From 9401f816dd0d9d550fe98a8507224bde51c4b847 Mon Sep 17 00:00:00 2001 From: hongbotian Date: Mon, 30 Nov 2015 02:41:33 -0500 Subject: upload tomcat JIRA: BOTTLENECK-7 Change-Id: I875d474869efd76ca203c30b60ebc0c3ee606d0e Signed-off-by: hongbotian --- .../xdocs/generic_howto/loadbalancers.xml | 236 +++++++++++ .../xdocs/generic_howto/project.xml | 81 ++++ .../xdocs/generic_howto/proxy.xml | 347 ++++++++++++++++ .../xdocs/generic_howto/quick.xml | 170 ++++++++ .../xdocs/generic_howto/timeouts.xml | 407 +++++++++++++++++++ .../xdocs/generic_howto/workers.xml | 445 +++++++++++++++++++++ 6 files changed, 1686 insertions(+) create mode 100644 rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/loadbalancers.xml create mode 100644 rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/project.xml create mode 100644 rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/proxy.xml create mode 100644 rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/quick.xml create mode 100644 rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/timeouts.xml create mode 100644 rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/workers.xml (limited to 'rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto') diff --git a/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/loadbalancers.xml b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/loadbalancers.xml new file mode 100644 index 00000000..eda22cd4 --- /dev/null +++ b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/loadbalancers.xml @@ -0,0 +1,236 @@ + + +]> + + + &project; + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +LoadBalancer HowTo +Mladen Turk +$Date: 2011-03-07 19:04:44 +0100 (Mon, 07 Mar 2011) $ + + +
+
+

A load balancer is a worker that does not directly communicate with Tomcat. +Instead it is responsible for the management of several "real" workers, +called members or sub workers of the load balancer.

+

+This management includes: +

+
    +
  • +Instantiating the workers in the web server. +
    • +
  • +Using the worker's load-balancing factor, perform weighted load balancing +(distributing load according to defined strengths of the targets). +
    • +
  • +Keeping requests belonging to the same session executing on the same Tomcat +(session stickyness). +
    • +
  • +Identifying failed Tomcat workers, suspending requests to them and instead +falling-back on other workers managed by the load balancer. +
    • +
  • +Providing status and load metrics for the load balancer itself and all +members via the status worker interface. +
    • +
  • +Allowing to dynamically reconfigure load-balancing via the status worker +interface. +
    • +
+

+Workers managed by the same load balancer worker are load-balanced +(based on their configured balancing factors and current request or session load) +and also secured against failure by providing failover to other members of the same +load balancer. So a single Tomcat process death will not "kill" the entire site. +

+

Some of the features provided by a load balancer are even interesting, when +only working with a single member worker (where load balancing is not possible).

+ + +

A worker is configured as a load balancer by setting its worker type +to lb. +

+

+The following table specifies some properties used to configure a load balancer worker: +

+
    +
  • balance_workers is a comma separated list of names of the member workers of the +load balancer. These workers are typically of type ajp13. The member workers do +not need to appear in the worker.list property themselves, adding the +load balancer to it suffices.
    • +
  • sticky_session specifies whether requests with SESSION ID's should be routed +back to the same Tomcat instance that created the session. You can set sticky_session to +False when Tomcat is using a session manager which can share session data across +multiple instances of Tomcat - or if your application is stateless. +By default sticky_session is set to True.
    • +
  • lbfactor can be added to each member worker to configure individual +strengths for the members. A higher lbfactor will lead to more +requests being balanced to that worker. The factors must be given by integers and the +load will be distributed proportional to the factors given. Higher factors lead to +more requests.
    • +
+ + + # The load balancer worker balance1 will distribute + # load to the members worker1 and worker2 + worker.balance1.type=lb + worker.balance1.balance_workers=worker1, worker2 + worker.worker1.type=ajp13 + worker.worker1.host=myhost1 + worker.worker1.port=8009 + worker.worker2.type=ajp13 + worker.worker1.host=myhost2 + worker.worker1.port=8009 + + + +Session stickyness is not implemented using a tracking table for sessions. +Instead each Tomcat instance gets an individual name and adds its name at +the end of the session id. When the load balancer sees a session id, it +finds the name of the Tomcat instance and sends the request via the correct +member worker. For this to work you must set the name of the Tomcat instances +as the value of the jvmRoute attribute in the Engine element of +each Tomcat's server.xml. The name of the Tomcat needs to be equal to the name +of the corresponding load balancer member. In the above example, Tomcat on host +"myhost1" needs jvmRoute="worker1", Tomcat on host "myhost2" +needs jvmRoute="worker2". + + +

