You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by KOZMAN Bálint <qz...@ultramarin.hu> on 2008/01/08 16:44:41 UTC
[users@httpd] mod_proxy and keepalive question
Hi there,
I'm experiencing a different behaviour of apache 2.2's mod_proxy compared to
the one in 2.0. From my point of view the main difference is that 2.0 mod_proxy
does not send the "Connection" request header to the backend, while 2.2
mod_proxy always sends "Connection: Close" regardles whether the backend
connection goes through http or https.
The question is if it's possible to use persistent connections from 2.2
mod_proxy to the backend (and thus force mod_proxy to send "keep-alive" in the
Connection header)?
Any help would highly be appreciated, thanks,
Balint
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] mod_proxy and keepalive question
Posted by KOZMAN Balint <qz...@ultramarin.hu>.
Well, yes, I definitely will give that patch a try. Though this way it's
pretty far from getting to production, as it'll take much time while this
patch gets back to the stable branch, and linux distros incorporate them
(etc, etc).
As a workaround I've installed stunnel and wrapped https proxy requests
with it, so now all apache proxypasses use http, where keepalive is OK.
Balint
On Wed, 9 Jan 2008, Axel-Stephane SMORGRAV wrote:
> No it's not (scary).
>
> 1. A patch is available
>
> 2. You can apply it, recompile and test
>
> 3. After having tested, you may comment the PR with the test results
>
>
> -ascs
>
> -----Message d'origine-----
> De : KOZMAN B�lint [mailto:qzy@ultramarin.hu]
> Envoy� : mercredi 9 janvier 2008 11:12
> ? : users@httpd.apache.org
> Objet : RE: [users@httpd] mod_proxy and keepalive question
>
>
> That's scary. Thanks for your help anyway.
>
>
> Cheers,
> Balint
>
>
> On Wed, 9 Jan 2008, Axel-Stephane SMORGRAV wrote:
>
>> I'm sorry, but I did not realise that you were attempting to use SSL to the backend.
>>
>> http://issues.apache.org/bugzilla/show_bug.cgi?id=38602
>>
>> It seems like there is a patch available which has been proposed for backport to 2.2.x. Unfortunately it currently only has one vote... well actually two if you count Jim JAGIELSKI's post to the dev list on last Dec 8.
>>
>> http://www.mail-archive.com/dev@httpd.apache.org/msg38927.html
>>
>> -ascs
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
RE: [users@httpd] mod_proxy and keepalive question
Posted by Axel-Stephane SMORGRAV <Ax...@europe.adp.com>.
No it's not (scary).
1. A patch is available
2. You can apply it, recompile and test
3. After having tested, you may comment the PR with the test results
-ascs
-----Message d'origine-----
De : KOZMAN Bálint [mailto:qzy@ultramarin.hu]
Envoyé : mercredi 9 janvier 2008 11:12
À : users@httpd.apache.org
Objet : RE: [users@httpd] mod_proxy and keepalive question
That's scary. Thanks for your help anyway.
Cheers,
Balint
On Wed, 9 Jan 2008, Axel-Stephane SMORGRAV wrote:
> I'm sorry, but I did not realise that you were attempting to use SSL to the backend.
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38602
>
> It seems like there is a patch available which has been proposed for backport to 2.2.x. Unfortunately it currently only has one vote... well actually two if you count Jim JAGIELSKI's post to the dev list on last Dec 8.
>
> http://www.mail-archive.com/dev@httpd.apache.org/msg38927.html
>
> -ascs
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] mod_proxy and keepalive question
Posted by KOZMAN Bálint <qz...@ultramarin.hu>.
That's scary. Thanks for your help anyway.
Cheers,
Balint
On Wed, 9 Jan 2008, Axel-Stephane SMORGRAV wrote:
> I'm sorry, but I did not realise that you were attempting to use SSL to the backend.
