[users@httpd] BALANCER: (balancer://cluster). All workers are in error state for route in apache error logs and service temporarily unavailanble for tomcat
Hello Team, I have configured apache to load balanced six tomcat instances in the backend using mod_proxy_balance and mod_proxy_ajp modules. I am frequently getting service temporary unavailable message and following error in the apache error logs. [Mon Feb 06 09:07:28 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) [Mon Feb 06 09:07:32 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) [Mon Feb 06 09:07:36 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) [Mon Feb 06 09:07:37 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) [Mon Feb 06 09:07:42 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) [Mon Feb 06 09:07:45 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) [Mon Feb 06 09:08:02 2012] [error] proxy: BALANCER: (balancer://cluster). All workers are in error state for route (marsprod_rmiserver_3) I am using following version of apache and tomcat. Apache version :- Apache/2.2.16 Tomcat :- 6.0.26 Jdk :-1.6.0_24 Below is the configuration of my apache and tomcat. # Port 80 Listen server_name:80 VirtualHost _default_:80 ServerName server_name ServerAlias server_name ServerAlias server_name Directory /eMatrix Order deny,allow Deny from all Allow from 153.88.251.174 153.88.251.160 153.88.251.165 153.88.251.170 153.88.251.212 153.88.251.199 /Directory Timeout 1800 ProxyTimeout 1800 ProxyRequests Off ProxyPass /eMatrix balancer://cluster stickysession=JSESSIONID|jsessionid nofailover=On #ProxyPass /eMatrix balancer://cluster stickysession=JSESSIONID nofailover=On ProxyPreserveHost On ProxyPass /eMatrix ajp://server_name:8009/eMatrix ProxyPass /eMatrix ajp://server_name:8010/eMatrix ProxyPass /eMatrix ajp://server_name:8011/eMatrix ProxyPass /eMatrix ajp://server_name:9009/eMatrix ProxyPass /eMatrix ajp://server_name:9010/eMatrix ProxyPass /eMatrix ajp://server_name:9011/eMatrix ProxyPassReverse /eMatrix ajp://server_name:8009/eMatrix ProxyPassReverse /eMatrix ajp://server_name:8010/eMatrix ProxyPassReverse /eMatrix ajp://server_name:8011/eMatrix ProxyPassReverse /eMatrix ajp://server_name:9009/eMatrix ProxyPassReverse /eMatrix ajp://server_name:9010/eMatrix ProxyPassReverse /eMatrix ajp://server_name:9011/eMatrix Proxy balancer://cluster BalancerMember ajp://server_name:8009/eMatrix route=marsprod_rmiserver_1 loadfactor=33 retry=60 BalancerMember ajp://server_name:8010/eMatrix route=marsprod_rmiserver_2 loadfactor=33 retry=60 BalancerMember ajp://server_name:8011/eMatrix route=marsprod_rmiserver_3 loadfactor=33 retry=60 BalancerMember ajp://server_name:9009/eMatrix route=marsprod_rmiserver_4 loadfactor=33 retry=60 BalancerMember ajp://server_name:9010/eMatrix route=marsprod_rmiserver_5 loadfactor=33 retry=60 #load balancing performed based on number of user requests #ProxySet lbmethod=byrequests # Report server is for Report purpose only so balancing is required now. BalancerMember ajp://server_name:9011/eMatrix route=marsprod_rmiserver_6 loadfactor=33 retry=60 ProxySet lbmethod=byrequests /Proxy #Status page for balancer Location /balancer SetHandler balancer-manager Order Deny,Allow Deny from all Allow from all /Location ProxyStatus On Location /status SetHandler server-status Order Deny,Allow Deny from all Allow from all /Location ErrorLog /opt/web/apache/app/mxora/logs/error.log /VirtualHost Tomcat Configuration Server.xml !-- for Native tomcat setup-- Connector port=8082 protocol=org.apache.coyote.http11.Http11AprProtocol maxHttpHeaderSize=8192 maxThreads=60 maxPostSize=0 enableLookups=false redirectPort=8443 acceptCount=150 compression=on connectionTimeout=6 disableUploadTimeout=true URIEncoding=UTF-8/ !-- Define an AJP 1.3 Connector on port 9084 -- Connector port=8010 protocol=AJP/1.3 redirectPort=8443 maxThreads=60 enableLookups=false maxPostSize=0 connectionTimeout=6 URIEncoding=UTF-8/ Kindly help me to trobleshoot the issue.
