You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael Biebl <mb...@gmail.com> on 2009/05/12 14:04:08 UTC
problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Hi,
first of all, I'd like to say hi, as I'm new to the list.
I hope you can help me with the following problem I have.
I run a stock Debian lenny installation with apache 2.2.9 and tomcat 6.0.18
I'm using mod_proxy to forward the request to tomcat using ajp. The
apache vhost configuration looks like this:
<VirtualHost *:80>
...
ProxyRequests Off
ProxyVia On
ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
ProxyPass / ajp://localhost:8009/barcooWebsite/
ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
ProxyPassReverseCookiePath /barcooWebsite /
...
</VirtualHost>
The apache mpm prefork modules is used with the following configuration.
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 200
MaxRequestsPerChild 0
</IfModule>
The tomcat ajp connector configuration is as simple as
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Now, when I get a lot of users access, the http connection via apache
slows down to a crawl
and I get a lot of the following messages in the kernel log:
[2350915.113736] __ratelimit: 11 messages suppressed
[2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping request.
apache and tomcat itself seem to be idling along, and the load is not
that high on the machine.
Has anyone an idea what's going on there?
Thanks in advance for your help,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by Michael Biebl <mb...@gmail.com>.
2009/5/27 Guy Cube <gu...@gmail.com>:
>
> Any found clue for this issue? We are also having similar issue with JBoss
> 4.2.3/Apache 2.2.9 and mod_proxy_ajp.
I haven't found a solution yet. On the other hand, I haven't seen
those issues for some time now. I tried to do some load tests but it
seems I wasn't able to trigger those problems in a reliable way.
>
> On JBoss side, ajp connections are hanging there. in netstat -an we saw
> AJP's tcp connections were in ESTABLISHED state and stay there forever.
I've seen that too, iirc. I had around 400 open connections on
tcp/tcp6 on port 8009.
>
> Can anyone give us clue, how to fix it?
Unfortunately not.
Just curious: Do you also run a Debian lenny kernel?
> Guy
>
>
>
> Michael Biebl-2 wrote:
>>
>> Hi,
>>
>> first of all, I'd like to say hi, as I'm new to the list.
>>
>> I hope you can help me with the following problem I have.
>> I run a stock Debian lenny installation with apache 2.2.9 and tomcat
>> 6.0.18
>> I'm using mod_proxy to forward the request to tomcat using ajp. The
>> apache vhost configuration looks like this:
>>
>> <VirtualHost *:80>
>>
>> ...
>> ProxyRequests Off
>> ProxyVia On
>> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
>> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
>> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
>> ProxyPass / ajp://localhost:8009/barcooWebsite/
>> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
>> ProxyPassReverseCookiePath /barcooWebsite /
>> ...
>>
>> </VirtualHost>
>>
>> The apache mpm prefork modules is used with the following configuration.
>> <IfModule mpm_prefork_module>
>> StartServers 5
>> MinSpareServers 5
>> MaxSpareServers 10
>> MaxClients 200
>> MaxRequestsPerChild 0
>> </IfModule>
>>
>> The tomcat ajp connector configuration is as simple as
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>
>>
>> Now, when I get a lot of users access, the http connection via apache
>> slows down to a crawl
>> and I get a lot of the following messages in the kernel log:
>>
>> [2350915.113736] __ratelimit: 11 messages suppressed
>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
>> request.
>>
>> apache and tomcat itself seem to be idling along, and the load is not
>> that high on the machine.
>>
>> Has anyone an idea what's going on there?
>>
>> Thanks in advance for your help,
>> Michael
>>
>> --
>> Why is it that all of the instruments seeking intelligent life in the
>> universe are pointed away from Earth?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/problems-with-mod_proxy-%28apache-2.2.9%29-and-tomcat-ajp-connector--%286.0.18%29-tp23501257p23737358.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by Guy Cube <gu...@gmail.com>.
Any found clue for this issue? We are also having similar issue with JBoss
4.2.3/Apache 2.2.9 and mod_proxy_ajp.