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38602
>
> It seems like there is a patch available which has been proposed for backport to 2.2.x. Unfortunately it currently only has one vote... well actually two if you count Jim JAGIELSKI's post to the dev list on last Dec 8.
>
> http://www.mail-archive.com/dev@httpd.apache.org/msg38927.html
>
> -ascs
>
> -----Message d'origine-----
> De : KOZMAN B�lint [mailto:qzy@ultramarin.hu]
> Envoy� : mercredi 9 janvier 2008 00:28
> ? : users@httpd.apache.org
> Objet : RE: [users@httpd] mod_proxy and keepalive question
>
>
>
>
> This tells me that it's not possible to use persistent connections to https backends in proxy workers, which is strange, as it seemed to be possible in apache 2.0 mod_proxy. Is this correct or I've made a mistake somewhere?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
RE: [users@httpd] mod_proxy and keepalive question
Posted by Axel-Stephane SMORGRAV <Ax...@europe.adp.com>.
I'm sorry, but I did not realise that you were attempting to use SSL to the backend.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38602
It seems like there is a patch available which has been proposed for backport to 2.2.x. Unfortunately it currently only has one vote... well actually two if you count Jim JAGIELSKI's post to the dev list on last Dec 8.
http://www.mail-archive.com/dev@httpd.apache.org/msg38927.html
-ascs
-----Message d'origine-----
De : KOZMAN Bálint [mailto:qzy@ultramarin.hu]
Envoyé : mercredi 9 janvier 2008 00:28
À : users@httpd.apache.org
Objet : RE: [users@httpd] mod_proxy and keepalive question
This tells me that it's not possible to use persistent connections to https backends in proxy workers, which is strange, as it seemed to be possible in apache 2.0 mod_proxy. Is this correct or I've made a mistake somewhere?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] mod_proxy and keepalive question
Posted by KOZMAN Bálint <qz...@ultramarin.hu>.
Hi,
thanks for your notes. Still I don't entirely understand what I see.
Here's how I tested. I've set up 2 virtualhosts on my ubuntu gutsy
notebook (apache 2.2.4, prefork): localhost and localhost-external.
Here's localhost-external:
<VirtualHost 127.0.0.1:80>
ServerAdmin webmaster@localhost
ServerName localhost-external
DocumentRoot /var/www/apache2-default
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
ProxyPass /proxied http://localhost/internal min=30 smax=190 max=200 timeout=120 keepalive=On
ProxyPassReverse /proxied http://localhost/internal
</VirtualHost>
and localhost:
<VirtualHost 127.0.0.1:80>
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /var/www/apache2-default
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
Now I've put a small php script called headers.php to both
/var/www/apache2-default and /var/www/apache2-default/internal, which
dumps all http request header data.
If I open url http://localhost-external/headers.php then, among others,
there's the Connection: keep-alive header. OK, now I open
http://localhost-external/proxied/headers.php, and connection keep-alive
is still there. So keep-alive is OK for http backends.
But if I change the ProxyPass and ProxyPassReverse lines in
localhost-external to use https instead of http (and set up localhost to
serve https), then http://localhost-external/proxied/headers.php shows
that the Connection header value changed to "close".
This tells me that it's not possible to use persistent connections to
https backends in proxy workers, which is strange, as it seemed to be
possible in apache 2.0 mod_proxy. Is this correct or I've made a mistake
somewhere?
Thanks for any help,
Balint
On Tue, 8 Jan 2008, Axel-Stephane SMORGRAV wrote:
> Hi
>
> This is very surprising to me because this is one of the things about 2.2 that I was looking forward to and therefore tested specifically.
>
> Roughly speaking httpd 2.2 creates a connection pool for each ProxyPass. Actually it associates a "worker" (not to be mixed-up with MPM worker workers or worker processes) with each ProxyPass destination, and there is a connection pool associated with each worker. Workers and the associated connections persist across client requests. You may therefore use persistent backend connections even if the client connection is not.