For a complete reference of all load balancer configuration +attributes, please consult the worker reference. +

+ + + +

The load balancer supports complex topologies and failover configurations. +Using the member attribute distance you can group members. +The load balancer will always send a request to a member of lowest distance. +Only when all of those are broken, it will balance to the members of the +next higher configured distance. This allows to define priorities between +Tomcat instances in different data center locations. +

+

When working with shared sessions, either by using session replication +or a persisting session manager (e.g. via a database), one often splits +up the Tomcat farm into replication groups. In case of failure of a member, +the load balancer needs to know, which other members share the session. +This is configured using the domain attribute. All workers +with the same domain are assumed to share the sessions.

+

For maintenance purposes you can tell the load balancer to not +allow any new sessions on some members, or even not use them at all. +This is controlled by the member attribute activation. +The value Active allows normal use of a member, disabled +will not create new sessions on it, but still allow sticky requests, +and stopped will no longer send any requests to the member. +Switching the activation from "active" to "disabled" some time before +maintenance will drain the sessions on the worker and minimize disruption. +Depending on the usage pattern of the application, draining will take from +minutes to hours. Switching the worker to stopped immediately before +maintenance will reduce logging of false errors by mod_jk.

+

Finally you can also configure hot spare workers by using +activation set to disabled in combination with +the attribute redirect added to the other workers:

+ + + # The advanced router LB worker + worker.list=router + worker.router.type=lb + worker.router.balance_workers=worker1,worker2 + + # Define the first member worker + worker.worker1.type=ajp13 + worker.worker1.host=myhost1 + worker.worker1.port=8009 + # Define preferred failover node for worker1 + worker.worker1.redirect=worker2 + + # Define the second member worker + worker.worker2.type=ajp13 + worker.worker2.host=myhost2 + worker.worker2.port=8009 + # Disable worker2 for all requests except failover + worker.worker2.activation=disabled + + +

+The redirect flag on worker1 tells the load balancer +to redirect the requests to worker2 in case that worker1 has a problem. +In all other cases worker2 will not receive any requests, thus acting +like a hot standby. +

+ +

A final note about setting activation to disabled: +The session id coming with a request is send either +as part of the request URL (;jsessionid=...) or via a cookie. +When using bookmarks or browsers that are running since a long time, +it is possible to send a request carrying an old and invalid session id +pointing at a disabled member. +Since the load balancer does not have a list of valid sessions, it will +forward the request to the disabled member. Thus draining takes longer than +expected. To handle such cases, you can add a Servlet filter to your web +application, which checks the request attribute JK_LB_ACTIVATION. +This attribute contains one of the strings "ACT", "DIS" or "STP". If you +detect "DIS" and the session for the request is no longer active, delete the +session cookie and redirect using a self-referential URL. The redirected +request will then no longer carry session information and thus the load +balancer will not send it to the disabled worker. The request attribute +JK_LB_ACTIVATION has been added in version 1.2.32.

+ + + +

+The status worker does not communicate with Tomcat. +Instead it is responsible for the worker management. It is +especially useful when combined with load balancer workers. +

+ + # Add the status worker to the worker list + worker.list=jkstatus + # Define a 'jkstatus' worker using status + worker.jkstatus.type=status + +

Next thing is to mount the requests to the jkstatus worker. For Apache +web servers use the:

+ + # Add the jkstatus mount point + JkMount /jkmanager/* jkstatus + +

To obtain a higher level of security use the:

+ + # Enable the JK manager access from localhost only + <Location /jkmanager/> + JkMount jkstatus + Order deny,allow + Deny from all + Allow from 127.0.0.1 + </Location> + + + + +
+ + + diff --git a/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/project.xml b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/project.xml new file mode 100644 index 00000000..b513a8aa --- /dev/null +++ b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/project.xml @@ -0,0 +1,81 @@ + + + + + The Apache Tomcat Connector - Generic HowTo + + + The Apache Tomcat Connector - Generic HowTo + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/proxy.xml b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/proxy.xml new file mode 100644 index 00000000..69c60fd5 --- /dev/null +++ b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/proxy.xml @@ -0,0 +1,347 @@ + + +]> + + + &project; + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +Reverse Proxy HowTo +Rainer Jung +$Date: 2011-03-07 16:17:11 +0100 (Mon, 07 Mar 2011) $ + + +
+
+