On JBoss side, ajp connections are hanging there. in netstat -an we saw
AJP's tcp connections were in ESTABLISHED state and stay there forever.
Can anyone give us clue, how to fix it?
Guy
Michael Biebl-2 wrote:
>
> Hi,
>
> first of all, I'd like to say hi, as I'm new to the list.
>
> I hope you can help me with the following problem I have.
> I run a stock Debian lenny installation with apache 2.2.9 and tomcat
> 6.0.18
> I'm using mod_proxy to forward the request to tomcat using ajp. The
> apache vhost configuration looks like this:
>
> <VirtualHost *:80>
>
> ...
> ProxyRequests Off
> ProxyVia On
> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
> ProxyPass / ajp://localhost:8009/barcooWebsite/
> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
> ProxyPassReverseCookiePath /barcooWebsite /
> ...
>
> </VirtualHost>
>
> The apache mpm prefork modules is used with the following configuration.
> <IfModule mpm_prefork_module>
> StartServers 5
> MinSpareServers 5
> MaxSpareServers 10
> MaxClients 200
> MaxRequestsPerChild 0
> </IfModule>
>
> The tomcat ajp connector configuration is as simple as
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> Now, when I get a lot of users access, the http connection via apache
> slows down to a crawl
> and I get a lot of the following messages in the kernel log:
>
> [2350915.113736] __ratelimit: 11 messages suppressed
> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
> request.
>
> apache and tomcat itself seem to be idling along, and the load is not
> that high on the machine.
>
> Has anyone an idea what's going on there?
>
> Thanks in advance for your help,
> Michael
>
> --
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/problems-with-mod_proxy-%28apache-2.2.9%29-and-tomcat-ajp-connector--%286.0.18%29-tp23501257p23737358.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by Rainer Jung <ra...@kippdata.de>.
On 12.05.2009 15:20, Michael Biebl wrote:
> 2009/5/12 André Warnier <aw...@ice-sa.com>:
>> Michael Biebl wrote:
>>> Hi,
>>>
>>> first of all, I'd like to say hi, as I'm new to the list.
>>>
>>> I hope you can help me with the following problem I have.
>>> I run a stock Debian lenny installation with apache 2.2.9 and tomcat
>>> 6.0.18
>>> I'm using mod_proxy to forward the request to tomcat using ajp. The
>>> apache vhost configuration looks like this:
>>>
>>> <VirtualHost *:80>
>>>
>>> ...
>>> ProxyRequests Off
>>> ProxyVia On
>>> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
>>> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
>>> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
>>> ProxyPass / ajp://localhost:8009/barcooWebsite/
>>> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
>>> ProxyPassReverseCookiePath /barcooWebsite /
>>> ...
>>>
>>> </VirtualHost>
>>>
>>> The apache mpm prefork modules is used with the following configuration.
>>> <IfModule mpm_prefork_module>
>>> StartServers 5
>>> MinSpareServers 5
>>> MaxSpareServers 10
>>> MaxClients 200
>>> MaxRequestsPerChild 0
>>> </IfModule>
>>>
>>> The tomcat ajp connector configuration is as simple as
>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>>
>>>
>>> Now, when I get a lot of users access, the http connection via apache
>>> slows down to a crawl
>>> and I get a lot of the following messages in the kernel log:
>>>
>>> [2350915.113736] __ratelimit: 11 messages suppressed
>>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
>>> request.
>>>
>>> apache and tomcat itself seem to be idling along, and the load is not
>>> that high on the machine.
>>>
>>> Has anyone an idea what's going on there?
>>>
>> It seems to be something entorely outside of Apache and Tomcat.
>> I'm no specialist, but a few names come to mind : iptables, denyhosts,
>> SELinux ?
>
> No selinux enabled, no iptables rules loaded, no denyhosts installed.
>
> My guess somehow is, that apache is opening too many ajp connections
> to tomcat...
>
> Michael
Have a look at "netstat -an".
Also check the httpd documentation page about mod_proxy, which contains
lots of additional parameters needed to tune the proxy connection pool
(timeouts, persistent connction pool etc.). Not that mod_proxy_ajp is
not as old as many other httpd components, so there is still active
development and there might be some need to switch to recent versions.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by André Warnier <aw...@ice-sa.com>.