Re: [users@httpd] High availabilty through Apache httpd
Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] High availabilty through Apache httpd
Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran --**--**- The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/**userslist.htmlhttp://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.orgusers-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscribe@**httpd.apache.orgusers-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to make Apache mod_deflate and Transfer-encoding : Chunked work together?
On 2/1/2012 3:48 AM, Matus UHLAR - fantomas wrote: Of course. But the original question was, why is chunking not used, even when Content-Length was not sent? I don't know HTTP/1.1 enough to answwer this question, do you? On 01.02.12 12:50, William A. Rowe Jr. wrote: Yes; because the entire C-L is known and the overhead for C-L plus fragment header/trailer is longer than a simple C-L header. This issue can also be handles by not sending the Content-Length and using chunking. The original question was, How do I force chunking. The answer is, you don't and can't expect to. Chunking is a hop-by-hop behavior over which you have no control by either endpoint of the intermediate servers' elections. Maybe the original question should be rephrased to How do I force chunking when sending content from mod_gzip2, so we would not discuss what chunking is for, if it collides with Content-Length and that it is hop-by-hop header, and just search for answer for why does mod_gzip not send chunked responses, if it can. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] High availabilty through Apache httpd
Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za mailto:j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org mailto:users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org
RE: [users@httpd] High availabilty through Apache httpd
If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you're on linux) to monitor your service. If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you'll stumble on client-server persistence problem if you don't use tomcat clustering. From: Jaco Kroon [mailto:j...@uls.co.za] Sent: Monday 6 February 2012 10:24 To: users@httpd.apache.org Cc: Harsimranjit singh Kler Subject: Re: [users@httpd] High availabilty through Apache httpd Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this message in error, please contact the sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER*
Re: [users@httpd] High availabilty through Apache httpd
Intially i want failover setup only with two node can you explain little about vrrp + keepalived. else some reference link how i can achive it step by step(on linux setup only) ? On Mon, Feb 6, 2012 at 3:12 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you’re on linux) to monitor your service. ** ** If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you’ll stumble on client-server persistence problem if you don’t use tomcat clustering. ** ** ** ** *From:* Jaco Kroon [mailto:j...@uls.co.za] *Sent:* Monday 6 February 2012 10:24 *To:* users@httpd.apache.org *Cc:* Harsimranjit singh Kler *Subject:* Re: [users@httpd] High availabilty through Apache httpd ** ** Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran ** ** - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org ** ** ** ** *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this message in error, please contact the sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER*
RE: [users@httpd] High availabilty through Apache httpd
Basically, you have one IP address that is used by two hosts, active one only one at a time. If one service fails, the other node take the IP thanks to keepalived. This works only if you're on the same network segment. Google on vrrp keepalived apache and you'll get this first link: http://www.cyberciti.biz/faq/rhel-centos-fedora-keepalived-lvs-cluster-c onfiguration/ From: Harsimranjit singh Kler [mailto:simran...@gmail.com] Sent: Monday 6 February 2012 10:53 To: DENIS Laurent Cc: users@httpd.apache.org Subject: Re: [users@httpd] High availabilty through Apache httpd Intially i want failover setup only with two node can you explain little about vrrp + keepalived. else some reference link how i can achive it step by step(on linux setup only) ? On Mon, Feb 6, 2012 at 3:12 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you're on linux) to monitor your service. If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you'll stumble on client-server persistence problem if you don't use tomcat clustering. From: Jaco Kroon [mailto:j...@uls.co.za] Sent: Monday 6 February 2012 10:24 To: users@httpd.apache.org Cc: Harsimranjit singh Kler Subject: Re: [users@httpd] High availabilty through Apache httpd Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this message in error, please contact the sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER* *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this message in error, please contact the sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER*
Re: [users@httpd] High availabilty through Apache httpd
