So I've compilied mod_ssl/apache to include the ssl_experimental, and I am
getting this error...
[root@www11-la1 conf]# /u1/httpd/bin/apachectl configtest
Use of uninitialized value at
/usr/lib/perl5/site_perl/5.005/i386-linux/PFProAPI.pm line 47.
Syntax error on line 414 of /u1/httpd/conf/httpd.conf:
SSLSessionCache: shared memory cache not useable on this platform
I am running RedHat Linux, apache 1.3.19, modssl 2.8.1, openssl 0.9.6, mm
1.1.3, and mod_perl 1.25.
My compile options are attached, can anyone see what I am missing? Is this
platform supported with this option?
Thanks,
max
-----Original Message-----
From: David Rees [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 1:12 PM
To: [EMAIL PROTECTED]
Subject: RE: Which SSLSessionCache to use for best performance?
Hi Max,
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Max Clark
>
> Hi all.
>
> I have been tuning my web farm (for the past 6 months now), and
> have had the
> typical MSIE SSL issues along the way. I stumbled across a post today
> regarding the SSLSessionCache (my config is below), and my
> question is which
> session cache will give the best performance for my system?
>
> I need to support every browser possible, and my servers each
> recieve about
> 300K page views a day. I'm running Apache 1.3.17, mod_ssl 2.8.0, openssl
> 0.9.6 on Linux.
>
> I saw a reference for SSL_EXPERIMENTAL as a compile option, can anyone
> explain that to me?
>
> Also, could anyone give me tuning advice for the size of the ssl_cache?
In a basic mod_ssl installation, there is only one session cache available,
the "dbm" session cache. This is also the slowest session cache (aside from
not having one, of course). It is also known to be unreliable on some
platforms.
If you compile the mm library into mod_ssl, this allows you to use a shared
memory session cache ("shm" or "shmht"). In my benchmarks (not real world
situations) this improved performance by about 30% on the SGI IRIX server I
was using.
If you compile the mm library into mod_ssl, and turn on the SSL_EXPERIMENTAL
flag during the configuration stage of apache, you get another shared memory
cache ("shmcb") which is supposed to be faster and more robust than the
standard shared memory cache. This code was donated by the folks at
Stronghold (who use mod_ssl in their server) and should be better under load
than the standard shared memory cache. I didn't see any performance
difference with this cache over the standard "shmht" cache.
FWIW, I've been using the "shmcb" cache in all my servers (various IRIX and
Linux machines) with no problems under various light to moderate (1 million
hits/day) load.
As for tuning advice for the size of the shared memory cache, it seems that
every ssl_session uses right around 140-150 bytes per session. This means
that with the default session cache size of 512000 bytes, you can support
about 3500 concurrent users before the cache fills up and the server starts
expiring sessions early.
There is no limit on the number of sessions cached when using the dbm cache.
I usually double the size of the session cache (1024000) and also double the
length that a session can be cached for. You'll want to avoid letting the
cache get too full (over 75-80%) since the performance of the cache will
likely start to drop at that point.
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
o Apache + mod_ssl/OpenSSL + mod_perl/Perl
---------------------------------------
Steps:
# extract the packages
gzip -d -c apache_1.3.x.tar.gz | tar xvf -
gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -
gzip -d -c mod_perl-1.xx.tar.gz | tar xvf -
gzip -d -c openssl-0.9.x.tar.gz | tar xvf -
gzip -d -c mm-1.1.x.tar.gz | tar xvf -
# configure and build the OpenSSL library
cd openssl-0.9.x
sh config
make
make test
cd ..
# configure and build the Memory Manager
cd mm-1.1.x
./configure --disable-shared
make
cd ..
# apply mod_ssl to Apache source tree
cd mod_ssl-2.8.x-1.3.x
./configure \
--with-apache=../apache_1.3.x
cd ..
# increase the Apache hard server limit from 256 to 1024
vi apache_1.3.x/src/include/httpd.sh
# apply mod_perl to Apache source tree
# and build/install the Perl-side of mod_perl
cd mod_perl-1.xx
perl Makefile.PL \
USE_APACI=1 \
EVERYTHING=1 \
SSL_BASE=../openssl-0.9.6 \
EAPI_MM=../mm-1.1.3 \
APACHE_PREFIX=/u1/httpd \
APACI_ARGS='--enable-module=ssl,--enable-rule=SSL_EXPERIMENTAL,--enable-module=rewrite,--enable-module=so,--disable-module=userdir'
make
make test
make install
cd ..
# cleanup after work
rm -rf mod_perl-1.xx
rm -rf mod_ssl-2.8.x-1.3.x
rm -rf apache_1.3.x
rm -rf openssl-0.9.x
rm -rf mm-1.1.x
