Mailing List Archive

mod_proxy_http tuning
Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
Re: mod_proxy_http tuning [ In reply to ]
Hello Jon,

On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid> wrote:

> Hi Fellow Travelers!
>
>
>
> I have an application team that is seeing dismal performance when
> utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a
> back-end Tomcat server over SSL. If they bypass the Apache and go direct to
> Tomcat, everything is nice and fast. However, if they do the same actions
> via the proxy, it takes 3 to 4 minutes to render the pages, that is if they
> even display.
>
This is way too slow! Can you please share httpd configuration? Especially
load balancer and compression part.

>
>
> Looking for some ideas as to how to improve the performance.
>
>
>
> Thanks,
>
>
>
> *Dream * Excel * Explore * Inspire*
>
> Jon McAlexander
>
> Senior Infrastructure Engineer
>
> Asst. Vice President
>
> He/His
>
>
>
> Middleware Product Engineering
>
> Enterprise CIO | EAS | Middleware | Infrastructure Solutions
>
>
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
>
> Tel 515-988-2508 | Cell 515-988-2508
>
>
>
> jonmcalexander@wellsfargo.com
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
>
>
>
RE: mod_proxy_http tuning [ In reply to ]
Hi Sekhar,

Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.

Thanks,

#-----------httpd-ssl.conf-------------------

# for web instance

Listen 6750
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/path/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex "file:/apps/apache/logs/pid/"

ErrorDocument 500 /ilapp

<VirtualHost _default_:6750>
SSLEngine on

SSLProtocol -all +TLSv1.2
SSLCipherSuite <CIPHER LIST>
SSLHonorCipherOrder on

SSLCertificateFile myapp.cer
SSLCertificateKeyFile myapp.key
SSLCertificateChainFile intermediate.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>


BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

<IfModule proxy_module>

SSLProxyEngine On
SSLProxyVerify off
SSLProxyCheckPeerName on
SSLProxyCheckPeerCN on
SSLProxyVerifyDepth 5
SSLProxyCACertificateFile intermediate.pem
SSLProxyMachineCertificateFile myappClient.pem
ProxyRequests Off
BalancerPersist On

<Proxy balancer://icluster>
BalancerMember https://tomcat-server:9999

ProxySet lbmethod=bybusyness
ProxySet stickysession=JSESSIONID
ProxySet scolonpathdelim=On

Order Deny,Allow
Deny from none
Allow from all
</Proxy>

ProxyPass /iapp balancer://icluster/iappp
ProxyPassReverse /iapp balancer://icluster/iappp

ProxyPass /idash balancer://icluster/idash
ProxyPassReverse /idash balancer://icluster/idash

</IfModule>

</VirtualHost>

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Suvendu Sekhar Mondal <suv3ndu@gmail.com>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] mod_proxy_http tuning

Hello Jon,
On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid<mailto:jonmcalexander@wellsfargo.com.invalid>> wrote:
Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Try adding this to the tomcat connector you are using in the server.xml if you don’t already have it and restart tomcat.
proxyName="your.url.com"
proxyPort="your ssl port"
scheme="https"
secure="true"


?
Shawn Beard • Sr. Systems Engineer
Middleware Engineering
[cid:image459153.png@043442C3.FA92F072]
3840 109th Street , Urbandale , IA 50322
Phone: +1-515-564-2528<tel:+1-515-564-2528>
Email: SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
Website: https://berkleytechnologyservices.com/
[cid:image241153.jpg@D52CEF9A.1E77E9C3]
Technology Leadership Unleashing Business Potential


From: jonmcalexander@wellsfargo.com.INVALID <jonmcalexander@wellsfargo.com.INVALID>
Sent: Tuesday, August 2, 2022 10:50 AM
To: users@httpd.apache.org
Subject: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message

Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Also here is what we use our virtualhost config in apache for this and it works well.