The Apache module mod_jk and its ISAPI and NSAPI variants connect +a web server to a backend (typically Tomcat) using the AJP protocol. +The web server receives an HTTP(S) request and the module forwards +the request to the backend. This function is usually called a gateway +or a proxy, in the context of HTTP it is called a reverse proxy. +

+
+
+
+

A reverse proxy is not totally transparent to the application on +the backend. For instance the host name and port the original client +(e.g. browser) needs to talk to belong to the web server and not to the +backend, so the reverse proxy talks to a different host name and port. +When the application on the backend returns content including +self-referential URLs using its own backend address and port, the +client will usually not be able to use these URLs. +

+

Another example is the client IP address, which for the web server is the +source IP of the incoming connection, whereas for the backend the +connection always comes from the web server. This can be a problem, when +the client IP is used by the backend application e.g. for security reasons. +

+
+
+
+

Most of these problems are automatically handled by the AJP protocol +and the AJP connectors of the backend. The AJP protocol transports +this communication metadata and the backend connector presents this +metadata whenever the application asks for it using Servlet API methods. +

+

The following list contains the communication metadata handled by AJP +and the ServletRequest/HttpServletRequest API calls which can be used to retrieve them: +

    +
  • local name: getLocalName() and getLocalAddr. +This is also equal to getServerName(), unless a Host header +is contained in the request. In this case the server name is taken from that header. +
    • +
  • local port: getLocalPort() +This is also equal to getServerPort(), unless a Host header +is contained in the request. In this case the server port is taken from that header +if it contains an explicit port, or is equal to the default port of the scheme used. +
    • +
  • client address: getRemoteAddr() +
    • +
  • client port: getRemotePort() +The remote port was initially not supported. It is available when using mod_jk 1.2.32 +with Apache or IIS (not for the NSAPI plugin) together with Tomcat version at least +5.5.28, 6.0.20 or 7.0.0. For older versions, getRemotePort() +will incorrectly return 0 or -1. As a workaround you can forward the remote port by setting +JkEnvVar REMOTE_PORT and then either using +request.getAttribute("REMOTE_PORT") instead of getRemotePort() +or wrapping the request using a filter and overriding getRemotePort() with +request.getAttribute("REMOTE_PORT"). +
    • +
  • client host: getRemoteHost() +
    • +
  • authentication type: getAuthType() +
    • +
  • remote user: getRemoteUser(), +if tomcatAuthentication="false" +
    • +
  • protocol: getProtocol() +
    • +
  • HTTP method: getMethod() +
    • +
  • URI: getRequestURI() +
    • +
  • HTTPS used: isSecure(), getScheme() +
    • +
  • query string: getQueryString() +
    • +
+The following additional SSL-related data will be made available by Apache and forwarded by mod_jk only +if you set SSLOptions +StdEnvVars. For the certificate information you also need +to set SSLOptions +ExportCertData. +
    +
  • SSL cipher: getAttribute(javax.servlet.request.cipher_suite) +
    • +
  • SSL key size: getAttribute(javax.servlet.request.key_size). +Can be disabled using JkOptions -ForwardKeySize. +
    • +
  • SSL client certificate: getAttribute(javax.servlet.request.X509Certificate). +If you want the whole certificate chain, then you need to also set JkOptions ForwardSSLCertChain. +It is likely, that in this case you also need to adjust the maximal AJP packet size +using the worker attribute max_packet_size. +
    • +
  • SSL session ID: getAttribute(javax.servlet.request.ssl_session). +This is for Tomcat, it has not yet been standardized. +
    • +
+

+
+
+
+

In some situations this is not enough though. Assume there is another +less clever reverse proxy in front of your web server, for instance an +HTTP load balancer or similar device which also serves as an SSL accelerator. +

+

Then you are sure that all your clients use HTTPS, but your web server doesn't +know about that. All it can see is requests coming from the accelerator using +plain HTTP. +

+

Another example would be a simple reverse proxy in front of your web server, +so that the client IP address that your web server sees is always the IP address +of this reverse proxy, and not of the original client. Often such reverse proxies +generate an additional HTTP header, like X-Forwareded-for which +contains the original client IP address (or a list of IP addresses, if there are +more cascading reverse proxies in front). It would be nice, if we could use the +content of such a header as the client IP address to pass to the backend. +

