Version 3
Created by sjmenden on Apr 27, 2007 2:06 PM. Last modified by sjmenden on Aug 2, 2007 8:28 PM.

    Setting up mod_jk with a firewall:

     

     

     

    Configuring workers.properties:

    # Define list of workers that will be used
# for mapping requests
# The configuration directives are valid
# for the mod_jk version 1.2.18 and later
#
worker.list=loadbalancer,status

# Define Node1
# modify the host as your host IP or DNS name.
worker.node1.port=8009
#Using an IP prevents a DNS lookup
worker.node1.host=192.168.1.2
worker.node1.type=ajp13
worker.node1.lbfactor=1
worker.node1.connect_timeout=10000
worker.node1.prepost_timeout=10000
worker.node1.socket_keepalive=True

# Define Node2
# modify the host as your host IP or DNS name.
worker.node2.port=8009
worker.node2.host=192.168.1.3
worker.node2.type=ajp13
worker.node2.lbfactor=1
worker.node2.connect_timeout=10000
worker.node2.prepost_timeout=10000
worker.node2.socket_keepalive=True

# Load-balancing behaviour
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=node1,node2

# Status worker for managing load balancer
worker.status.type=status

     

     

    socket_keepalive=true is the most important setting. connect_timeout and

    prepost_timeout are to "work-around" firewalls that

    ignore keepalives or close the connection for unknown reasons.

     

     

     

    Configuring server.xml:

    The main concern with server.xml is setting the connectionTimeout which

    sets the SO_TIMEOUT of the underlying socket.  So when a connection in

    Tomcat hasn't had a request in the amount of time specified by

    connectionTimeout, then the connection dies off.  Why is this a good

    thing?...because if the connection hasn't been used for a certain period of

    time then there is the chance that it is half-close on the mod_jk end.

    If the connection isn't closed there will be an inflation of threads

    which can over time hit the maxThreads count in Tomcat then Tomcat will

    not be able to accept any new connections.

     

    When setting connectionTimeout in Tomcat, mod_jk should also have

    connect_timeout/prepost_timeout set, which allows detection that the

    Tomcat connection has been closed and preventing a retry request.

     

     

    <Connector port="8009"
           address="${jboss.bind.address}"
           emptySessionPath="true"
           enableLookups="false"
           redirectPort="8443"
           protocol="AJP/1.3"
           maxThreads="200"
           connectionTimeout="60000"></Connector>

     

    Configuring Apache

     

    Make note that maxThreads for the AJP connection should coincide with

    the MaxClients set in Apache's httpd.conf.  MaxClients needs to be set

    in the correct module in Apache.  

     

     

    This can be determined by running httpd -V:

     

    # httpd -V

Server version: Apache/2.2.3
Server built:   Sep 11 2006 09:43:05
Server's Module Magic Number: 20051115:3
Server loaded:  APR 1.2.7, APR-Util 1.2.8
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture:   32-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

     

    Which tells me the Server MPM is Prefork

     

    httpd.conf:

    <IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
MaxClients       200
MaxRequestsPerChild  0
</IfModule>

     

    Or if Apache is using worker, it is
<IfModule worker.c>
StartServers         2
MaxClients         200
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

     

    MaxRequestsPerChild is 0, this is the recommended value when using

    mod_jk as mod_jk keeps open persistent connections.  The key values in

    the above configuration are MaxClients and MaxRequestsPerChild, the rest

    of the values are left as default.  Note that MaxRequestsPerChild is

    recommended to be 0 however the value may need to be greater than 0

    depending on if Apache is used for other modules also, especially in the

    case of resource leakage.

     

     

     

     

    Referenced by:

     

     

     

    9216 Views Categories: Tags: