0

The initial connection to an Apache HTTP Server is taking a very long time (20-40s), but the subsequent connection is very fast (<50ms). I use Apache HTTP Server as a load balancer using mod_proxy_ajp in front of four clustered Tomcat servers.

I tried using Fiddler2 and the result is like this (TCP/IP Connect time is 42s!):

Request Count:   1
Bytes Sent:      553        (headers:553; body:0)
Bytes Received:  409        (headers:201; body:208)

ACTUAL PERFORMANCE
--------------
ClientConnected:    10:47:14.531
ClientBeginRequest: 10:47:14.538
GotRequestHeaders:  10:47:14.538
ClientDoneRequest:  10:47:14.538
Determine Gateway:  0ms
DNS Lookup:         0ms
TCP/IP Connect: 42017ms
HTTPS Handshake:    0ms
ServerConnected:    10:47:56.556
FiddlerBeginRequest:    10:47:56.556
ServerGotRequest:   10:47:56.557
ServerBeginResponse:    10:47:56.583
GotResponseHeaders: 10:47:56.584
ServerDoneResponse: 10:47:56.584
ClientBeginResponse:    10:47:56.584
ClientDoneResponse: 10:47:56.584

Overall Elapsed:    00:00:42.0460000

I have the following setup:

  • All servers are running on Windows Server 2008 R2 with 8GB RAM.
  • 1 Apache HTTP Server (2.4.4) which acts as a load-balancer using mod_proxy_ajp.
  • 4 clustered Apache Tomcat (7.0.14) servers.

This is my httpd.conf:

# ServerRoot
ServerRoot "C:/Apache24"

# Listen on all interfaces on port 80
Listen 80

# Dynamic Shared Object (DSO) - bare minimum modules
LoadModule mime_module      modules/mod_mime.so
LoadModule dir_module       modules/mod_dir.so
LoadModule log_config_module    modules/mod_log_config.so
LoadModule authz_core_module    modules/mod_authz_core.so
LoadModule authz_host_module    modules/mod_authz_host.so

# ServerAdmin
ServerAdmin a@b.com

# ServerName
ServerName www.xxx.com:80

# Deny all access to filesystem
<Directory />
    AllowOverride none
    Require all denied
</Directory>

# DocumentRoot
DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
    Options -Indexes -Includes -ExecCGI -FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

# DirectoryIndex
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

# The following lines prevent .htaccess and .htpasswd files from being  viewed by Web clients. 
<Files ".ht*">
    Require all denied
</Files>

# ErrorLog
ErrorLogFormat "[%{cu}t] [%l|%m] [client %a] %M"
ErrorLog "|bin/rotatelogs.exe logs/error.%Y-%m-%d.log 86400"
LogLevel warn

<IfModule log_config_module>
    # The following directives define some format nicknames for use with a CustomLog directive (see below).
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    # The location and format of the access logfile (Common Logfile Format).
    CustomLog "|bin/rotatelogs.exe logs/access.%Y-%m-%d.log 86400" common
</IfModule>

<IfModule mime_module>
    # TypesConfig points to the file containing the list of mappings from filename extension to MIME-type.
    TypesConfig conf/mime.types
    # AddType allows you to add to or override the MIME configuration file specified in TypesConfig for specific file types.
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

# Defaults: Win32DisableAcceptEx (same), EnableMMAP On, EnableSendfile Off
AcceptFilter https none
AcceptFilter http none
EnableMMAP off
EnableSendfile off

# The following must be present to support starting without SSL on platforms with no /dev/random equivalent but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# Disable info versi server dan header http apache
ServerSignature Off
ServerTokens Prod

# Required Modules for SSL
LoadModule ssl_module       modules/mod_ssl.so
LoadModule setenvif_module      modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule rewrite_module       modules/mod_rewrite.so

# Required Modules for Load Balancing using mod_proxy_ajp
LoadModule status_module        modules/mod_status.so
LoadModule proxy_module         modules/mod_proxy.so
LoadModule proxy_ajp_module     modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