+

So we might need to manipulate some of the data that AJP sends to the backend. +When using mod_jk inside Apache httpd you can use several httpd environment +variables to let mod_jk know, which data it should forward. These environment variables +can be set by the httpd directives SetEnv or SetEnvIf, but also in a very flexible +way using mod_rewrite (since httpd 2.x it can not only test against environment +variables, but also set them). +

+

The following list contains all environment variables mod_jk checks, before +sending data to the backend: +

    +
  • JK_LOCAL_NAME: the local name +
    • +
  • JK_LOCAL_PORT: the local port +
    • +
  • JK_REMOTE_HOST: the client host +
    • +
  • JK_REMOTE_ADDR: the client address +
    • +
  • JK_AUTH_TYPE: the authentication type +
    • +
  • JK_REMOTE_USER: the remote user +
    • +
  • HTTPS: On (case-insensitive) to indicate, that HTTPS is used +
    • +
  • SSL_CIPHER: the SSL cipher +
    • +
  • SSL_CIPHER_USEKEYSIZE: the SSL key size +
    • +
  • SSL_CLIENT_CERT: the SSL client certificate +
    • +
  • SSL_CLIENT_CERT_CHAIN_: prefix of variable names, containing +the client cerificate chain +
    • +
  • SSL_SESSION_ID: the SSL session ID +
    • +
+

+

Remember: in general you don't need to set them. The module retrieves the data automatically +from the web server. Only in case you want to change this data, you can overwrite it by +using these variables. +

+

Some of these variables might also be used by other web server modules. All +variables whose name does not begin with "JK" are set directly by Apache httpd. +If you want to change the data, but do not want to negatively influence the behaviour +of other modules, you can change the names of all variables mod_jk uses to private ones. +For the details see the Apache reference page. +

+

All variables, that are not SSL-related have only been introduced in version 1.2.27. +

+

Finally there is a shortcut to forward the local IP of the web server as the remote IP. +This can be useful, e.g. when using the Tomcat remote address valve for allowing connections +only from registered Apache web servers. This feature is activated by setting +JkOptions ForwardLocalAddress. +

+
+
+
+

As an alternative to using the environment variables described in the previous section +(which do only exist when using Apache httpd), you can also configure Tomcat to overwrite +some of the communications data forwarded by mod_jk. The AJP connector in Tomcat's server.xml +allows to set the following properties: +

    +
  • proxyName: server name as returned by getServerName() +
    • +
  • proxyPort: server port as returned by getServerPort() +
    • +
  • scheme: protocol scheme as returned by getScheme() +
    • +
  • secure: set to "true", if you wish isSecure() to return "true". +
    • +
+Remember: in general you don't need to set those. AJP automatically handles all cases +where the web server running mod_jk knows the right data. +

+
+
+
+ +

Sometimes one want to change path components of the URLs under which an application +is available. Especially if a web application is deployed as some context, say /myapp, +marketing prefers short URLs, so want the application to be directly available under +http://www.mycompany.com/. Although you can deploy the application as the so-called +ROOT context, which will be directly available at "/", admins often prefer not to use +the ROOT context, e.g. because only one application can be the root context (per host). +

+

The procedure to change the URLs in the reverse proxy is tedious, because often +an application produces self-referential URLs, which then include the path components +which you tried to hide to the outside world. Nevertheless, if you absolutely need to do it, +here are the steps. +

+

Case A: You need to make the application available at a simple URL, but it is OK, if +users proceed using the more complex URLs, as long as they don't have to type them in. +That's the easy case, and if this suffices to you, you're lucky. Use a simply RedirectMatch +for Apache httpd: +

+ +RedirectMatch ^/$ http://www.mycompany.com/myapp/ + +

Your application will then be available under http://www.mycompany.com/, +and each visitor will be immediately redirected to the real URL +http://www.mycompany.com/myapp/ +

+

Case B: You need to hide path components for all requests going to the application. +Here's the recipe for the case, where you want to hide the first path component +/myapp. More complex manipulations are left as an exercise to the reader. +First the solution for the case of Apache httpd: +

+

1. Use mod_rewrite +to add /myapp to all requests before forwarding to the backend: +

+ +# Don't forget the PT flag! (pass through) +RewriteRule ^/(.*) http://www.mycompany.com/myapp/$1 [PT] + +