>
> This works fine in 2.2.4. There was however a bug in 2.2.0 http://issues.apache.org/bugzilla/show_bug.cgi?id=38602. If you use rewrite rules for proxying however, the back-end connections will not be persistent because the default worker will be used, and the default worker has only non-persistent connections associated with it. There is a way to de-activate keep-alive for back-end connections: setting the proxy-nokeepalive environment variable (see the "Protocol Adjustments" section of the mod_proxy manual pages).
>
> In 2.0 back-end connections were persistent only of the client connection was so. Back-end connections could not be used to serve requests from different clients.
>
> For further reading, refer to the mailing list archive for last September http://mail-archives.apache.org/mod_mbox/httpd-dev/200709.mbox/thread or my Bugzilla report http://issues.apache.org/bugzilla/show_bug.cgi?id=43308
>
> -ascs
>
> -----Message d'origine-----
> De : KOZMAN B�lint [mailto:qzy@ultramarin.hu]
> Envoy� : mardi 8 janvier 2008 16:45
> ? : users@httpd.apache.org
> Objet : [users@httpd] mod_proxy and keepalive question
>
>
> Hi there,
>
>
> I'm experiencing a different behaviour of apache 2.2's mod_proxy compared to the one in 2.0. From my point of view the main difference is that 2.0 mod_proxy does not send the "Connection" request header to the backend, while 2.2 mod_proxy always sends "Connection: Close" regardles whether the backend connection goes through http or https.
> The question is if it's possible to use persistent connections from 2.2 mod_proxy to the backend (and thus force mod_proxy to send "keep-alive" in the Connection header)?
>
>
> Any help would highly be appreciated, thanks, Balint
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
RE: [users@httpd] mod_proxy and keepalive question
Posted by Axel-Stephane SMORGRAV <Ax...@europe.adp.com>.
Hi
This is very surprising to me because this is one of the things about 2.2 that I was looking forward to and therefore tested specifically.
Roughly speaking httpd 2.2 creates a connection pool for each ProxyPass. Actually it associates a "worker" (not to be mixed-up with MPM worker workers or worker processes) with each ProxyPass destination, and there is a connection pool associated with each worker. Workers and the associated connections persist across client requests. You may therefore use persistent backend connections even if the client connection is not.
This works fine in 2.2.4. There was however a bug in 2.2.0 http://issues.apache.org/bugzilla/show_bug.cgi?id=38602. If you use rewrite rules for proxying however, the back-end connections will not be persistent because the default worker will be used, and the default worker has only non-persistent connections associated with it. There is a way to de-activate keep-alive for back-end connections: setting the proxy-nokeepalive environment variable (see the "Protocol Adjustments" section of the mod_proxy manual pages).
In 2.0 back-end connections were persistent only of the client connection was so. Back-end connections could not be used to serve requests from different clients.
For further reading, refer to the mailing list archive for last September http://mail-archives.apache.org/mod_mbox/httpd-dev/200709.mbox/thread or my Bugzilla report http://issues.apache.org/bugzilla/show_bug.cgi?id=43308
-ascs
-----Message d'origine-----
De : KOZMAN Bálint [mailto:qzy@ultramarin.hu]
Envoyé : mardi 8 janvier 2008 16:45
À : users@httpd.apache.org
Objet : [users@httpd] mod_proxy and keepalive question
Hi there,
I'm experiencing a different behaviour of apache 2.2's mod_proxy compared to the one in 2.0. From my point of view the main difference is that 2.0 mod_proxy does not send the "Connection" request header to the backend, while 2.2 mod_proxy always sends "Connection: Close" regardles whether the backend connection goes through http or https.
The question is if it's possible to use persistent connections from 2.2 mod_proxy to the backend (and thus force mod_proxy to send "keep-alive" in the Connection header)?
Any help would highly be appreciated, thanks, Balint
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org