Thanks for details. One last question Why Apache not Support failover support which is basic for any load balancer setup ? Any plan of HA in future releases of httpd? On Mon, Feb 6, 2012 at 4:08 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: Basically, you have one IP address that is used by two hosts, active one only one at a time. If one service fails, the other node take the IP thanks to keepalived. ** ** This works only if you’re on the same network segment. ** ** Google on “vrrp keepalived apache” and you’ll get this first link: http://www.cyberciti.biz/faq/rhel-centos-fedora-keepalived-lvs-cluster-configuration/ ** ** ** ** ** ** ** ** ** ** ** ** ** ** *From:* Harsimranjit singh Kler [mailto:simran...@gmail.com] *Sent:* Monday 6 February 2012 10:53 *To:* DENIS Laurent *Cc:* users@httpd.apache.org *Subject:* Re: [users@httpd] High availabilty through Apache httpd ** ** Intially i want failover setup only with two node can you explain little about vrrp + keepalived. else some reference link how i can achive it step by step(on linux setup only) ? On Mon, Feb 6, 2012 at 3:12 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you’re on linux) to monitor your service. If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you’ll stumble on client-server persistence problem if you don’t use tomcat clustering. *From:* Jaco Kroon [mailto:j...@uls.co.za] *Sent:* Monday 6 February 2012 10:24 *To:* users@httpd.apache.org *Cc:* Harsimranjit singh Kler *Subject:* Re: [users@httpd] High availabilty through Apache httpd Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient** ** is prohibited. If you receive this message in error, please contact the ** ** sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER* ** ** *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this message in error, please contact the sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER*
Re: [users@httpd] High availabilty through Apache httpd
On Mon, Feb 6, 2012 at 5:46 AM, Harsimranjit singh Kler simran...@gmail.com wrote: Thanks for details. One last question Why Apache not Support failover support which is basic for any load balancer setup ? It's a webserver. If you want a load balancer, put a load balancer in front of it. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] High availabilty through Apache httpd
Apache supports load-balancing, you can put several in parallel without any problem J And it does a very nice job in load-balancing/failover for the backends through mod_proxy_balancer (though a health-check option at HTTP level would be welcome) The problem is more with the applications you put behind it. If you have several apache that forward to several application servers (be it PHP, Tomcat, Weblogic, Websphere, etc...) you need to make sure that: - one client always end on the same front-end apache server + that the queries are always forwarded to the same app server (using session id) - or that the app server are working in a cluster to synchronize their sessions If you can afford a hardware load-balancer, do so. But even there, you'll have to setup several such boxes in parallel one day or another, with vrrp or hsrp or a similar protocol. You can also take a look at the SRV record for DNS (http://en.wikipedia.org/wiki/SRV_record) and pray for the browser to support it. From: Harsimranjit singh Kler [mailto:simran...@gmail.com] Sent: Monday 6 February 2012 11:46 To: DENIS Laurent Cc: users@httpd.apache.org Subject: Re: [users@httpd] High availabilty through Apache httpd Thanks for details. One last question Why Apache not Support failover support which is basic for any load balancer setup ? Any plan of HA in future releases of httpd? On Mon, Feb 6, 2012 at 4:08 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: Basically, you have one IP address that is used by two hosts, active one only one at a time. If one service fails, the other node take the IP thanks to keepalived. This works only if you're on the same network segment. Google on vrrp keepalived apache and you'll get this first link: http://www.cyberciti.biz/faq/rhel-centos-fedora-keepalived-lvs-cluster-c onfiguration/ From: Harsimranjit singh Kler [mailto:simran...@gmail.com] Sent: Monday 6 February 2012 10:53 To: DENIS Laurent Cc: users@httpd.apache.org Subject: Re: [users@httpd] High availabilty through Apache httpd Intially i want failover setup only with two node can you explain little about vrrp + keepalived. else some reference link how i can achive it step by step(on linux setup only) ? On Mon, Feb 6, 2012 at 3:12 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you're on linux) to monitor your service. If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you'll stumble on client-server persistence problem if you don't use tomcat clustering. From: Jaco Kroon [mailto:j...@uls.co.za] Sent: Monday 6 February 2012 10:24 To: users@httpd.apache.org Cc: Harsimranjit singh Kler Subject: Re: [users@httpd] High availabilty through Apache httpd Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any disclosure, copying, distribution or other action based upon the information by persons or entities other than the intended recipient is prohibited. If you receive this message in error, please contact the sender and delete the material from any and all computers. Mobistar does not warrant a proper and complete transmission of this information, nor does it accept liability for any delays. *END OF DISCLAIMER* *DISCLAIMER* This electronic transmission (and any attached document) is intended exclusively for the person or entity to whom it is
Re: [users@httpd] Configuration file effects on security
On 2012-02-03 18:22, Silviu Andrica wrote: Hi, I was wondering if you know any tool that checks how secure an Apache configuration is. I know about Nikto and W3AF, but those tools are targeted at web applications. I'm more interested in tools that target web servers. Also, can you recommend some Apache configurations / setups where Nikto and W3AF are effective? 'Security' is not black and white like that. The perception of security is always a moving target. Some recommended reading: http://www.schneier.com/book-sandl.html -- Message sent via my webmail account. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Need Help - Company trying to steal my domain
A company (Borges, USA, Inc.) is trying to steal a domain that I own, and have owned for over 15 years (caramia.com). They claim that they have the name Cara Mia trade marked. (Cara mia means My dear in Italian and is a very common term of endearment). They have filed a complaint against me through the National Arbitration Forum. I have a small privately held consulting company called Caramia Consulting. There are plenty of other Cara Mias out there as well, including pizza parlors, restaurants, hair stylists, dry cleaners etc, all unassociated with Borges. How do I go about fighting this? Any suggestions appreciated. Please respond offline to me at g...@caramia.com since this is off-topic. Thank you in advance. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Configure httpd not to send responses
