Are there any other tuning options, or ideas on this?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
From: jonmcalexander@wellsfargo.com.INVALID <jonmcalexander@wellsfargo.com.INVALID>
Sent: Wednesday, August 3, 2022 3:53 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]
Unfortunately, these updates also didn’t have any affect. Still slow via proxy.
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
From: Beard, Shawn <SBeard@wrberkley.com.INVALID<mailto:SBeard@wrberkley.com.INVALID>>
Sent: Wednesday, August 3, 2022 12:50 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]
Also here is what we use our virtualhost config in apache for this and it works well.
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember
http://server:port<
https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
BalancerMember
http://server:port<
https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/
?
Shawn
Beard
• Sr. Systems Engineer
Middleware Engineering
[cid:image001.png@01D8AB34.5D7BE780]
3840 109th Street
,
Urbandale
,
IA
50322
Phone: +1-515-564-2528<tel:+1-515-564-2528>
Email:
SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
Website:
https://berkleytechnologyservices.com/ Technology Leadership Unleashing Business Potential
From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Wednesday, August 3, 2022 12:14 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]
** CAUTION: External message
Hi Sekhar,
Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.
Thanks,
#-----------httpd-ssl.conf-------------------
# for web instance
Listen 6750
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/path/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex "file:/apps/apache/logs/pid/"
ErrorDocument 500 /ilapp
<VirtualHost _default_:6750>
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLCipherSuite <CIPHER LIST>
SSLHonorCipherOrder on
SSLCertificateFile myapp.cer
SSLCertificateKeyFile myapp.key
SSLCertificateChainFile intermediate.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<IfModule proxy_module>
SSLProxyEngine On
SSLProxyVerify off
SSLProxyCheckPeerName on
SSLProxyCheckPeerCN on
SSLProxyVerifyDepth 5
SSLProxyCACertificateFile intermediate.pem
SSLProxyMachineCertificateFile myappClient.pem
ProxyRequests Off
BalancerPersist On
<Proxy balancer://icluster>
BalancerMember
https://tomcat-server:9999<
https://urldefense.com/v3/__https:/tomcat-server:9999__;!!Li8W9_Um1Taa!9IKmhgNAfimUMkudcZGkIPGRHdeZWQHi1pS1c-NwIjJGx_d5_5_vqWkfZRue0m7gT-lhXgCXGFpJDoEG_kHJRJX2oS4P3yFbCAt1$>
ProxySet lbmethod=bybusyness
ProxySet stickysession=JSESSIONID
ProxySet scolonpathdelim=On
Order Deny,Allow
Deny from none
Allow from all
</Proxy>
ProxyPass /iapp balancer://icluster/iappp
ProxyPassReverse /iapp balancer://icluster/iappp
ProxyPass /idash balancer://icluster/idash
ProxyPassReverse /idash balancer://icluster/idash
</IfModule>
</VirtualHost>
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
From: Suvendu Sekhar Mondal <suv3ndu@gmail.com<mailto:suv3ndu@gmail.com>>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning
Hello Jon,
On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid<mailto:jonmcalexander@wellsfargo.com.invalid>> wrote:
Hi Fellow Travelers!
I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.
Looking for some ideas as to how to improve the performance.
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.