-
1. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
dshifrin Nov 14, 2017 5:41 PM (in response to dshifrin)I found something that is similar to what I am experiencing. Ping timeout acting as worker timeout
-
2. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
rhusar Nov 16, 2017 12:27 PM (in response to dshifrin)Hey. Is this with httpd-based or undertow-based proxy? If the former, have you tried LogLevel debug ?
-
3. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
dshifrin Nov 16, 2017 6:28 PM (in response to dshifrin)Hi Radoslav, We are using httpd. I have the log level set to debug.
After 10 seconds (or whatever the ping value is set to) from when a request comes in I see this in my error.log
[proxy:error] [pid 2244] AH00940: https: disabled connection for (10.105.152.35)
This coincides with when a 2nd request is sent. I found that the 2nd request is empty because I have stickySessionForce set to false. But my question is how to stop the 2nd request from being launched. At the moment I have set Ping to the longest amount of time I expect my requests to take.
I don't see anything obvious in ssl_error_log (we are strictly https) but perhaps I don't know what to look for.
-
4. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
rhusar Nov 20, 2017 1:50 PM (in response to dshifrin)I am trying to refresh my memory here... but do you have EnableOptions in your config? This thing is that the ping should never really fail. It's a simple request just to verify the connection to the worker is still up.
-
5. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
dshifrin Nov 20, 2017 4:16 PM (in response to rhusar)I do not know where to check for EnableOptions, but I do not see it set in any .conf file in my httpd directory.
-
6. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
rhusar Nov 21, 2017 9:45 AM (in response to dshifrin)IIRC if you are not using AJP you need to set EnableOptions (needs no parameters) in your vhost. Fulfils the same role as the CPING/CPONG used by AJP but for HTTP/HTTPS connections. The endpoint needs to implement at least HTTP/1.1.
-
7. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
dshifrin Nov 27, 2017 1:26 PM (in response to rhusar)We are using AJP for multiCast. As far as I know we do not use it for anything else.
-
8. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
rhusar Nov 30, 2017 11:53 AM (in response to dshifrin)David, you seem to be confusing the terms. AJP is binary protocol for communication proxy<->backend server. Multicast is used for discovery of proxy servers by the backend servers.
So in your httpd configuration just add EnableOptions to the virtual host.
-
9. Re: Mod Cluster load balancer sends a 2nd, empty, request after ping timeout
dshifrin Dec 1, 2017 4:07 PM (in response to rhusar)You are correct, I am totally confusing things. I did as you suggested and added EnableOptions to my config. It now looks like this. Unfortunately, the ping timeout setting is till controlling when a failover happens for a request.
# UseAlias break mod cluster in rhel 7
# UseAlias On
MemManagerFile /var/cache/httpd
Maxnode 500
Maxhost 500
### MOD CLUSTER NODE UPDATE SITE
Listen XX.XXX.XXX.XX:PORT
<VirtualHost XX.XXX.XXX.XX:PORT>
<Directory />
Require ip 10.
</Directory>
ServerAdvertise on https://XX.XXX.XXX.XX:PORT
AdvertiseBindAddress XXX.XXX.XXX.XX:PORT
AdvertiseFrequency 2
AdvertiseGroup XXX.XXX.XXX.XXX:PORT
EnableMCPMReceive
ManagerBalancerName MOD_CLUSTER_LB
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLCertificateFile /<path to .crt file>
SSLCertificateKeyFile <path to server key>
SSLCACertificateFile <path to ca cert>
EnableOptions
</VirtualHost>### MOD CLUSTER MGMT SITE
Listen XX.XXX.XXX.XX:PORT
<VirtualHost XX.XXX.XXX.XX:PORT>
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Require ip 10.
</Location>
SSLCertificateFile <path to server crt file>
SSLCertificateKeyFile <path to server key file>
SSLCACertificateFile <path to ca cert>
SSLProxyCACertificateFile <path to ca cert>
SSLProxyEngine on
ProxyPreserveHost on
SSLProtocol -all +TLSv1.2
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
</VirtualHost>
Listen XX.XXX.XXX.XX:PORT
<VirtualHost XX.XXX.XXX.XX:PORT>
SSLCertificateFile <path to server crt file>
SSLCertificateKeyFile <path to server key file>
SSLCACertificateFile <path to ca cert>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug</VirtualHost>
### Adds reverse proxy tls support to default reverse proxy
SSLProxyEngine on
ProxyPreserveHost on
SSLProxyCACertificateFile <path to ca cert>
SSLProtocol -all +TLSv1.2
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off