So.. Thank you for those help me understand the NIO vs BIO in tomcat 7.. I made those changes things have improved quite a bit. I am still experiencing some weirdness that I have tried to understand but can't get a handle on it.
Quick overview.. --Proxies-- Apache Proxies (2) - The end user terminates SSL at the proxy/edge The proxies use HTTPS/SSL to reverse proxy back to the tomcat server. --/Proxies-- PXY1 & 2 configs for prefork mode. <IfModule prefork.c> StartServers 30 MinSpareServers 15 MaxSpareServers 30 ServerLimit 400 MaxClients 400 MaxRequestsPerChild 4000 </IfModule> --Tomcat server-- (1) Apache terminates SSL over the top of Tomcat on the same server. Reverse proxies to the tomcat server using NIO AJP connectors. --/Tomcat server-- Tomcat apache prefork mode config: <IfModule prefork.c> StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 800 MaxClients 800 MaxRequestsPerChild 4000 </IfModule> Typical vhost config for a given tenant would look like this.. <someuser.conf> <VirtualHost 10.10.10.26:443> ServerAdmin ad...@company.com ServerName somewhere.somedomain.com ProxyPass / ajp://localhost:8326/ retry=3 DirectoryIndex index.php index.html index.htm # if not specified, the global error log is used ErrorLog "|/usr/sbin/rotatelogs /home/someuser/website/logs/somewhere.somedomain.com-error_log_%Y%m%d 86400" CustomLog "|/usr/sbin/rotatelogs /home/someuser/website/logs/somewhere.somedomain.com-access_log_%Y%m%d 86400" combined # log IP addresses HostnameLookups Off UseCanonicalName Off ServerSignature off SSLEngine on SSLCertificateFile /etc/ssl/ssl.crt/somewhere.somedomain.com.crt # Server Private Key: SSLCertificateKeyFile /etc/ssl/ssl.key/somewhere.somedomain.com.key SSLCertificateChainFile /etc/ssl/ssl.crt/somewhere.somedomain-chain.com.crt </VirtualHost> </someuser.conf> We are operating a multi-tenant environment. As of right now, we have somewhere around 20 tomcat instances on a large machine of which only a handful are "busy". It used to be that when any one of them experienced a blocking issue. Every one of them went down. All of their AJP connector threads would rise until the system because tomcat was unresponsive. So far that appears for the most part to be addressed... However... When an issue is experienced. The site(s) experiencing the issue(s) going down doesn't seem to bring down any of the other sites. (w00t! w00t!) But the httpd connections for each site all still climb together. (Please see attached graph)
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org