No need to copy me personally, I also get the list.
Michael Biebl wrote:
...
>
> Does anyone know, what the actual kernel limits are? Is that an
> absolute number or connection attempts / per timeframe?
> Is there a way to tweak this settings (e.g. via sysctl)?
>
There I believe you are starting to ask the right questions..
I've asked my own private Debian expert, but he hasn't deigned answering
yet.
>
> I somehow had the impression from reading docs and tutorial on the
> web, that mod_proxy_ajp is favored nowadays over mod_jk.
> (being more actively developed, more flexible and easier to integrate
> into apache)
>
> Is that impression wrong?
>
I'll paraphrase something in some previous post on this list :
I'm now selling hard hats and flak jackets.
Seriously,
I have never used mod_proxy_ajp so I cannot really comment on it.
I have however been using mod_jk for a long time, I am quite satisfied
of it, and have never seen the type of kernel message you mention.
It is being said, very politely and not by me, that mod_jk has a lot
more mileage behind it than mod_proxy_ajp, and that consequently mod_jk
may be more stable than mod_proxy_ajp which, maybe, despite its rapid
improvement in recent versions, still may have some teething problems to
work through.
This is purely hearsay and speculative, you understand ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by Michael Biebl <mb...@gmail.com>.
2009/5/12 André Warnier <aw...@ice-sa.com>:
> Michael Biebl wrote:
>>>>>>
>>>>>> ...
>>>>>> ProxyRequests Off
>>>>>> ProxyVia On
>>>>>> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
>>>>>> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
>>>>>> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
>>>>>> ProxyPass / ajp://localhost:8009/barcooWebsite/
>>>>>> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
>>>>>> ProxyPassReverseCookiePath /barcooWebsite /
>>>>>> ...
>>>>>>
>>
>> As you can see, I have 4 ProxyPass directives. Does that mean that I
>> will get 4 ajp connections from apache to tomcat per user request, ie.
>> if say 200 users are online I have 800 connections open?
>>
> I don't think so. I assume the first matching one will immediately cause
> the proxying to happen for this request.
>
>> Is it correct, that apache uses ipv6 for the ajp connection (as the
>> log is talking about tcpv6)?
>>
> Dunno. I presume that this is because port 8009 is just by default opened
> as IPv6. Though since that whole area is not very clear to me yet, I may be
> talking nonsense here.
>
>>> And it is not Tomcat complaining, it is some other system component that
>>> writes to kernel.log.
>>
>> I know, it's the kernel that is dropping the connections.
>
> So, /what/ in the kernel is dropping connections, and after how many
> connections ?
> I mean, if it is 5000 connections, that "thing" may be right, but maybe this
> limit is set ridicuously low.
Does anyone know, what the actual kernel limits are? Is that an
absolute number or connection attempts / per timeframe?
Is there a way to tweak this settings (e.g. via sysctl)?
>
>> I'm wondering if there is a limit of open ajp connections?
>
> There is obvously a limit set by /something/ as to the number of requests
> for *new* connections to port 8009 within a certain timeframe.
>
> I run a numer of Linux Debian systems, some of them Lenny. I have never
> seen this message before.
> My systems use mod_jk as a connector though, not mod_proxy_ajp.
>
> So maybe you should try mod_jk for a while ? If the problem suddenly
> disappears, then at least you've got a clue.
>
> You should also re-read Rainer's answer. He's THE mod_jk expert on this
> forum.
I somehow had the impression from reading docs and tutorial on the
web, that mod_proxy_ajp is favored nowadays over mod_jk.
(being more actively developed, more flexible and easier to integrate
into apache)
Is that impression wrong?
>
> What about this :
>>>
>>> Other than that, is there any log facility available in mod_proxy_ajp,
>>> which
>>> you could set to "debug" for a while to see what is really going on from
>>> that side ?
>>
> It would be interesting to know how many connections mod_ajp *tries* to
> create.
I'll try to get more solid numbers.
