The initial connection to an Apache HTTP Server is taking a very long time (20-40s), but the subsequent connection is very fast (<50ms). I use Apache HTTP Server as a load balancer using mod_proxy_ajp in front of four clustered Tomcat servers.
I tried using Fiddler2 and the result is like this (TCP/IP Connect time is 42s!):
Request Count: 1
Bytes Sent: 553 (headers:553; body:0)
Bytes Received: 409 (headers:201; body:208)
ACTUAL PERFORMANCE
--------------
ClientConnected: 10:47:14.531
ClientBeginRequest: 10:47:14.538
GotRequestHeaders: 10:47:14.538
ClientDoneRequest: 10:47:14.538
Determine Gateway: 0ms
DNS Lookup: 0ms
TCP/IP Connect: 42017ms
HTTPS Handshake: 0ms
ServerConnected: 10:47:56.556
FiddlerBeginRequest: 10:47:56.556
ServerGotRequest: 10:47:56.557
ServerBeginResponse: 10:47:56.583
GotResponseHeaders: 10:47:56.584
ServerDoneResponse: 10:47:56.584
ClientBeginResponse: 10:47:56.584
ClientDoneResponse: 10:47:56.584
Overall Elapsed: 00:00:42.0460000
I have the following setup:
- All servers are running on Windows Server 2008 R2 with 8GB RAM.
- 1 Apache HTTP Server (2.4.4) which acts as a load-balancer using mod_proxy_ajp.
- 4 clustered Apache Tomcat (7.0.14) servers.
This is my httpd.conf:
# ServerRoot
ServerRoot "C:/Apache24"
# Listen on all interfaces on port 80
Listen 80
# Dynamic Shared Object (DSO) - bare minimum modules
LoadModule mime_module modules/mod_mime.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
# ServerAdmin
ServerAdmin a@b.com
# ServerName
ServerName www.xxx.com:80
# Deny all access to filesystem
<Directory />
AllowOverride none
Require all denied
</Directory>
# DocumentRoot
DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
Options -Indexes -Includes -ExecCGI -FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# DirectoryIndex
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# ErrorLog
ErrorLogFormat "[%{cu}t] [%l|%m] [client %a] %M"
ErrorLog "|bin/rotatelogs.exe logs/error.%Y-%m-%d.log 86400"
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
CustomLog "|bin/rotatelogs.exe logs/access.%Y-%m-%d.log 86400" common
</IfModule>
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration file specified in TypesConfig for specific file types.
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
# Defaults: Win32DisableAcceptEx (same), EnableMMAP On, EnableSendfile Off
AcceptFilter https none
AcceptFilter http none
EnableMMAP off
EnableSendfile off
# The following must be present to support starting without SSL on platforms with no /dev/random equivalent but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# Disable info versi server dan header http apache
ServerSignature Off
ServerTokens Prod
# Required Modules for SSL
LoadModule ssl_module modules/mod_ssl.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule rewrite_module modules/mod_rewrite.so
# Required Modules for Load Balancing using mod_proxy_ajp
LoadModule status_module modules/mod_status.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
# Konfigurasi SSL
Include conf/extra/httpd-ssl.conf
# Konfigurasi mpm
Include conf/extra/httpd-mpm.conf
# Konfigurasi Distributed load balancer
Include conf/extra/httpd-proxy-load-balancer.conf
This is httpd-mpm.conf:
# Server-Pool Management (MPM specific)
# PidFile: The file in which the server should record its process identification number when it starts.
<IfModule !mpm_netware_module>
PidFile "logs/httpd.pid"
</IfModule>
# WinNT MPM
<IfModule mpm_winnt_module>
#
ThreadsPerChild 1500
# RAM / 1000?
MaxConnectionsPerChild 100000
#
ThreadStackSize 8242880
</IfModule>
# The maximum number of free Kbytes that every allocator is allowed to hold without calling free().
<IfModule !mpm_netware_module>
MaxMemFree 2048
</IfModule>
This is httpd-ssl.conf:
# This is the Apache server configuration file providing SSL support.
Listen 443
## SSL Global Context
# SSL Cipher Suite:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Pass Phrase Dialog: Configure the pass phrase gathering process.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
SSLSessionCache "shmcb:C:/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
## SSL Virtual Host Context
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/Apache24/htdocs"
ServerName www.xxx.com:443
ServerAdmin a@b.com
ErrorLog "|bin/rotatelogs.exe logs/error-ssl.%Y-%m-%d.log 86400"
TransferLog "|bin/rotatelogs.exe logs/access-ssl.%Y-%m-%d.log 86400"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Certificate:
SSLCertificateFile "C:/Apache24/ssl/keystore/exported-pem.crt"
# Server Private Key:
SSLCertificateKeyFile "C:/Apache24/ssl/keystore/exported.key"
# Server Certificate Chain:
SSLCertificateChainFile "C:/Apache24/ssl/intermediate.crt"
# SSL Engine Options: Set various options for the SSL engine.
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog "C:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
This is httpd-proxy-load-balancer.conf:
# Reverse Proxy
<Proxy balancer://ajsjava>
BalancerMember ajp://128.21.32.15:8009 route=128.21.32.15 keepalive=On ttl=60
BalancerMember ajp://128.21.34.15:8009 route=128.21.34.15 keepalive=On ttl=60
BalancerMember ajp://128.21.32.16:8009 route=128.21.32.16 keepalive=On ttl=60
BalancerMember ajp://128.21.34.16:8009 route=128.21.34.16 keepalive=On ttl=60
</Proxy>
ProxyPass /status !
ProxyPass / balancer://ajsjava/ stickysession=JSESSIONID|jsessionid
ProxyPassReverse / balancer://ajsjava/ stickysession=JSESSIONID|jsessionid
# Forward Proxy
ProxyRequests Off
<Proxy *>
Require all granted
</Proxy>
# Balancer-manager, for monitoring
<Location /balancer>
SetHandler balancer-manager
#localhost
Require ip 127.0.0.1
</Location>
# Server-status, for monitoring
<Location /status>
SetHandler server-status
#localhost
Require ip 127.0.0.1
</Location>
Everything is working perfectly: load balancing, Tomcat clustering, sticky and session replication, SSL.
Has anyone here encountered this kind of problem in the past? It seems that the initial connection (TCP/IP Connect) time is very long (20-40s).
Addendum: As suggested by @Prasenjit Purohit, I changed every host name into static IP, to avoid DNS lookups, but the problem still exist.