2. Use mod_headers +to rewrite any HTTP redirects your application might return. Such redirects typically contain +the path components you want to hide, because by the HTTP standard, redirects always need to include +the full URL, and your application is not aware of the fact, that your clients talk to it via +some shortened URL. An HTTP redirect is done with a special response header named Location. +We rewrite the Location headers of our responses: +

+ +# Keep protocol, server and port if present, +# but insert our webapp name before the rest of the URL +Header edit Location ^([^/]*//[^/]*)?/(.*)$ $1/myapp/$2 + +

3. Use mod_headers again, to rewrite the paths contained in any cookies, +your application might set. Such cookie paths again might contain +the path components you want to hide. +A cookie is set with the HTTP response header named Set-Cookie. +We rewrite the Set-Cookie headers of our responses: +

+ +# Fix the cookie path +Header edit Set-Cookie "^(.*; Path=/)(.*)" $1/myapp/$2 + +

3. Some applications might contain hard coded absolute links. +In this case check, whether you find a configuration item for your web framework +to configure the base URL. If not, your only chance is to parse all response +content bodies and do search and replace. This is fragile and very resource intensive. +If you really need to do this, you can use +mod_proxy_html, +mod_substitute +or mod_sed +for this task. +

+

If you are using Microsoft IIS as a web server, the ISAPI plugin provides a way +of doing the first step with a builtin feature. You define a mapping file for simple prefix +changes like this: +

+ +# Add a context prefix to all requests ... +/=/myapp/ +# ... or change some prefix ... +/oldapp/=/myapp/ + +

and then put the name of the file in the rewrite_rule_file entry of the registry or your +isapi_redirect.properties file. In you uriworkermap.properties file, you +still need to map the URLs as they are before rewriting! +

+

More complex rewrites can be done using the same file, but with regular expressions. A leading +tilde sign '~', indicates, that you are using a regular expression: +

+ +# Use a regular expression rewrite +~/oldapps([0-9]*)/=/newapps$1/ + +

There is no support for Steps 2 (rewriting redirect responses) or 3 (rewriting cookie paths). +

+ + +

Some types of problems are triggered by the use of encoded URLs +(see percent encoding). +For the same location there exist +a lot of different URLs which are equivalent. The reverse proxy needs to inspect the URL in order +to apply its own authentication rules and to decide, to which backend it should send the request +(or whether it should handle it itself). Therefore the request URL first is normalized: +percent encoded characters are decoded, /./ is replaced by /, +/XXX/../ is replaced by / and similar manipulations of the URL are done. +After that, the web server might apply rewrite rules to further change the URL in less obvious ways. +Finally there is no more way to put the resulting URL in an encoding, which is "similar" to +the one which was used for the original URL. +

+

+For historical reasons, there have been several alternatives, how mod_jk and the ISAPI +plugin encoded the resulting URL before sending it to the backend. They could be chosen via +JkOptions (Apache httpd) or uri_select (ISAPI). None of those historical +encodings are recommended, because they have either negative functionality implications or +pose a security risk. The default encoding since version 1.2.24 is ForwardURIProxy +(Apache httpd) or proxy (ISAPI) and it is strongly recommended to keep the default +and remove all old explicit settings. +

+ +
+
+
+

+You can also add more attributes to any request you are forwarding when using Apache httpd. +For this use the JkEnvVar directive (for details see the +Apache reference page). Such request attributes can be +retrieved on the Tomcat side via request.getAttribute(attributeName). +Note that their names will not be listed in request.getAttributeNames()! +

+
+ + diff --git a/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/quick.xml b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/quick.xml new file mode 100644 index 00000000..68277226 --- /dev/null +++ b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/quick.xml @@ -0,0 +1,170 @@ + + +]> + + + &project; + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +Quick Start HowTo +Henri Gomez +$Date: 2010-03-15 16:26:00 +0100 (Mon, 15 Mar 2010) $ + + +
+

+ This document describes the configuration files used by JK on the + Web Server side for the 'impatient': +

    +
  • + workers.properties is a mandatory file used by the webserver and which + is the same for all JK implementations (Apache/IIS/NES). +
    • +
  • + web server add-ons to be set on the webserver side. +
    • +
+

+

+ We'll give here minimum servers configuration and an example workers.properties + to be able to install and check quickly your configuration. +

+
+ +
+

+ Here is a minimum workers.properties, using just ajp13 to connect your Apache webserver + to the Tomcat engine, complete documentation is available in Workers HowTo. +

+

+ + + # Define 1 real worker using ajp13 + worker.list=worker1 + # Set properties for worker1 (ajp13) + worker.worker1.type=ajp13 + worker.worker1.host=localhost + worker.worker1.port=8009 + + +