Thanks for your reply. I could and I have written a small webserver in Python as a test as well. Of course with this I will have to duplicate the functionality of mod_evasive also in my code. I am not sure that this benefits me though, because I think that either web server will respond with 404's and 500's on error. The webserver I wrote takes the connection and parses info and does not respond with content, but if I telnet the port and create an error, I see an error message even though it isn't part of the code I wrote (it must be in the library I used). I believe that I will have the same issue with httpd. I have a web application firewall that uses mod_security + ? and it is capable of being deployed in this manner. It receives traffic on a span port (mirrored traffic) and it does not respond to the traffic. It is very much like an IDS would consume the traffic but not think that it the traffic was really destined for itself and try to serve content. It has other interfaces on other subnets for logging, alerting, etc. but does not try to serve the web content requested (as far as I know - have put a sniffer on it). Am I missing something? Thanks, Andy From: Igor Cicimov [mailto:icici...@gmail.com] Sent: Friday, February 03, 2012 11:30 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Configure httpd not to send responses How about redirecting all the traffic to a cgi script that does nothing? Or it might be a script that parses the headers and creates some stats files for you. On Feb 4, 2012 5:11 AM, Andrew Hester andrew.hes...@mouser.commailto:andrew.hes...@mouser.com wrote: Hello, I would like to use httpd with mod_remoteip and mod_evasive to provide some DoS response for my site. I might later use mod_security for other rules as well. Because of many reasons the httpd server will will not be inline, but instead I intend to mirror traffic to the server for analysis. So, I won't have any content on the server and do not want 400 or 500 errors going back to the client but I do want to analyze the requests. I will use a script to create firewall rules when DoS rules are triggered. I have not been able to find any docs on this and I'm not sure what the common terminology is for this configuration. Any tips on how to prevent this honeypot-ish server from responding back to real clients would be appreciated. Thanks, Andy This communication, its contents and any file attachments transmitted with it are intended solely for the addressee(s) and may contain confidential proprietary information. Access by any other party without the express written permission of the sender is STRICTLY PROHIBITED. If you have received this communication in error you may not copy, distribute or use the contents, attachments or information in any way. Please destroy it and contact the sender.
RE: [users@httpd] Configure httpd not to send responses
Then redirect you error pages in the same way too. On Feb 7, 2012 5:05 AM, Andrew Hester andrew.hes...@mouser.com wrote: Thanks for your reply. ** ** I could and I have written a small webserver in Python as a test as well. Of course with this I will have to duplicate the functionality of mod_evasive also in my code. ** ** I am not sure that this benefits me though, because I think that either web server will respond with 404’s and 500’s on error. The webserver I wrote takes the connection and parses info and does not respond with content, but if I telnet the port and create an error, I see an error message even though it isn’t part of the code I wrote (it must be in the library I used). I believe that I will have the same issue with httpd.*** * ** ** ** ** I have a web application firewall that uses mod_security + ? and it is capable of being deployed in this manner. It receives traffic on a span port (mirrored traffic) and it does not respond to the traffic. It is very much like an IDS would consume the traffic but not think that it the traffic was really destined for itself and try to serve content. It has other interfaces on other subnets for logging, alerting, etc. but does not try to serve the web content requested (as far as I know – have put a sniffer on it). ** ** ** ** Am I missing something? ** ** Thanks, Andy ** ** ** ** *From:* Igor Cicimov [mailto:icici...@gmail.com] *Sent:* Friday, February 03, 2012 11:30 PM *To:* users@httpd.apache.org *Subject:* Re: [users@httpd] Configure httpd not to send responses ** ** How about redirecting all the traffic to a cgi script that does nothing? Or it might be a script that parses the headers and creates some stats files for you. On Feb 4, 2012 5:11 AM, Andrew Hester andrew.hes...@mouser.com wrote:* *** Hello, I would like to use httpd with mod_remoteip and mod_evasive to provide some DoS response for my site. I might later use mod_security for other rules as well. Because of many reasons the httpd server will will not be inline, but instead I intend to mirror traffic to the server for analysis. So, I won’t have any content on the server and do not want 400 or 500 errors going back to the client but I do want to analyze the requests. I will use a script to create firewall rules when DoS rules are triggered.* *** I have not been able to find any docs on this and I’m not sure what the common terminology is for this configuration. Any tips on how to prevent this honeypot-ish server from responding back to real clients would be appreciated. Thanks, Andy ** ** -- This communication, its contents and any file attachments transmitted with it are intended solely for the addressee(s) and may contain confidential proprietary information. Access by any other party without the express written permission of the sender is STRICTLY PROHIBITED. If you have received this communication in error you may not copy, distribute or use the contents, attachments or information in any way. Please destroy it and contact the sender.