Thanks for the hints so far,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by Michael Biebl <mb...@gmail.com>.
2009/5/12 André Warnier <aw...@ice-sa.com>:
> Michael Biebl wrote:
>>
>> 2009/5/12 André Warnier <aw...@ice-sa.com>:
>>>
>>> Michael Biebl wrote:
>>>>
>>>> Hi,
>>>>
>>>> first of all, I'd like to say hi, as I'm new to the list.
>>>>
>>>> I hope you can help me with the following problem I have.
>>>> I run a stock Debian lenny installation with apache 2.2.9 and tomcat
>>>> 6.0.18
>>>> I'm using mod_proxy to forward the request to tomcat using ajp. The
>>>> apache vhost configuration looks like this:
>>>>
>>>> <VirtualHost *:80>
>>>>
>>>> ...
>>>> ProxyRequests Off
>>>> ProxyVia On
>>>> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
>>>> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
>>>> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
>>>> ProxyPass / ajp://localhost:8009/barcooWebsite/
>>>> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
>>>> ProxyPassReverseCookiePath /barcooWebsite /
>>>> ...
>>>>
>>>> </VirtualHost>
>>>>
>>>> The apache mpm prefork modules is used with the following configuration.
>>>> <IfModule mpm_prefork_module>
>>>> StartServers 5
>>>> MinSpareServers 5
>>>> MaxSpareServers 10
>>>> MaxClients 200
>>>> MaxRequestsPerChild 0
>>>> </IfModule>
>>>>
>>>> The tomcat ajp connector configuration is as simple as
>>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>>>
>>>>
>>>> Now, when I get a lot of users access, the http connection via apache
>>>> slows down to a crawl
>>>> and I get a lot of the following messages in the kernel log:
>>>>
>>>> [2350915.113736] __ratelimit: 11 messages suppressed
>>>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
>>>> request.
>>>>
>>>> apache and tomcat itself seem to be idling along, and the load is not
>>>> that high on the machine.
>>>>
>>>> Has anyone an idea what's going on there?
>>>>
>>> It seems to be something entorely outside of Apache and Tomcat.
>>> I'm no specialist, but a few names come to mind : iptables, denyhosts,
>>> SELinux ?
>>
>> No selinux enabled, no iptables rules loaded, no denyhosts installed.
>>
>> My guess somehow is, that apache is opening too many ajp connections
>> to tomcat...
>>
> Apart from the answer given by Rainer,
>
> "too many" for whom ? or, compared to what ?
>
> Ok, granted, too many for something on your system, since the error messages
> were :
>>>> [2350915.113736] __ratelimit: 11 messages suppressed
>>>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
>>>> request.
>
> Let's take these messages at face value.
> A "SYN" is the first packet that a client sends to a server, to establish a
> connection.
> a "SYN flood" is a type of attack, whereby some nefarious agent will flood
> the server with SYN requests for new connections, trying to bring it down.
> The "_ratelimit" part seems to indicate that there is some rate limit to new
> connections set up in your system. That is usually a parameter defining how
> many new connections can be accepted per minute on some port.
>
> The Apache part of the connector indeed needs to establish connections to
> the back-end Tomcat, in your case to port 8009. If the configuration is very
> deficient, it may need to establish more connections than strictly
> necessary, but not I believe enough to justify a real "SYN flood" suspicion.
>
> As far as I know also - referring to the "too many" bit - Tomcat will
> happily accept hundreds of connections on port 8009, and depending on what
> you run this on, can support hundreds of simultaneous threads processing
> requests.
As you can see, I have 4 ProxyPass directives. Does that mean that I
will get 4 ajp connections from apache to tomcat per user request, ie.
if say 200 users are online I have 800 connections open?
Is it correct, that apache uses ipv6 for the ajp connection (as the
log is talking about tcpv6)?
> And it is not Tomcat complaining, it is some other system component that
> writes to kernel.log.
I know, it's the kernel that is dropping the connections.
I'm wondering if there is a limit of open ajp connections?
> Would you by any chance have something mentioning port 8009 anywhere in
> /etc/network/* ?