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember http://server:port route=yourjvmroute connectiontimeout=600 timeout=1200
BalancerMember http://server:port route=yourjvmroute connectiontimeout=600 timeout=1200
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/


?
Shawn Beard • Sr. Systems Engineer
Middleware Engineering
[cid:image744880.png@CB9D4868.C5E85FBD]
3840 109th Street , Urbandale , IA 50322
Phone: +1-515-564-2528<tel:+1-515-564-2528>
Email: SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
Website: https://berkleytechnologyservices.com/
[cid:image177720.jpg@041583EB.14B9DA96]
Technology Leadership Unleashing Business Potential


From: jonmcalexander@wellsfargo.com.INVALID <jonmcalexander@wellsfargo.com.INVALID>
Sent: Wednesday, August 3, 2022 12:14 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message

Hi Sekhar,

Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.

Thanks,

#-----------httpd-ssl.conf-------------------

# for web instance

Listen 6750
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/path/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex "file:/apps/apache/logs/pid/"

ErrorDocument 500 /ilapp

<VirtualHost _default_:6750>
SSLEngine on

SSLProtocol -all +TLSv1.2
SSLCipherSuite <CIPHER LIST>
SSLHonorCipherOrder on

SSLCertificateFile myapp.cer
SSLCertificateKeyFile myapp.key
SSLCertificateChainFile intermediate.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>


BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

<IfModule proxy_module>

SSLProxyEngine On
SSLProxyVerify off
SSLProxyCheckPeerName on
SSLProxyCheckPeerCN on
SSLProxyVerifyDepth 5
SSLProxyCACertificateFile intermediate.pem
SSLProxyMachineCertificateFile myappClient.pem
ProxyRequests Off
BalancerPersist On

<Proxy balancer://icluster>
BalancerMember https://tomcat-server:9999<https://urldefense.com/v3/__https:/tomcat-server:9999__;!!Li8W9_Um1Taa!9IKmhgNAfimUMkudcZGkIPGRHdeZWQHi1pS1c-NwIjJGx_d5_5_vqWkfZRue0m7gT-lhXgCXGFpJDoEG_kHJRJX2oS4P3yFbCAt1$>

ProxySet lbmethod=bybusyness
ProxySet stickysession=JSESSIONID
ProxySet scolonpathdelim=On

Order Deny,Allow
Deny from none
Allow from all
</Proxy>

ProxyPass /iapp balancer://icluster/iappp
ProxyPassReverse /iapp balancer://icluster/iappp

ProxyPass /idash balancer://icluster/idash
ProxyPassReverse /idash balancer://icluster/idash

</IfModule>

</VirtualHost>

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Suvendu Sekhar Mondal <suv3ndu@gmail.com<mailto:suv3ndu@gmail.com>>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning

Hello Jon,
On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid<mailto:jonmcalexander@wellsfargo.com.invalid>> wrote:
Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Thanks,

Do you have any suggestions for a setup where siteminder is also involved as far as passing 2 cookies for Session?

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Beard, Shawn <SBeard@wrberkley.com.INVALID>
Sent: Wednesday, August 3, 2022 12:50 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Also here is what we use our virtualhost config in apache for this and it works well.

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember http://server:port<https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
BalancerMember http://server:port<https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/


?

Shawn

Beard

• Sr. Systems Engineer


Middleware Engineering


[cid:image002.png@01D8A739.B534CAE0]

3840 109th Street

,

Urbandale

,

IA

50322


Phone: +1-515-564-2528<tel:+1-515-564-2528>

Email:

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


Website: https://berkleytechnologyservices.com/








Technology Leadership Unleashing Business Potential








From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Wednesday, August 3, 2022 12:14 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


Hi Sekhar,

Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.

Thanks,

#-----------httpd-ssl.conf-------------------

# for web instance

Listen 6750
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/path/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex "file:/apps/apache/logs/pid/"

ErrorDocument 500 /ilapp

<VirtualHost _default_:6750>
SSLEngine on

SSLProtocol -all +TLSv1.2
SSLCipherSuite <CIPHER LIST>
SSLHonorCipherOrder on

SSLCertificateFile myapp.cer
SSLCertificateKeyFile myapp.key
SSLCertificateChainFile intermediate.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>


BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

<IfModule proxy_module>

SSLProxyEngine On
SSLProxyVerify off
SSLProxyCheckPeerName on
SSLProxyCheckPeerCN on
SSLProxyVerifyDepth 5
SSLProxyCACertificateFile intermediate.pem
SSLProxyMachineCertificateFile myappClient.pem
ProxyRequests Off
BalancerPersist On