Re: [users@httpd] High availabilty through Apache httpd
hi Denis thanks yes Apache Httpd do load balancing properly :-) only concern with fail over support of httpd itself. eg. in my setup Machine1 having : Apache httpd(2.2.17) and modjk (1.2.30)(Session stickyness true and clustering not enabled) Machine2:Tomcat6(worker1,worker2) Machine3:Tomcat6(worker3,worker4) Machine2:Tomcat6(worker5,worker6) So Machine1 is my single point of failure.So i was thinking one machine with same configurations as Machine1 say MachineXX. MachineXX:Apache httpd(2.2.17) and modjk (1.2.30) so now if Machine1 goes down MachineXX should start taking new requests and vica-versa. On Mon, Feb 6, 2012 at 5:30 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: Apache supports load-balancing, you can put several in parallel without any problem J ** ** And it does a very nice job in load-balancing/failover for the backends through mod_proxy_balancer (though a health-check option at HTTP level would be welcome) ** ** The problem is more with the applications you put behind it. ** ** If you have several apache that forward to several application servers (be it PHP, Tomcat, Weblogic, Websphere, etc…) you need to make sure that: - one “client” always end on the same front-end apache server + that the queries are always forwarded to the same app server (using session id) *** * - or that the app server are working in a cluster to synchronize their sessions ** ** If you can afford a hardware load-balancer, do so. But even there, you’ll have to setup several such boxes in parallel one day or another, with vrrp or hsrp or a similar protocol. ** ** You can also take a look at the SRV record for DNS ( http://en.wikipedia.org/wiki/SRV_record) and pray for the browser to support it. ** ** ** ** ** ** *From:* Harsimranjit singh Kler [mailto:simran...@gmail.com] *Sent:* Monday 6 February 2012 11:46 *To:* DENIS Laurent *Cc:* users@httpd.apache.org *Subject:* Re: [users@httpd] High availabilty through Apache httpd ** ** Thanks for details. One last question Why Apache not Support failover support which is basic for any load balancer setup ? Any plan of HA in future releases of httpd? On Mon, Feb 6, 2012 at 4:08 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: Basically, you have one IP address that is used by two hosts, active one only one at a time. If one service fails, the other node take the IP thanks to keepalived. This works only if you’re on the same network segment. Google on “vrrp keepalived apache” and you’ll get this first link: http://www.cyberciti.biz/faq/rhel-centos-fedora-keepalived-lvs-cluster-configuration/ *From:* Harsimranjit singh Kler [mailto:simran...@gmail.com] *Sent:* Monday 6 February 2012 10:53 *To:* DENIS Laurent *Cc:* users@httpd.apache.org *Subject:* Re: [users@httpd] High availabilty through Apache httpd Intially i want failover setup only with two node can you explain little about vrrp + keepalived. else some reference link how i can achive it step by step(on linux setup only) ? On Mon, Feb 6, 2012 at 3:12 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you’re on linux) to monitor your service. If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you’ll stumble on client-server persistence problem if you don’t use tomcat clustering. *From:* Jaco Kroon [mailto:j...@uls.co.za] *Sent:* Monday 6 February 2012 10:24 *To:* users@httpd.apache.org *Cc:* Harsimranjit singh Kler *Subject:* Re: [users@httpd] High availabilty through Apache httpd Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive with out hardware based HA. I have httpd 2.2.17 on one Phsical Node(IP xxx.xxx.xxx) and Six Tomcat worker on other 6 Phsical Node.Now if IP xxx.xxx.xxx goes down my application completly down.? regards Harsimran - The official User-To-User support
Re: [users@httpd] High availabilty through Apache httpd
