You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Moore <jo...@pdsi-software.com> on 2007/11/13 00:14:28 UTC
Apache/Tomcat/mod_jk over WAN
I have a cluster of Tomcat 5.5 servers that are running Apache 2.2 to
serve static content; mod_jk 1.2.25 connector is used. I am considering
adding apache servers in separate corners of the country to serve the
static content closer to the user. I can not copy Tomcat to each of
these locations. I was thinking of routing the ajp traffic through an
OpenVPN SSL tunnel to the existing tomcat servers. We did some tests and
were surprised that there seemed to be a decent performance increase.
Has anyone had any successes, failures, or gotcha’s doing this?
Would mod_jk solution use less bandwidth than something like mod_proxy
to redirect the tomcat-destined http/s requests?
Any suggestions on stopping user access to a Apache if AJP link to
Tomcat drops?
Thanks,
John
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache/Tomcat/mod_jk over WAN
Posted by Andrew Miehs <an...@2sheds.de>.
On 13/11/2007, at 6:47 AM, nirmala wrote:
> hi
>
>
> I have one question I want to installation procedure for the apache
> tomcat5.5 version in windows XP
Cick, then click, then click, then click.
Andrew
Re: Apache/Tomcat/mod_jk over WAN
Posted by nirmala <ni...@in.ispace.com>.
hi
I have one question I want to installation procedure for the apache
tomcat5.5 version in windows XP
--------------------------------------------------
From: "John Moore" <Jo...@pdsi-software.com>
Sent: Tuesday, November 13, 2007 11:10 AM
To: "Tomcat Users List" <us...@tomcat.apache.org>
Subject: RE: Apache/Tomcat/mod_jk over WAN
>
> Thanks for the input on the timeouts, having run lb connectors in LAN
> environment for years now, I never really ran into this issue or
> stumbled across this document.
>
> What I meant by the stop comment is really in reference to
> fault-tolerance.
>
> [For reference, the current environment has a mesh of 4 machines that
> have redundant hardware load balancers in front of them. To support
> the dynamic content this is needed, but unnecessary and expensive to
> replicate in remote locations that only serve static content.]
>
> If an apache server can't support serving dynamic content, I need to
> re-direct users (as transparently as possible) to a server that can.
> Thinking out loud, I could continue to have dynamic content from
> www.mysite.com and static from static.mysite.com and simply embed the
> full static-site url in the page. Alternatively, as you indicated, if I
> direct them to an error page, I can redirect them to an apache instance
> that's fully functional. Will take a bit more coordinate between apache
> server's maybe using something from the Linux LVS or Linux-HA project.
>
> Thanks again.
> John
>
>
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Monday, November 12, 2007 4:32 PM
> To: Tomcat Users List
> Subject: Re: Apache/Tomcat/mod_jk over WAN
>
> Hi John,
>
> John Moore schrieb:
>>
>> I have a cluster of Tomcat 5.5 servers that are running Apache 2.2 to
>> serve static content; mod_jk 1.2.25 connector is used. I am
> considering
>> adding apache servers in separate corners of the country to serve the
>> static content closer to the user. I can not copy Tomcat to each of
>> these locations. I was thinking of routing the ajp traffic through an
>> OpenVPN SSL tunnel to the existing tomcat servers. We did some tests
> and
>> were surprised that there seemed to be a decent performance increase.
>>
>> Has anyone had any successes, failures, or gotcha's doing this?
>
> No real experience. I heard from a couple of people, who had problems
> with the stability of the tunnel. So using Cping/Cpong etc. could be
> important here. Read the Timeouts docs page
>
> http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html
>
> especially the parts related to firewalls (a dropped VPN tunnel might
> behave similarly to an idle connection drop by a firewall).
>
>> Would mod_jk solution use less bandwidth than something like mod_proxy
>> to redirect the tomcat-destined http/s requests?
>
> I would not expect, that AJP13 gives a big bandwidth benefit. Since you
> are talking about dynamic content only, usually we are in the region of
> about 5-20KB per request, and the savings from the binary encoded HTTP
> headers should be well below 1KB. On the other hand AJP13 response
> packets have a little overhead, so I would expect well below 10%
> reduction in needed bandwidth.
>>
>> Any suggestions on stopping user access to a Apache if AJP link to
>> Tomcat drops?
>
> What do you mean by stop? Presenting well-defined error pages? In case
> mod_jk can not reach Tomcat it should return a 503, sometimes a 504. You
> can define a customized ErrorDocument in httpd for this case.
>
> I would always include an lb worker between Apache and even a single
> Tomcat, because this enables you to get better state information via a
> status worker.
>
>> Thanks,
>> John
>
> Regards,
>
> Rainer
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
DISCLAIMER: This e-mail and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, proprietary, confidential and prohibited from disclosure or unauthorized use under applicable law. If you are not the intended recipient of this e-mail, you are hereby notified that any use, dissemination, or copying of this e-mail or the information contained in this e-mail is strictly prohibited by the sender. If you have received this transmission in error, please return the material received to the sender and delete all copies from your system.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Apache/Tomcat/mod_jk over WAN
Posted by John Moore <Jo...@pdsi-software.com>.