<Proxy balancer://icluster>
BalancerMember https://tomcat-server:9999<https://urldefense.com/v3/__https:/tomcat-server:9999__;!!Li8W9_Um1Taa!9IKmhgNAfimUMkudcZGkIPGRHdeZWQHi1pS1c-NwIjJGx_d5_5_vqWkfZRue0m7gT-lhXgCXGFpJDoEG_kHJRJX2oS4P3yFbCAt1$>

ProxySet lbmethod=bybusyness
ProxySet stickysession=JSESSIONID
ProxySet scolonpathdelim=On

Order Deny,Allow
Deny from none
Allow from all
</Proxy>

ProxyPass /iapp balancer://icluster/iappp
ProxyPassReverse /iapp balancer://icluster/iappp

ProxyPass /idash balancer://icluster/idash
ProxyPassReverse /idash balancer://icluster/idash

</IfModule>

</VirtualHost>

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Suvendu Sekhar Mondal <suv3ndu@gmail.com<mailto:suv3ndu@gmail.com>>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning

Hello Jon,
On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid<mailto:jonmcalexander@wellsfargo.com.invalid>> wrote:
Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
We have added the proxyName and proxyPort to no avail.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Beard, Shawn <SBeard@wrberkley.com.INVALID>
Sent: Wednesday, August 3, 2022 12:42 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Try adding this to the tomcat connector you are using in the server.xml if you don’t already have it and restart tomcat.
proxyName="your.url.com"
proxyPort="your ssl port"
scheme="https"
secure="true"


?

Shawn

Beard

• Sr. Systems Engineer


Middleware Engineering


[cid:image002.png@01D8A748.7E0E2610]

3840 109th Street

,

Urbandale

,

IA

50322


Phone: +1-515-564-2528<tel:+1-515-564-2528>

Email:

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


Website: https://berkleytechnologyservices.com/








Technology Leadership Unleashing Business Potential








From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Tuesday, August 2, 2022 10:50 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Unfortunately, these updates also didn’t have any affect. Still slow via proxy.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Beard, Shawn <SBeard@wrberkley.com.INVALID>
Sent: Wednesday, August 3, 2022 12:50 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Also here is what we use our virtualhost config in apache for this and it works well.

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember http://server:port<https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
BalancerMember http://server:port<https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/


?

Shawn

Beard

• Sr. Systems Engineer


Middleware Engineering


[cid:image002.png@01D8A751.1AFD0A10]

3840 109th Street

,

Urbandale

,

IA

50322


Phone: +1-515-564-2528<tel:+1-515-564-2528>

Email:

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


Website: https://berkleytechnologyservices.com/








Technology Leadership Unleashing Business Potential








From: jonmcalexander@wellsfargo.com.INVALID <jonmcalexander@wellsfargo.com.INVALID>
Sent: Wednesday, August 3, 2022 12:14 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


Hi Sekhar,

Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.

Thanks,

#-----------httpd-ssl.conf-------------------

# for web instance

Listen 6750
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/path/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex "file:/apps/apache/logs/pid/"

ErrorDocument 500 /ilapp

<VirtualHost _default_:6750>
SSLEngine on

SSLProtocol -all +TLSv1.2
SSLCipherSuite <CIPHER LIST>
SSLHonorCipherOrder on

SSLCertificateFile myapp.cer
SSLCertificateKeyFile myapp.key
SSLCertificateChainFile intermediate.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>


BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

<IfModule proxy_module>

SSLProxyEngine On
SSLProxyVerify off
SSLProxyCheckPeerName on
SSLProxyCheckPeerCN on
SSLProxyVerifyDepth 5
SSLProxyCACertificateFile intermediate.pem
SSLProxyMachineCertificateFile myappClient.pem
ProxyRequests Off
BalancerPersist On

<Proxy balancer://icluster>
BalancerMember https://tomcat-server:9999<https://urldefense.com/v3/__https:/tomcat-server:9999__;!!Li8W9_Um1Taa!9IKmhgNAfimUMkudcZGkIPGRHdeZWQHi1pS1c-NwIjJGx_d5_5_vqWkfZRue0m7gT-lhXgCXGFpJDoEG_kHJRJX2oS4P3yFbCAt1$>