# Konfigurasi SSL
Include conf/extra/httpd-ssl.conf 

# Konfigurasi mpm
Include conf/extra/httpd-mpm.conf 

# Konfigurasi Distributed load balancer
Include conf/extra/httpd-proxy-load-balancer.conf

This is httpd-mpm.conf:

# Server-Pool Management (MPM specific)

# PidFile: The file in which the server should record its process identification number when it starts.
<IfModule !mpm_netware_module>
    PidFile "logs/httpd.pid"
</IfModule>

# WinNT MPM
<IfModule mpm_winnt_module>
    #
    ThreadsPerChild         1500    
    # RAM / 1000?
    MaxConnectionsPerChild  100000
    #
    ThreadStackSize         8242880 
</IfModule>

# The maximum number of free Kbytes that every allocator is allowed to hold without calling free(). 
<IfModule !mpm_netware_module>
    MaxMemFree            2048
</IfModule>

This is httpd-ssl.conf:

# This is the Apache server configuration file providing SSL support.

Listen 443

##  SSL Global Context

#   SSL Cipher Suite:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

#   Pass Phrase Dialog: Configure the pass phrase gathering process.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
SSLSessionCache        "shmcb:C:/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

## SSL Virtual Host Context
<VirtualHost _default_:443>

    #   General setup for the virtual host
    DocumentRoot "C:/Apache24/htdocs"
    ServerName www.xxx.com:443
    ServerAdmin a@b.com

    ErrorLog "|bin/rotatelogs.exe logs/error-ssl.%Y-%m-%d.log 86400"
    TransferLog "|bin/rotatelogs.exe logs/access-ssl.%Y-%m-%d.log 86400"

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   Server Certificate:
    SSLCertificateFile "C:/Apache24/ssl/keystore/exported-pem.crt"

    #   Server Private Key:
    SSLCertificateKeyFile "C:/Apache24/ssl/keystore/exported.key"

    #   Server Certificate Chain:
    SSLCertificateChainFile "C:/Apache24/ssl/intermediate.crt"

    #   SSL Engine Options: Set various options for the SSL engine.
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/Apache24/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    #   Per-Server Logging:
    CustomLog "C:/Apache24/logs/ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  

This is httpd-proxy-load-balancer.conf:

# Reverse Proxy
<Proxy balancer://ajsjava>
    BalancerMember ajp://128.21.32.15:8009 route=128.21.32.15 keepalive=On ttl=60
    BalancerMember ajp://128.21.34.15:8009 route=128.21.34.15 keepalive=On ttl=60
    BalancerMember ajp://128.21.32.16:8009 route=128.21.32.16 keepalive=On ttl=60
    BalancerMember ajp://128.21.34.16:8009 route=128.21.34.16 keepalive=On ttl=60
</Proxy>

ProxyPass /status !
ProxyPass / balancer://ajsjava/ stickysession=JSESSIONID|jsessionid
ProxyPassReverse / balancer://ajsjava/ stickysession=JSESSIONID|jsessionid

# Forward Proxy
ProxyRequests Off

<Proxy *>
    Require all granted
</Proxy>

# Balancer-manager, for monitoring
<Location /balancer>
    SetHandler balancer-manager 

    #localhost
    Require ip 127.0.0.1 
</Location>     

# Server-status, for monitoring
<Location /status>
    SetHandler server-status

    #localhost
    Require ip 127.0.0.1 
</Location>

Everything is working perfectly: load balancing, Tomcat clustering, sticky and session replication, SSL.

Has anyone here encountered this kind of problem in the past? It seems that the initial connection (TCP/IP Connect) time is very long (20-40s).

Addendum: As suggested by @Prasenjit Purohit, I changed every host name into static IP, to avoid DNS lookups, but the problem still exist.

Ladadadada
  • 25,847
  • 7
  • 57
  • 90
Yusuf S
  • 41
  • 1
  • 1
  • 7

1 Answers1

0

Prefer to use IP instead of machine name in balancer configuration. That will make fast resolve initial connection. Alternatively declare static route in hosts file for these machine name. Initial connection includes some extra time for machine name resolve.

  • Hi! Thanks for your reply. I changed every host name into static IP but it seems the problem still exist. Do you have any other suggestions? – Yusuf S Apr 09 '13 at 01:36