You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rainer Jung <ra...@kippdata.de> on 2009/05/12 15:56:11 UTC

Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector (6.0.18)

On 12.05.2009 15:20, Michael Biebl wrote:
> 2009/5/12 André Warnier <aw...@ice-sa.com>:
>> Michael Biebl wrote:
>>> Hi,
>>>
>>> first of all, I'd like to say hi, as I'm new to the list.
>>>
>>> I hope you can help me with the following problem I have.
>>> I run a stock Debian lenny installation with apache 2.2.9 and tomcat
>>> 6.0.18
>>> I'm using mod_proxy to forward the request to tomcat using ajp. The
>>> apache vhost configuration looks like this:
>>>
>>> <VirtualHost *:80>
>>>
>>> ...
>>>        ProxyRequests Off
>>>        ProxyVia On
>>>        ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
>>>        ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
>>>        ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
>>>        ProxyPass / ajp://localhost:8009/barcooWebsite/
>>>        ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
>>>        ProxyPassReverseCookiePath /barcooWebsite /
>>> ...
>>>
>>> </VirtualHost>
>>>
>>> The apache mpm prefork modules is used with the following configuration.
>>> <IfModule mpm_prefork_module>
>>>    StartServers          5
>>>    MinSpareServers       5
>>>    MaxSpareServers      10
>>>    MaxClients          200
>>>    MaxRequestsPerChild   0
>>> </IfModule>
>>>
>>> The tomcat ajp connector configuration is as simple as
>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>>
>>>
>>> Now, when I get a lot of users access, the http connection via apache
>>> slows down to a crawl
>>> and I get a lot of the following messages in the kernel log:
>>>
>>> [2350915.113736] __ratelimit: 11 messages suppressed
>>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
>>> request.
>>>
>>> apache and tomcat itself seem to be idling along, and the load is not
>>> that high on the machine.
>>>
>>> Has anyone an idea what's going on there?
>>>
>> It seems to be something entorely outside of Apache and Tomcat.
>> I'm no specialist, but a few names come to mind : iptables, denyhosts,
>> SELinux ?
> 
> No selinux enabled, no iptables rules loaded, no denyhosts installed.
> 
> My guess somehow is, that apache is opening too many ajp connections
> to tomcat...
> 
> Michael

Have a look at "netstat -an".

Also check the httpd documentation page about mod_proxy, which contains
lots of additional parameters needed to tune the proxy connection pool
(timeouts, persistent connction pool etc.). Not that mod_proxy_ajp is
not as old as many other httpd components, so there is still active
development and there might be some need to switch to recent versions.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org