ProxySet lbmethod=bybusyness
ProxySet stickysession=JSESSIONID
ProxySet scolonpathdelim=On

Order Deny,Allow
Deny from none
Allow from all
</Proxy>

ProxyPass /iapp balancer://icluster/iappp
ProxyPassReverse /iapp balancer://icluster/iappp

ProxyPass /idash balancer://icluster/idash
ProxyPassReverse /idash balancer://icluster/idash

</IfModule>

</VirtualHost>

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Suvendu Sekhar Mondal <suv3ndu@gmail.com<mailto:suv3ndu@gmail.com>>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning

Hello Jon,
On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid<mailto:jonmcalexander@wellsfargo.com.invalid>> wrote:
Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Are there any other tuning options, or ideas on this?

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: jonmcalexander@wellsfargo.com.INVALID <jonmcalexander@wellsfargo.com.INVALID>
Sent: Wednesday, August 3, 2022 3:53 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Unfortunately, these updates also didn’t have any affect. Still slow via proxy.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Beard, Shawn <SBeard@wrberkley.com.INVALID<mailto:SBeard@wrberkley.com.INVALID>>
Sent: Wednesday, August 3, 2022 12:50 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Also here is what we use our virtualhost config in apache for this and it works well.

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember http://server:port<https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
BalancerMember http://server:port<https://urldefense.com/v3/__http:/server:port__;!!F9svGWnIaVPGSwU!pdf20dXoFEYxmmvxfxFAmV4biI9XflG8PqTT_PsUk3OK2zIhb7zYu7xy8ENrMnzS_4IXE_D0Dplc_zQa4LjjX5tgC2xm9S9L$> route=yourjvmroute connectiontimeout=600 timeout=1200
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/


?

Shawn

Beard

• Sr. Systems Engineer


Middleware Engineering


[cid:image001.png@01D8AB34.5D7BE780]

3840 109th Street

,

Urbandale

,

IA

50322


Phone: +1-515-564-2528<tel:+1-515-564-2528>

Email:

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


Website: https://berkleytechnologyservices.com/








Technology Leadership Unleashing Business Potential








From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Wednesday, August 3, 2022 12:14 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


Hi Sekhar,

Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.

Thanks,

#-----------httpd-ssl.conf-------------------

# for web instance

Listen 6750
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/path/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex "file:/apps/apache/logs/pid/"

ErrorDocument 500 /ilapp

<VirtualHost _default_:6750>
SSLEngine on

SSLProtocol -all +TLSv1.2
SSLCipherSuite <CIPHER LIST>
SSLHonorCipherOrder on

SSLCertificateFile myapp.cer
SSLCertificateKeyFile myapp.key
SSLCertificateChainFile intermediate.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>


BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

<IfModule proxy_module>

SSLProxyEngine On
SSLProxyVerify off
SSLProxyCheckPeerName on
SSLProxyCheckPeerCN on
SSLProxyVerifyDepth 5
SSLProxyCACertificateFile intermediate.pem
SSLProxyMachineCertificateFile myappClient.pem
ProxyRequests Off
BalancerPersist On

<Proxy balancer://icluster>
BalancerMember https://tomcat-server:9999<https://urldefense.com/v3/__https:/tomcat-server:9999__;!!Li8W9_Um1Taa!9IKmhgNAfimUMkudcZGkIPGRHdeZWQHi1pS1c-NwIjJGx_d5_5_vqWkfZRue0m7gT-lhXgCXGFpJDoEG_kHJRJX2oS4P3yFbCAt1$>

ProxySet lbmethod=bybusyness
ProxySet stickysession=JSESSIONID
ProxySet scolonpathdelim=On

Order Deny,Allow
Deny from none
Allow from all
</Proxy>

ProxyPass /iapp balancer://icluster/iappp
ProxyPassReverse /iapp balancer://icluster/iappp

ProxyPass /idash balancer://icluster/idash
ProxyPassReverse /idash balancer://icluster/idash

</IfModule>

</VirtualHost>

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Suvendu Sekhar Mondal <suv3ndu@gmail.com<mailto:suv3ndu@gmail.com>>
Sent: Tuesday, August 2, 2022 12:03 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning

