Jeffrey Burgoyne
2004-10-13 14:07:32 UTC
I'm looking for a bit of direction on a few issues related to mod_proxy
and the Apache 2.X series.
Currently I'm in charge of Apache on a large website running 1.3.26
apache. Over the past few years the department has had a proliferation of
technologies for back end servers. I have been using mod_proxy to manage
connectivity to all of the servers in question. Unfortunately in the last
year our server has had issues handling the load restraints and buggy
application servers. To alleviate the immediate issues I made customized
changes to the 1.3.26 Apache mod_proxy to handle various timeout
conditions and real time monitoring. We also have been given the funding
to deploy a robust front end web server machine (An IBM blade center).
Given the magnitude of the migration to the new machine, I was given the
go ahead to investigate Apache 2.X as a better solution for the front end
web server. Notably of importance to us was the fact that a proxy timeout
directive was built into 2.X, and we would not need to worry about the
custom code. The load balancing failover that is being talked about will
also be of significant interest to us as it becomes available. I have run
into three issues, however.
1) SSL proxying. Due to security policies, we have a number of back end
app servers that require SSL from the client to the server. Therefore SSL
based proxying is a requirement. I have never seen a definitive statement
as to whether SSL proxying is supported, but I've seen indications it is
not, and confirmed in my tests that it did not work. Is there any plans to
implement this feature?
2) Timeout Directive. I tried using this with the test suite that I used
for my mod_proxy changes, and did not get the intended results. For
example, I wrote a cgi that wais 30 seconds before passing back a
response, and set the timeout to 10 seconds. On my version the proxy would
give up after 10 seconds of no data transfer. This did not happen with the
2.X timeout. Can someone give a better explanation of what this timeout
handles and whether I possibly made a configuration mistake.
3) Monitoring. My proxy changes wrote out a customize log entry upon
failure. I then wrote a program which analyzed this log in real time and
sent out warnings on configurable intervals when configurable thresholds
were breached. Assuming I can get 1 and 2 sorted out, I'd be willing to
work on this third item as an enhancement to mod_proxy.
Thanks
Jeffrey Burgoyne
Chief Technology Architect
KCSI Keenuh Consulting Services Inc
***@keenuh.com
and the Apache 2.X series.
Currently I'm in charge of Apache on a large website running 1.3.26
apache. Over the past few years the department has had a proliferation of
technologies for back end servers. I have been using mod_proxy to manage
connectivity to all of the servers in question. Unfortunately in the last
year our server has had issues handling the load restraints and buggy
application servers. To alleviate the immediate issues I made customized
changes to the 1.3.26 Apache mod_proxy to handle various timeout
conditions and real time monitoring. We also have been given the funding
to deploy a robust front end web server machine (An IBM blade center).
Given the magnitude of the migration to the new machine, I was given the
go ahead to investigate Apache 2.X as a better solution for the front end
web server. Notably of importance to us was the fact that a proxy timeout
directive was built into 2.X, and we would not need to worry about the
custom code. The load balancing failover that is being talked about will
also be of significant interest to us as it becomes available. I have run
into three issues, however.
1) SSL proxying. Due to security policies, we have a number of back end
app servers that require SSL from the client to the server. Therefore SSL
based proxying is a requirement. I have never seen a definitive statement
as to whether SSL proxying is supported, but I've seen indications it is
not, and confirmed in my tests that it did not work. Is there any plans to
implement this feature?
2) Timeout Directive. I tried using this with the test suite that I used
for my mod_proxy changes, and did not get the intended results. For
example, I wrote a cgi that wais 30 seconds before passing back a
response, and set the timeout to 10 seconds. On my version the proxy would
give up after 10 seconds of no data transfer. This did not happen with the
2.X timeout. Can someone give a better explanation of what this timeout
handles and whether I possibly made a configuration mistake.
3) Monitoring. My proxy changes wrote out a customize log entry upon
failure. I then wrote a program which analyzed this log in real time and
sent out warnings on configurable intervals when configurable thresholds
were breached. Assuming I can get 1 and 2 sorted out, I'd be willing to
work on this third item as an enhancement to mod_proxy.
Thanks
Jeffrey Burgoyne
Chief Technology Architect
KCSI Keenuh Consulting Services Inc
***@keenuh.com