You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Michael Gale <Mi...@pason.com> on 2010/12/14 17:10:58 UTC
[users@httpd] Apache and distcache help
Hello,
Does apache still support distcache?
I am having an issue running Apache, dc_client and dc_server on CentOS 5.2.
I am running the following i386 packages:
httpd-2.2.3-11.el5_2.centos.4
distcache-1.4.5-14.1
I have setup my Apache config file as follows:
SSLPassPhraseDialog builtin
SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
SSLSessionCacheTimeout 3600
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!DHE:!EDH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /hub/certs/localhost.crt
SSLCertificateKeyFile /hub/certs/localhost.key
SSLCertificateChainFile /hub/certs/DigiCertCA.crt
SSLProxyEngine on
Using `openssl s_client –connect host:port –state –reconnect` shows that SSL Session caching is working when I hit the web servers directly, I tested each one individually. However when I hit the load balancer (linux virtual server) and the requests are spread across the web servers the session cache appears to be not working.
I am sure there is a simple solution, running dc_test against the server says everything is working, netstats shows connections are made.
Any suggestions?
Michael
Sent from my iPhone
Re: [users@httpd] DNS Lookups even with HostnameLookups Off
Posted by "Craig A. James" <cj...@emolecules.com>.
On 12/15/10 10:24 AM, Frank Gingras wrote:
>
>
> On 12/15/2010 01:10 PM, Craig A. James wrote:
>> We set "HostnameLookups Off", yet we see many hostnames in both
>> /var/log/apache2/access.log and /var/log/apache2/rewrite log.
>>
>> This is causing huge problems because some of our clients have IP
>> addresses with no DNS entries, and the delay caused by the lookup is
>> enough to trigger a missed TCP/IP ACK packet on the client, resulting in
>> a five-second delay for every single GET request.
>>
>> What, besides "HostnameLookups", can cause Apache to do a DNS lookup?
>>
>> (And yes, I checked HostnameLookups VERY carefully. It is Off in
>> apache2.conf, and doesn't occur anywhere else in the entire disk drive.)
>>
>> Thanks,
>> Craig
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> Craig,
>
> Allow from <hostname> or <VirtualHost <hostname>:<port> > could cause that as well.
Thanks, good point. But we don't do this anywhere. All of our virtual hosts are <VirtualHost *:80> followed by a "ServerName" directive. And all of our "Allow from" are IP addresses.
The odd thing is that only two customers have problems, but both of them are using Windows XP. If we change to "Allow from all", their performance suddenly jumps to normal.
Thanks,
Craig
>
> Frank
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DNS Lookups even with HostnameLookups Off
Posted by Frank Gingras <fr...@gmail.com>.
On 12/15/2010 01:10 PM, Craig A. James wrote:
> We set "HostnameLookups Off", yet we see many hostnames in both
> /var/log/apache2/access.log and /var/log/apache2/rewrite log.
>
> This is causing huge problems because some of our clients have IP
> addresses with no DNS entries, and the delay caused by the lookup is
> enough to trigger a missed TCP/IP ACK packet on the client, resulting in
> a five-second delay for every single GET request.
>
> What, besides "HostnameLookups", can cause Apache to do a DNS lookup?
>
> (And yes, I checked HostnameLookups VERY carefully. It is Off in
> apache2.conf, and doesn't occur anywhere else in the entire disk drive.)
>
> Thanks,
> Craig
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Craig,
Allow from <hostname> or <VirtualHost <hostname>:<port> > could cause
that as well.
Frank
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] DNS Lookups even with HostnameLookups Off
Posted by "Craig A. James" <cj...@emolecules.com>.
We set "HostnameLookups Off", yet we see many hostnames in both /var/log/apache2/access.log and /var/log/apache2/rewrite log.
This is causing huge problems because some of our clients have IP addresses with no DNS entries, and the delay caused by the lookup is enough to trigger a missed TCP/IP ACK packet on the client, resulting in a five-second delay for every single GET request.
What, besides "HostnameLookups", can cause Apache to do a DNS lookup?