Hello Jon,
On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid<mailto:jonmcalexander@wellsfargo.com.invalid>> wrote:
Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
Re: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Thank you for your help

On Wed, Aug 3, 2022, 10:42 AM Beard, Shawn <SBeard@wrberkley.com.invalid>
wrote:

> Try adding this to the tomcat connector you are using in the server.xml if
> you don’t already have it and restart tomcat.
>
> proxyName="your.url.com"
>
> proxyPort="your ssl port"
>
> scheme="https"
>
> secure="true"
>
>
>
>
> ?
> Shawn Beard • Sr. Systems Engineer
> Middleware Engineering
> 3840 109th Street , Urbandale , IA 50322
> Phone: *+1-515-564-2528* <+1-515-564-2528>
> Email: *SBeard@wrberkley.com* <SBeard@wrberkley.com>
> Website: https://berkleytechnologyservices.com/
> Technology Leadership Unleashing Business Potential
>
>
>
> *From:* jonmcalexander@wellsfargo.com.INVALID
> <jonmcalexander@wellsfargo.com.INVALID>
> *Sent:* Tuesday, August 2, 2022 10:50 AM
> *To:* users@httpd.apache.org
> *Subject:* [users@httpd] mod_proxy_http tuning [EXTERNAL]
>
>
>
> ** CAUTION: External message
>
>
>
> Hi Fellow Travelers!
>
>
>
> I have an application team that is seeing dismal performance when
> utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a
> back-end Tomcat server over SSL. If they bypass the Apache and go direct to
> Tomcat, everything is nice and fast. However, if they do the same actions
> via the proxy, it takes 3 to 4 minutes to render the pages, that is if they
> even display.
>
>
>
> Looking for some ideas as to how to improve the performance.
>
>
>
> Thanks,
>
>
>
> *Dream * Excel * Explore * Inspire*
>
> Jon McAlexander
>
> Senior Infrastructure Engineer
>
> Asst. Vice President
>
> He/His
>
>
>
> Middleware Product Engineering
>
> Enterprise CIO | EAS | Middleware | Infrastructure Solutions
>
>
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
>
> Tel 515-988-2508 | Cell 515-988-2508
>
>
>
> jonmcalexander@wellsfargo.com
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
>
>
> CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain
> private, privileged and confidential information belonging to the sender.
> The information therein is solely for the use of the addressee. If your
> receipt of this transmission has occurred as the result of an error, please
> immediately notify us so we can arrange for the return of the documents. In
> such circumstances, you are advised that you may not disclose, copy,
> distribute or take any other action in reliance on the information
> transmitted.
>
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
This has been done with no effect.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: A.J. T <ajt657196@gmail.com>
Sent: Monday, August 8, 2022 2:40 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Thank you for your help

On Wed, Aug 3, 2022, 10:42 AM Beard, Shawn <SBeard@wrberkley.com.invalid<mailto:SBeard@wrberkley.com.invalid>> wrote:
Try adding this to the tomcat connector you are using in the server.xml if you don’t already have it and restart tomcat.
proxyName="your.url.com<https://urldefense.com/v3/__http:/your.url.com__;!!F9svGWnIaVPGSwU!o_LvvLQz_ifdiXaFLj4thuvlPuVq2WGqdDZ7xRs10X5sWS3fY9P90LuUcvyTeYiEja4LlYMd4SuKEGEiNlHiqCLVUQ$>"
proxyPort="your ssl port"
scheme="https"
secure="true"


?

Shawn

Beard

• Sr. Systems Engineer


Middleware Engineering


[cid:image459153.png@043442C3.FA92F072]

3840 109th Street

,

Urbandale

,

IA

50322


Phone: +1-515-564-2528<tel:+1-515-564-2528>

Email:

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


Website: https://berkleytechnologyservices.com/<https://urldefense.com/v3/__https:/berkleytechnologyservices.com/__;!!F9svGWnIaVPGSwU!o_LvvLQz_ifdiXaFLj4thuvlPuVq2WGqdDZ7xRs10X5sWS3fY9P90LuUcvyTeYiEja4LlYMd4SuKEGEiNlGTIuXb6g$>





[cid:image241153.jpg@D52CEF9A.1E77E9C3]


Technology Leadership Unleashing Business Potential








From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Tuesday, August 2, 2022 10:50 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
Are there any firewalls or anything between the webserver and the tomcat server? Or are they on the same server?