Thanks for the input on the timeouts, having run lb connectors in LAN
environment for years now, I never really ran into this issue or
stumbled across this document.
What I meant by the stop comment is really in reference to
fault-tolerance.
[For reference, the current environment has a mesh of 4 machines that
have redundant hardware load balancers in front of them. To support
the dynamic content this is needed, but unnecessary and expensive to
replicate in remote locations that only serve static content.]
If an apache server can't support serving dynamic content, I need to
re-direct users (as transparently as possible) to a server that can.
Thinking out loud, I could continue to have dynamic content from
www.mysite.com and static from static.mysite.com and simply embed the
full static-site url in the page. Alternatively, as you indicated, if I
direct them to an error page, I can redirect them to an apache instance
that's fully functional. Will take a bit more coordinate between apache
server's maybe using something from the Linux LVS or Linux-HA project.
Thanks again.
John
-----Original Message-----
From: Rainer Jung [mailto:rainer.jung@kippdata.de]
Sent: Monday, November 12, 2007 4:32 PM
To: Tomcat Users List
Subject: Re: Apache/Tomcat/mod_jk over WAN
Hi John,
John Moore schrieb:
>
> I have a cluster of Tomcat 5.5 servers that are running Apache 2.2 to
> serve static content; mod_jk 1.2.25 connector is used. I am
considering
> adding apache servers in separate corners of the country to serve the
> static content closer to the user. I can not copy Tomcat to each of
> these locations. I was thinking of routing the ajp traffic through an
> OpenVPN SSL tunnel to the existing tomcat servers. We did some tests
and
> were surprised that there seemed to be a decent performance increase.
>
> Has anyone had any successes, failures, or gotcha's doing this?
No real experience. I heard from a couple of people, who had problems
with the stability of the tunnel. So using Cping/Cpong etc. could be
important here. Read the Timeouts docs page
http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html
especially the parts related to firewalls (a dropped VPN tunnel might
behave similarly to an idle connection drop by a firewall).
> Would mod_jk solution use less bandwidth than something like mod_proxy
> to redirect the tomcat-destined http/s requests?
I would not expect, that AJP13 gives a big bandwidth benefit. Since you
are talking about dynamic content only, usually we are in the region of
about 5-20KB per request, and the savings from the binary encoded HTTP
headers should be well below 1KB. On the other hand AJP13 response
packets have a little overhead, so I would expect well below 10%
reduction in needed bandwidth.
>
> Any suggestions on stopping user access to a Apache if AJP link to
> Tomcat drops?
What do you mean by stop? Presenting well-defined error pages? In case
mod_jk can not reach Tomcat it should return a 503, sometimes a 504. You
can define a customized ErrorDocument in httpd for this case.
I would always include an lb worker between Apache and even a single
Tomcat, because this enables you to get better state information via a
status worker.
> Thanks,
> John
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache/Tomcat/mod_jk over WAN
Posted by Rainer Jung <ra...@kippdata.de>.
Hi John,
John Moore schrieb:
>
> I have a cluster of Tomcat 5.5 servers that are running Apache 2.2 to
> serve static content; mod_jk 1.2.25 connector is used. I am considering
> adding apache servers in separate corners of the country to serve the
> static content closer to the user. I can not copy Tomcat to each of
> these locations. I was thinking of routing the ajp traffic through an
> OpenVPN SSL tunnel to the existing tomcat servers. We did some tests and
> were surprised that there seemed to be a decent performance increase.
>
> Has anyone had any successes, failures, or gotcha’s doing this?
No real experience. I heard from a couple of people, who had problems
with the stability of the tunnel. So using Cping/Cpong etc. could be
important here. Read the Timeouts docs page
http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html
especially the parts related to firewalls (a dropped VPN tunnel might
behave similarly to an idle connection drop by a firewall).
> Would mod_jk solution use less bandwidth than something like mod_proxy
> to redirect the tomcat-destined http/s requests?
I would not expect, that AJP13 gives a big bandwidth benefit. Since you
are talking about dynamic content only, usually we are in the region of
about 5-20KB per request, and the savings from the binary encoded HTTP
headers should be well below 1KB. On the other hand AJP13 response
packets have a little overhead, so I would expect well below 10%
reduction in needed bandwidth.
>
> Any suggestions on stopping user access to a Apache if AJP link to
> Tomcat drops?
What do you mean by stop? Presenting well-defined error pages? In case
mod_jk can not reach Tomcat it should return a 503, sometimes a 504. You
can define a customized ErrorDocument in httpd for this case.
I would always include an lb worker between Apache and even a single
Tomcat, because this enables you to get better state information via a
status worker.
> Thanks,
> John
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org