>>>>>
>>>>> -----------------
>>>>>
>>>>> That's it, no other parameters.
>>>>>
>>>>> The Apache-side mod_jk connector module will by default and
>>>>> reasonably set the connection pool size, keepalive and timeout
>>>>> values etc.
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message