Shawn? Beard
Sr. Systems Engineer |
BTS
Middleware Engineering | +1-515-564-2528<tel:+1-515-564-2528> | SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


From: jonmcalexander@wellsfargo.com.INVALID <jonmcalexander@wellsfargo.com.INVALID>
Sent: Monday, August 8, 2022 2:51 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message

This has been done with no effect.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: A.J. T <ajt657196@gmail.com<mailto:ajt657196@gmail.com>>
Sent: Monday, August 8, 2022 2:40 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Thank you for your help

On Wed, Aug 3, 2022, 10:42 AM Beard, Shawn <SBeard@wrberkley.com.invalid<mailto:SBeard@wrberkley.com.invalid>> wrote:
Try adding this to the tomcat connector you are using in the server.xml if you don’t already have it and restart tomcat.
proxyName="your.url.com<https://urldefense.com/v3/__http:/your.url.com__;!!F9svGWnIaVPGSwU!o_LvvLQz_ifdiXaFLj4thuvlPuVq2WGqdDZ7xRs10X5sWS3fY9P90LuUcvyTeYiEja4LlYMd4SuKEGEiNlHiqCLVUQ$>"
proxyPort="your ssl port"
scheme="https"
secure="true"


?
Shawn
Beard
• Sr. Systems Engineer
Middleware Engineering
[cid:image459153.png@043442C3.FA92F072]
3840 109th Street
,
Urbandale
,
IA
50322
Phone: +1-515-564-2528<tel:+1-515-564-2528>
Email:
SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
Website: https://berkleytechnologyservices.com/<https://urldefense.com/v3/__https:/berkleytechnologyservices.com/__;!!F9svGWnIaVPGSwU!o_LvvLQz_ifdiXaFLj4thuvlPuVq2WGqdDZ7xRs10X5sWS3fY9P90LuUcvyTeYiEja4LlYMd4SuKEGEiNlGTIuXb6g$>
[cid:image241153.jpg@D52CEF9A.1E77E9C3]
Technology Leadership Unleashing Business Potential

From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Tuesday, August 2, 2022 10:50 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message

Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
RE: mod_proxy_http tuning [EXTERNAL] [ In reply to ]
In the current environment they are in, no, there are no firewalls. They are on different servers.

When they get to production, there is a firewall in place.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: Beard, Shawn <SBeard@wrberkley.com.INVALID>
Sent: Tuesday, August 9, 2022 8:12 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Are there any firewalls or anything between the webserver and the tomcat server? Or are they on the same server?


Shawn?



Beard


Sr. Systems Engineer

|

BTS


Middleware Engineering

|

+1-515-564-2528<tel:+1-515-564-2528>

|

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>








From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Monday, August 8, 2022 2:51 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: RE: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


This has been done with no effect.

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

From: A.J. T <ajt657196@gmail.com<mailto:ajt657196@gmail.com>>
Sent: Monday, August 8, 2022 2:40 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: Re: [users@httpd] mod_proxy_http tuning [EXTERNAL]

Thank you for your help

On Wed, Aug 3, 2022, 10:42 AM Beard, Shawn <SBeard@wrberkley.com.invalid<mailto:SBeard@wrberkley.com.invalid>> wrote:
Try adding this to the tomcat connector you are using in the server.xml if you don’t already have it and restart tomcat.
proxyName="your.url.com<https://urldefense.com/v3/__http:/your.url.com__;!!F9svGWnIaVPGSwU!o_LvvLQz_ifdiXaFLj4thuvlPuVq2WGqdDZ7xRs10X5sWS3fY9P90LuUcvyTeYiEja4LlYMd4SuKEGEiNlHiqCLVUQ$>"
proxyPort="your ssl port"
scheme="https"
secure="true"


?

