tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Understanding tomcat + apache and I/O
Date Wed, 29 Nov 2017 14:51:41 GMT
Hash: SHA256

Big Papa,

On 11/29/17 12:06 AM, TurboChargedDad . wrote:
> So.. Thank you for those help me understand the NIO vs BIO in
> tomcat 7..

So now all you have to do is upgrade to Tomcat 8.0 or, even better,
Tomcat 8.5 :)

> I made those changes things have improved quite a bit.  I am still 
> experiencing some weirdness that I have tried to understand but
> can't get a handle on it.

Can you expand on the "weirdness"? I see you have some more details
below but I think you could be more specific.

> Quick overview.. --Proxies-- Apache Proxies (2) - The end user
> terminates SSL at the proxy/edge The proxies use HTTPS/SSL to
> reverse proxy back to the tomcat server. --/Proxies--
> PXY1 & 2 configs for prefork mode. <IfModule prefork.c> 
> StartServers 30 MinSpareServers 15 MaxSpareServers 30 ServerLimit
> 400 MaxClients 400 MaxRequestsPerChild 4000 </IfModule>

If you want high performance, you have to abandon the prefork model
and move to event. Some modules (e.g. mod_php IIRC) don't work
properly with the event model. Think about using your lb with PHP
running on another server as Jim Riggs suggests[1]. You may get better
performance, stability, and fault-tolerance.

> --Tomcat server-- (1) Apache terminates SSL over the top of Tomcat
> on the same server. Reverse proxies to the tomcat server using NIO
> AJP connectors. --/Tomcat server--

Above you say that you are using HTTPS/SSL to connect httpd -> Tomcat.
If you are using AJP then this is not true. So which is it? Are you
using HTTP or AJP as your protocol?

> Tomcat apache prefork mode config: <IfModule prefork.c> 
> StartServers       8 MinSpareServers    5 MaxSpareServers   20 
> ServerLimit      800 MaxClients       800 MaxRequestsPerChild
> 4000 </IfModule>

What does "Tomcat apache prefork mode" mean? The above is an httpd
configuration, not a Tomcat one.

> Typical vhost config for a given tenant would look like this.. 
> <someuser.conf> <VirtualHost
> <>> ServerAdmin
> <> ServerName
> <> ProxyPass /
> ajp://localhost:8126/ retry=3

Okay, now you are using AJP. I think there's definitely some confusion
here as to what is being configured with what.

> Typical tomcat connector thread config : <Connector port="8126" 
> protocol="org.apache.coyote.ajp.AjpNioProtocol"
> redirectPort="8443" maxThreads="300" />

If this is the only <Connector> in Tomcat, then you are 100% using AJP
and not HTTP as your protocol.

Using NIO is the best practice here IMO.

> We are operating a multi-tenant environment.  As of right now, we
> have somewhere around 20 tomcat instances on a large machine of
> which only a handful are "busy".


> It used to be that when any one of them experienced a blocking
> issue. Every one of them went down.  All of their AJP connector
> threads would rise until the system because tomcat was
> unresponsive.

That would be a capacity-planning problem with the httpd proxies. You
probably didn't do your math correctly.

> So far that appears for the most part to be addressed...
Good. Maybe your math is better but it may still be wrong.

> However...  When an issue is experienced.  The site(s)
> experiencing the issue(s) going down doesn't seem to bring down any
> of the other sites. (w00t! w00t!)


> But the httpd connections for each site all still climb together.

That shouldn't happen (of course!).

> (Please see attached graph) Again no outage is experienced buy as 
> demonstrated by the graph attached to this message.

Attachments are stripped. Either post your graph elsewhere or describe
it in words.

> That graph is from zabbix using a custom metric that checks every
> 3 mins..  It does the following for each virtual host / tomcat
> instances
> For user25 : UserParameter=somewebsite.constats,sudo -tt
> /bin/netstat -ntp | grep EST | grep httpd | grep ':8125' | wc -l 
> UserParameter=somewebsite2.constats,sudo -tt /bin/netstat -ntp |
> grep EST | grep httpd | grep ':8126' | wc -l
> So there is virtually no way they can be getting mixed up.  Not to 
> mention that there are a few that do not experience a rise in
> connections.

So the "Weirdness" is that your AJP connection count on the httpd
proxy instances increases across all web servers (or all workers?).
What does mod_proxy's status page say for *each worker*? THAT'S what
you need to compare, not just the total number of connections/threads
on the proxy.

- -chris
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message