(And yes, I checked HostnameLookups VERY carefully. It is Off in apache2.conf, and doesn't occur anywhere else in the entire disk drive.)
Thanks,
Craig
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache and distcache help
Posted by Michael Gale <Mi...@pason.com>.
Hello,
It is a unix socket that dc_client created and I believe that dc_client forwards it to the dc_server.
Michael
Sent from my iPhone
On 2010-12-14, at 5:41 PM, "Nick Kew" <ni...@webthing.com> wrote:
> On Tue, 14 Dec 2010 23:32:09 +0000
> Michael Gale <Mi...@pason.com> wrote:
>
>
>> 2. My understanding is that the Session cache is shared amongst all the web servers so the SessionID would be reused, if that correct?
>
> Erm, I could be missing something, but from your first post:
>
>> SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
>
> Looks like a local filesystem path. What is it in fact?
>
> --
> Nick Kew
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache and distcache help
Posted by Nick Kew <ni...@webthing.com>.
On Tue, 14 Dec 2010 23:32:09 +0000
Michael Gale <Mi...@pason.com> wrote:
> 2. My understanding is that the Session cache is shared amongst all the web servers so the SessionID would be reused, if that correct?
Erm, I could be missing something, but from your first post:
> SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
Looks like a local filesystem path. What is it in fact?
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Apache and distcache help
Posted by Michael Gale <Mi...@pason.com>.
Hello,
In attempting to show improvements in Session Caching I have done the following:
# Against a single web server:
Openssl s_client -connect web-tst-1:443 -state -reconnect > /tmp/mylog.txt 2>&1
Then I would `grep -i reuse /tmp/mylog.txt` and it shows that the session was reused.
# Against the load balancer which is LVS (linux virtual server w/ TUN method)
Openssl s_client -connect lb-web-tst:443 -state -reconnect > /tmp/mylog.txt 2>&1
Then I would `grep -i reuse /tmp/mylog.txt` and it shows that the session was never reused and a new one was created everytime.
I then created a more detailed test using openssl s_client and dumping the session using `-sess_out` and then tried to make follow up calls using `-sess_in` and providing the session ID.
Again if I hit a single server the ID is reused but if I go through the load balancer and the request hit difference servers that session is not reused.
I tried downing a web server behind the load balancer so only 1 server was up and the session was reused.
So I guess I have two questions:
1. Is the manner in which I am testing SSLSessionCache correct?
2. My understanding is that the Session cache is shared amongst all the web servers so the SessionID would be reused, if that correct?
Michael
-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com]
Sent: December 14, 2010 11:59 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache and distcache help
On 14 Dec 2010, at 16:10, Michael Gale wrote:
> Hello,
>
> Does apache still support distcache?
Yes. From Apache 2.3 there's general support and various modules use it.
> I am running the following i386 packages:
> httpd-2.2.3-11.el5_2.centos.4
> distcache-1.4.5-14.1
Can't speak for centos packages, but 2.2.3 is a very old apache version.
> Using `openssl s_client -connect host:port -state -reconnect` shows that SSL Session caching is working when I hit the web servers directly, I tested each one individually. However when I hit the load balancer (linux virtual server) and the requests are spread across the web servers the session cache appears to be not working.
Not working? What is the difference between what you expect and what you see?
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache and distcache help
Posted by Nick Kew <ni...@webthing.com>.
On 14 Dec 2010, at 16:10, Michael Gale wrote:
> Hello,
>
> Does apache still support distcache?
Yes. From Apache 2.3 there's general support and various modules use it.
> I am running the following i386 packages:
> httpd-2.2.3-11.el5_2.centos.4
> distcache-1.4.5-14.1
Can't speak for centos packages, but 2.2.3 is a very old apache version.
> Using `openssl s_client –connect host:port –state –reconnect` shows that SSL Session caching is working when I hit the web servers directly, I tested each one individually. However when I hit the load balancer (linux virtual server) and the requests are spread across the web servers the session cache appears to be not working.
Not working? What is the difference between what you expect and what you see?
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org