Shawn

Beard

• Sr. Systems Engineer


Middleware Engineering


[cid:image459153.png@043442C3.FA92F072]

3840 109th Street

,

Urbandale

,

IA

50322


Phone: +1-515-564-2528<tel:+1-515-564-2528>

Email:

SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>


Website: https://berkleytechnologyservices.com/<https://urldefense.com/v3/__https:/berkleytechnologyservices.com/__;!!F9svGWnIaVPGSwU!o_LvvLQz_ifdiXaFLj4thuvlPuVq2WGqdDZ7xRs10X5sWS3fY9P90LuUcvyTeYiEja4LlYMd4SuKEGEiNlGTIuXb6g$>





[cid:image241153.jpg@D52CEF9A.1E77E9C3]


Technology Leadership Unleashing Business Potential








From: jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID> <jonmcalexander@wellsfargo.com.INVALID<mailto:jonmcalexander@wellsfargo.com.INVALID>>
Sent: Tuesday, August 2, 2022 10:50 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] mod_proxy_http tuning [EXTERNAL]

** CAUTION: External message


Hi Fellow Travelers!

I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.

Looking for some ideas as to how to improve the performance.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<mailto:jonmcalexander@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
Re: mod_proxy_http tuning [ In reply to ]
Hello Jon,

Sorry for the delayed reply. Not sure if you still have the same
problem or not. Couple of observations.

On Wed, Aug 3, 2022 at 10:44 PM <jonmcalexander@wellsfargo.com.invalid> wrote:
>
> Hi Sekhar,
>
>
>
> Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat connector. Not end user client auth, just proxy.
>
>
>
> Thanks,
>
>
>
> #-----------httpd-ssl.conf-------------------
>
>
>
> # for web instance
>
>
>
> Listen 6750
>
> AddType application/x-x509-ca-cert .crt
>
> AddType application/x-pkcs7-crl .crl
>
>
>
> SSLPassPhraseDialog builtin
>
> SSLSessionCache "shmcb:/path/ssl_scache(512000)"
>
> SSLSessionCacheTimeout 300
>
> Mutex "file:/apps/apache/logs/pid/"
>
>
>
> ErrorDocument 500 /ilapp
>
>
>
> <VirtualHost _default_:6750>
>
> SSLEngine on
>
>
>
> SSLProtocol -all +TLSv1.2
>
> SSLCipherSuite <CIPHER LIST>
>
> SSLHonorCipherOrder on
>
>
>
> SSLCertificateFile myapp.cer
>
> SSLCertificateKeyFile myapp.key
>
> SSLCertificateChainFile intermediate.pem
>
>
>
> <FilesMatch "\.(cgi|shtml|phtml|php)$">
>
> SSLOptions +StdEnvVars
>
> </FilesMatch>
>
>
>
>
>
> BrowserMatch "MSIE [2-5]" \
>
> nokeepalive ssl-unclean-shutdown \
>
> downgrade-1.0 force-response-1.0
>
>
>
> <IfModule proxy_module>
>
>
>
> SSLProxyEngine On
>
> SSLProxyVerify off

I don't see "off" in Apache doc. none/optional/require/optional_no_ca
are allowed. If you don't want certificate verification, you can set
it to "none". May I know what you are trying to do here?
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify

>
> SSLProxyCheckPeerName on
>
> SSLProxyCheckPeerCN on
>
> SSLProxyVerifyDepth 5
>
Then you have the above three settings which I believe contradicts
with the SSLProxyVerify setting you have. If you do not want the cert
verification, then why do further checks? You can adjust these
settings as per your need and check again.

Also another question which I forgot to ask earlier. You mentioned,
direct access to Tomcat works faster. Are you accessing it over http
or https? Also, can you please share Tomcat connector's configuration
here removing secrets.

