So.. Thank you for those help me understand the NIO vs BIO in tomcat 7..
I made those changes things have improved quite a bit. I am still
experiencing some weirdness that I have tried to understand but can't get a
handle on it.
Quick overview..
--Proxies--
Apache Proxies (2) - The end user terminates SSL at the proxy/edge
The proxies use HTTPS/SSL to reverse proxy back to the tomcat server.
--/Proxies--
PXY1 & 2 configs for prefork mode.
<IfModule prefork.c>
StartServers 30
MinSpareServers 15
MaxSpareServers 30
ServerLimit 400
MaxClients 400
MaxRequestsPerChild 4000
</IfModule>
--Tomcat server-- (1)
Apache terminates SSL
over the top of Tomcat on the same server.
Reverse proxies to the tomcat server using NIO AJP connectors.
--/Tomcat server--
Tomcat apache prefork mode config:
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 800
MaxClients 800
MaxRequestsPerChild 4000
</IfModule>
Typical vhost config for a given tenant would look like this..
<someuser.conf>
<VirtualHost 10.10.10.26:443>
ServerAdmin ad...@company.com
ServerName somewhere.somedomain.com
ProxyPass / ajp://localhost:8326/ retry=3
DirectoryIndex index.php index.html index.htm
# if not specified, the global error log is used
ErrorLog "|/usr/sbin/rotatelogs
/home/someuser/website/logs/somewhere.somedomain.com-error_log_%Y%m%d 86400"
CustomLog "|/usr/sbin/rotatelogs
/home/someuser/website/logs/somewhere.somedomain.com-access_log_%Y%m%d
86400" combined
# log IP addresses
HostnameLookups Off
UseCanonicalName Off
ServerSignature off
SSLEngine on
SSLCertificateFile /etc/ssl/ssl.crt/somewhere.somedomain.com.crt
# Server Private Key:
SSLCertificateKeyFile /etc/ssl/ssl.key/somewhere.somedomain.com.key
SSLCertificateChainFile
/etc/ssl/ssl.crt/somewhere.somedomain-chain.com.crt
</VirtualHost>
</someuser.conf>
We are operating a multi-tenant environment. As of right now, we have
somewhere around 20 tomcat instances on a large machine of which only a
handful are "busy".
It used to be that when any one of them experienced a blocking issue.
Every one of them went down. All of their AJP connector threads would rise
until the system because tomcat was unresponsive. So far that appears for
the most part to be addressed...
However... When an issue is experienced. The site(s) experiencing the
issue(s) going down doesn't seem to bring down any of the other sites.
(w00t! w00t!) But the httpd connections for each site all still climb
together. (Please see attached graph)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
