安泰信息

Setting up mod_jk with a firewall:

 
Configuring workers.properties:

# Define list of workers that will be used
# for mapping requests
# The configuration directives are valid
# for the mod_jk version 1.2.18 and later
#
worker.list=loadbalancer,status

# Define Node1
# modify the host as your host IP or DNS name.
worker.node1.port=8009
#Using an IP prevents a DNS lookup
worker.node1.host=192.168.1.2
worker.node1.type=ajp13
worker.node1.lbfactor=1
worker.node1.connect_timeout=10000
worker.node1.prepost_timeout=10000
worker.node1.socket_keepalive=True

# Define Node2
# modify the host as your host IP or DNS name.
worker.node2.port=8009
worker.node2.host=192.168.1.3
worker.node2.type=ajp13
worker.node2.lbfactor=1
worker.node2.connect_timeout=10000
worker.node2.prepost_timeout=10000
worker.node2.socket_keepalive=True

# Load-balancing behaviour
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=node1,node2

# Status worker for managing load balancer
worker.status.type=status

 

 

socket_keepalive=true is the most important setting. connect_timeout and

prepost_timeout are to “work-around” firewalls that

ignore keepalives or close the connection for unknown reasons.

 

 

 
Configuring server.xml:

The main concern with server.xml is setting the connectionTimeout which

sets the SO_TIMEOUT of the underlying socket.  So when a connection in

Tomcat hasn’t had a request in the amount of time specified by

connectionTimeout, then the connection dies off.  Why is this a good

thing?…because if the connection hasn’t been used for a certain period of

time then there is the chance that it is half-close on the mod_jk end.

If the connection isn’t closed there will be an inflation of threads

which can over time hit the maxThreads count in Tomcat then Tomcat will

not be able to accept any new connections.

 

When setting connectionTimeout in Tomcat, mod_jk should also have

connect_timeout/prepost_timeout set, which allows detection that the

Tomcat connection has been closed and preventing a retry request.

 

 

<Connector port=”8009″
           address=”${jboss.bind.address}”
           emptySessionPath=”true”
           enableLookups=”false”
           redirectPort=”8443″
           protocol=”AJP/1.3″
           maxThreads=”200″
           connectionTimeout=”60000″></Connector>

 
Configuring Apache

 

Make note that maxThreads for the AJP connection should coincide with

the MaxClients set in Apache’s httpd.conf.  MaxClients needs to be set

in the correct module in Apache. 

 

 

This can be determined by running httpd -V:

 

# httpd -V

Server version: Apache/2.2.3
Server built:   Sep 11 2006 09:43:05
Server’s Module Magic Number: 20051115:3
Server loaded:  APR 1.2.7, APR-Util 1.2.8
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture:   32-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with….
-D APACHE_MPM_DIR=”server/mpm/prefork”
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT=”/etc/httpd”
-D SUEXEC_BIN=”/usr/sbin/suexec”
-D DEFAULT_PIDLOG=”logs/httpd.pid”
-D DEFAULT_SCOREBOARD=”logs/apache_runtime_status”
-D DEFAULT_LOCKFILE=”logs/accept.lock”
-D DEFAULT_ERRORLOG=”logs/error_log”
-D AP_TYPES_CONFIG_FILE=”conf/mime.types”
-D SERVER_CONFIG_FILE=”conf/httpd.conf”

 

Which tells me the Server MPM is Prefork

 

httpd.conf:

<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
MaxClients       200
MaxRequestsPerChild  0
</IfModule>

 

Or if Apache is using worker, it is
<IfModule worker.c>
StartServers         2
MaxClients         200
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

 

MaxRequestsPerChild is 0, this is the recommended value when using

mod_jk as mod_jk keeps open persistent connections.  The key values in

the above configuration are MaxClients and MaxRequestsPerChild, the rest

of the values are left as default.  Note that MaxRequestsPerChild is

recommended to be 0 however the value may need to be greater than 0

depending on if Apache is used for other modules also, especially in the

case of resource leakage.