> SSLProxyCACertificateFile intermediate.pem
>
> SSLProxyMachineCertificateFile myappClient.pem
>
> ProxyRequests Off
>
> BalancerPersist On
>
>
>
> <Proxy balancer://icluster>
>
> BalancerMember https://tomcat-server:9999
>
>
>
> ProxySet lbmethod=bybusyness
>
> ProxySet stickysession=JSESSIONID
>
> ProxySet scolonpathdelim=On
>
>
>
> Order Deny,Allow
>
> Deny from none
>
> Allow from all
>
> </Proxy>
>
>
>
> ProxyPass /iapp balancer://icluster/iappp
>
> ProxyPassReverse /iapp balancer://icluster/iappp
>
>
>
> ProxyPass /idash balancer://icluster/idash
>
> ProxyPassReverse /idash balancer://icluster/idash
>
>
>
> </IfModule>
>
>
>
> </VirtualHost>
>
>
>
> Dream * Excel * Explore * Inspire
>
> Jon McAlexander
>
> Senior Infrastructure Engineer
>
> Asst. Vice President
>
> He/His
>
>
>
> Middleware Product Engineering
>
> Enterprise CIO | EAS | Middleware | Infrastructure Solutions
>
>
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
>
> Tel 515-988-2508 | Cell 515-988-2508
>
>
>
> jonmcalexander@wellsfargo.com
>
> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
>
>
>
> From: Suvendu Sekhar Mondal <suv3ndu@gmail.com>
> Sent: Tuesday, August 2, 2022 12:03 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] mod_proxy_http tuning
>
>
>
> Hello Jon,
>
> On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@wellsfargo.com.invalid> wrote:
>
> Hi Fellow Travelers!
>
>
>
> I have an application team that is seeing dismal performance when utilizing the Apache HTTPD front-end using mod_proxy_http to proxy a back-end Tomcat server over SSL. If they bypass the Apache and go direct to Tomcat, everything is nice and fast. However, if they do the same actions via the proxy, it takes 3 to 4 minutes to render the pages, that is if they even display.
>
> This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.
>
>
>
> Looking for some ideas as to how to improve the performance.
>
>
>
> Thanks,
>
>
>
> Dream * Excel * Explore * Inspire
>
> Jon McAlexander
>
> Senior Infrastructure Engineer
>
> Asst. Vice President
>
> He/His
>
>
>
> Middleware Product Engineering
>
> Enterprise CIO | EAS | Middleware | Infrastructure Solutions
>
>
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
>
> Tel 515-988-2508 | Cell 515-988-2508
>
>
>
> jonmcalexander@wellsfargo.com
>
> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_proxy_http tuning [ In reply to ]
Le 10/08/2022 à 17:49, Suvendu Sekhar Mondal a écrit :
>> <IfModule proxy_module>
>>
>>
>>
>> SSLProxyEngine On
>>
>> SSLProxyVerify off
>
> I don't see "off" in Apache doc. none/optional/require/optional_no_ca
> are allowed. If you don't want certificate verification, you can set
> it to "none". May I know what you are trying to do here?
> https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify

From source code, off = none (and on = require)

CJ

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Re: mod_proxy_http tuning [ In reply to ]
Thank you!

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

> -----Original Message-----
> From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> Sent: Monday, August 15, 2022 8:22 AM
> To: users@httpd.apache.org; Suvendu Sekhar Mondal
> <suv3ndu@gmail.com>
> Subject: [users@httpd] Re: mod_proxy_http tuning
>
> Le 10/08/2022 à 17:49, Suvendu Sekhar Mondal a écrit :
> >> <IfModule proxy_module>
> >>
> >>
> >>
> >> SSLProxyEngine On
> >>
> >> SSLProxyVerify off
> >
> > I don't see "off" in Apache doc. none/optional/require/optional_no_ca
> > are allowed. If you don't want certificate verification, you can set
> > it to "none". May I know what you are trying to do here?
> >
> https://urldefense.com/v3/__https://httpd.apache.org/docs/current/mod/
> > mod_ssl.html*sslproxyverify__;Iw!!F9svGWnIaVPGSwU!vQbPbrY-
> 8cL3JCDH-Thz
> >
> JOgKdExwjZ6dUx6akL_g0Ooj0RTWIgkVCJDfKCqyl3ndfxGLv90QwklNu3Seja_-
> eVW6fX
> > 8zAHnTsoVGyg$
>
> From source code, off = none (and on = require)
>
> CJ
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

???????????????????????????????????????????????????????????????????????F?V?7V'67&?&R?R???âW6W'2?V?7V'67&?&T?GGB?6?R??&p?f?"FF?F????6????G2?R???âW6W'2?V??GGB?6?R??&p