You should ask this question on some HA mailing list. There are lots of HA solutions out there so google and you will find one that suits you. Search for DRBD, heartbeat, pacemaker for example or cluster HA with active/standby in your case. On Feb 7, 2012 5:22 PM, Harsimranjit singh Kler simran...@gmail.com wrote: hi Denis thanks yes Apache Httpd do load balancing properly :-) only concern with fail over support of httpd itself. eg. in my setup Machine1 having : Apache httpd(2.2.17) and modjk (1.2.30)(Session stickyness true and clustering not enabled) Machine2:Tomcat6(worker1,worker2) Machine3:Tomcat6(worker3,worker4) Machine2:Tomcat6(worker5,worker6) So Machine1 is my single point of failure.So i was thinking one machine with same configurations as Machine1 say MachineXX. MachineXX:Apache httpd(2.2.17) and modjk (1.2.30) so now if Machine1 goes down MachineXX should start taking new requests and vica-versa. On Mon, Feb 6, 2012 at 5:30 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: Apache supports load-balancing, you can put several in parallel without any problem J ** ** And it does a very nice job in load-balancing/failover for the backends through mod_proxy_balancer (though a health-check option at HTTP level would be welcome) ** ** The problem is more with the applications you put behind it. ** ** If you have several apache that forward to several application servers (be it PHP, Tomcat, Weblogic, Websphere, etc…) you need to make sure that: - one “client” always end on the same front-end apache server + that the queries are always forwarded to the same app server (using session id) ** ** - or that the app server are working in a cluster to synchronize their sessions ** ** If you can afford a hardware load-balancer, do so. But even there, you’ll have to setup several such boxes in parallel one day or another, with vrrp or hsrp or a similar protocol. ** ** You can also take a look at the SRV record for DNS ( http://en.wikipedia.org/wiki/SRV_record) and pray for the browser to support it. ** ** ** ** ** ** *From:* Harsimranjit singh Kler [mailto:simran...@gmail.com] *Sent:* Monday 6 February 2012 11:46 *To:* DENIS Laurent *Cc:* users@httpd.apache.org *Subject:* Re: [users@httpd] High availabilty through Apache httpd ** ** Thanks for details. One last question Why Apache not Support failover support which is basic for any load balancer setup ? Any plan of HA in future releases of httpd? On Mon, Feb 6, 2012 at 4:08 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: Basically, you have one IP address that is used by two hosts, active one only one at a time. If one service fails, the other node take the IP thanks to keepalived. This works only if you’re on the same network segment. Google on “vrrp keepalived apache” and you’ll get this first link: http://www.cyberciti.biz/faq/rhel-centos-fedora-keepalived-lvs-cluster-configuration/ *From:* Harsimranjit singh Kler [mailto:simran...@gmail.com] *Sent:* Monday 6 February 2012 10:53 *To:* DENIS Laurent *Cc:* users@httpd.apache.org *Subject:* Re: [users@httpd] High availabilty through Apache httpd Intially i want failover setup only with two node can you explain little about vrrp + keepalived. else some reference link how i can achive it step by step(on linux setup only) ? On Mon, Feb 6, 2012 at 3:12 PM, DENIS Laurent laurent.de...@mail.mobistar.be wrote: If you just want failover on the head apache: use two nodes with vrrp + keepalived (if you’re on linux) to monitor your service. If you need load-balancing, then you should use two VRRP addresses with DNS round-robin. But you’ll stumble on client-server persistence problem if you don’t use tomcat clustering. *From:* Jaco Kroon [mailto:j...@uls.co.za] *Sent:* Monday 6 February 2012 10:24 *To:* users@httpd.apache.org *Cc:* Harsimranjit singh Kler *Subject:* Re: [users@httpd] High availabilty through Apache httpd Not that I'm aware of but someone else on the list may very well know something I don't. May I inquire as to why not? Kind Regards, Jaco On 06/02/12 11:17, Harsimranjit singh Kler wrote: Its is not possible for me to use haproxy in my setup. Is there alternate to use with Apache only? On Mon, Feb 6, 2012 at 2:43 PM, Jaco Kroon j...@uls.co.za wrote: Hi, Perhaps look at haproxy instead of apache. Run it on two or more machines with multiple IPs and have then distribute the load to your Tomcat worker nodes. Kind Regards, Jaco On 06/02/12 11:09, Harsimranjit singh Kler wrote: Hi How i can make apache httpd High Available(HA)?.If i want to achive