No.
> Other than that, is there any log facility available in mod_proxy_ajp, which
> you could set to "debug" for a while to see what is really going on from
> that side ?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by Michael Biebl <mb...@gmail.com>.
2009/5/12 André Warnier <aw...@ice-sa.com>:
> Michael Biebl wrote:
>>
>> Hi,
>>
>> first of all, I'd like to say hi, as I'm new to the list.
>>
>> I hope you can help me with the following problem I have.
>> I run a stock Debian lenny installation with apache 2.2.9 and tomcat
>> 6.0.18
>> I'm using mod_proxy to forward the request to tomcat using ajp. The
>> apache vhost configuration looks like this:
>>
>> <VirtualHost *:80>
>>
>> ...
>> ProxyRequests Off
>> ProxyVia On
>> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
>> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
>> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
>> ProxyPass / ajp://localhost:8009/barcooWebsite/
>> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
>> ProxyPassReverseCookiePath /barcooWebsite /
>> ...
>>
>> </VirtualHost>
>>
>> The apache mpm prefork modules is used with the following configuration.
>> <IfModule mpm_prefork_module>
>> StartServers 5
>> MinSpareServers 5
>> MaxSpareServers 10
>> MaxClients 200
>> MaxRequestsPerChild 0
>> </IfModule>
>>
>> The tomcat ajp connector configuration is as simple as
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>
>>
>> Now, when I get a lot of users access, the http connection via apache
>> slows down to a crawl
>> and I get a lot of the following messages in the kernel log:
>>
>> [2350915.113736] __ratelimit: 11 messages suppressed
>> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping
>> request.
>>
>> apache and tomcat itself seem to be idling along, and the load is not
>> that high on the machine.
>>
>> Has anyone an idea what's going on there?
>>
> It seems to be something entorely outside of Apache and Tomcat.
> I'm no specialist, but a few names come to mind : iptables, denyhosts,
> SELinux ?
No selinux enabled, no iptables rules loaded, no denyhosts installed.
My guess somehow is, that apache is opening too many ajp connections
to tomcat...
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with mod_proxy (apache 2.2.9) and tomcat ajp connector
(6.0.18)
Posted by André Warnier <aw...@ice-sa.com>.
Michael Biebl wrote:
> Hi,
>
> first of all, I'd like to say hi, as I'm new to the list.
>
> I hope you can help me with the following problem I have.
> I run a stock Debian lenny installation with apache 2.2.9 and tomcat 6.0.18
> I'm using mod_proxy to forward the request to tomcat using ajp. The
> apache vhost configuration looks like this:
>
> <VirtualHost *:80>
>
> ...
> ProxyRequests Off
> ProxyVia On
> ProxyPass /t/ ajp://localhost:8009/barcooServer/t/
> ProxyPass /ws/ ajp://localhost:8009/barcooServer/ws/
> ProxyPass /reports/ ajp://localhost:8009/barcooServer/reports/
> ProxyPass / ajp://localhost:8009/barcooWebsite/
> ProxyPassReverse / ajp://localhost:8009/barcooWebsite/
> ProxyPassReverseCookiePath /barcooWebsite /
> ...
>
> </VirtualHost>
>
> The apache mpm prefork modules is used with the following configuration.
> <IfModule mpm_prefork_module>
> StartServers 5
> MinSpareServers 5
> MaxSpareServers 10
> MaxClients 200
> MaxRequestsPerChild 0
> </IfModule>
>
> The tomcat ajp connector configuration is as simple as
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> Now, when I get a lot of users access, the http connection via apache
> slows down to a crawl
> and I get a lot of the following messages in the kernel log:
>
> [2350915.113736] __ratelimit: 11 messages suppressed
> [2350915.113742] TCPv6: Possible SYN flooding on port 8009. Dropping request.
>
> apache and tomcat itself seem to be idling along, and the load is not
> that high on the machine.
>
> Has anyone an idea what's going on there?
>
It seems to be something entorely outside of Apache and Tomcat.
I'm no specialist, but a few names come to mind : iptables, denyhosts,
SELinux ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org