+
+ +
+

+ Here is a minimum information about Apache configuration, a + more complete separate HowTo for Apache is available. +

+

+ You should first have mod_jk.so (unix) or mod_jk.dll (Windows) installed + in your Apache module directory (see your Apache documentation to locate it). +

+

+ Usual locations for modules directory on Unix: +

    +
  • /usr/lib/apache/
    • +
  • /usr/lib/apache2/
    • +
  • /usr/local/apache/libexec/
    • +
+

+

+ Usual locations for modules directory on Windows : +

    +
  • C:\Program Files\Apache Group\Apache\modules\
    • +
  • C:\Program Files\Apache Group\Apache2\modules\
    • +
+

+

+ You'll find a link to prebuilt binaries + here +

+

+ Here is the minimum which should be set in httpd.conf directly or + included from another file: +

+

+ Usual locations for configuration directory on Unix: +

    +
  • /etc/httpd/conf/
    • +
  • /etc/httpd2/conf/
    • +
  • /usr/local/apache/conf/
    • +
+

+

+ Usual locations for configuration directory on Windows : +

    +
  • C:\Program Files\Apache Group\Apache\conf\
    • +
  • C:\Program Files\Apache Group\Apache2\conf\
    • +
+

+

+ + + # Load mod_jk module + # Update this path to match your modules location + LoadModule jk_module libexec/mod_jk.so + # Declare the module for <IfModule directive> (remove this line on Apache 2.x) + AddModule mod_jk.c + # Where to find workers.properties + # Update this path to match your conf directory location (put workers.properties next to httpd.conf) + JkWorkersFile /etc/httpd/conf/workers.properties + # Where to put jk shared memory + # Update this path to match your local state directory or logs directory + JkShmFile /var/log/httpd/mod_jk.shm + # Where to put jk logs + # Update this path to match your logs directory location (put mod_jk.log next to access_log) + JkLogFile /var/log/httpd/mod_jk.log + # Set the jk log level [debug/error/info] + JkLogLevel info + # Select the timestamp log format + JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " + # Send everything for context /examples to worker named worker1 (ajp13) + JkMount /examples/* worker1 + + +

+
+ +
+

+ A separate HowTo for the IIS web server is available. +

+ +More information to be added! + +
+ +
+

+ A separate HowTo for the Netscape/iPlanet/Sun web server is available. + +More information to be added? + +

+
+ + +
+

+ (Re)start the web server and browse to the http://localhost/examples/ +

+ +
+ + diff --git a/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/timeouts.xml b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/timeouts.xml new file mode 100644 index 00000000..12208e1a --- /dev/null +++ b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/timeouts.xml @@ -0,0 +1,407 @@ + + +]> + + + &project; + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +Timeouts HowTo +Rainer Jung +$Date: 2009-03-22 00:11:39 +0100 (Sun, 22 Mar 2009) $ + + +
+
+

Setting communication timeouts is very important to improve the +communication process. They help to detect problems and stabilise +a distributed system. JK can use several different timeout types, which +can be individually configured. For historical reasons, all of them are +disabled by default. This HowTo explains their use and gives +hints how to find appropriate values. +

+

All timeouts can be configured in the workers.properties file. +For a complete reference of all worker configuration +items, please consult the worker reference. +This page assumes, that you are using at least version 1.2.16 of JK. +Dependencies on newer versions will be mentioned where necessary. +

+ +Do not set timeouts to extreme values. Very small timeouts will likely +be counterproductive. + + +Long Garbage Collection pauses on the backend do not make a good +fit with some timeouts. Try to optimise your Java memory and GC settings. + +
+ +
+
+ +

+CPing/CPong is our notion for using small test packets to check the +status of backend connections. JK can use such test packets directly after establishing +a new backend connection (connect mode) and also directly before each request gets +send to a backend (prepost mode). +Starting with version 1.2.27 it can also be used when a connection was idle +for a long time (interval mode). +The maximum waiting time (timeout) for a CPong answer to a CPing and the idle +time in interval mode can be configured. +

+

+The test packets will be answered by the backend very fast with a minimal amount of +needed processing resources. A positive answer tells us, that the backend can be reached +and is actively processing requests. It does not detect, if some context is deployed +and working. The benefit of CPing/CPong is a fast detection of a communication +problem with the backend. The downside is a slightly increased latency. +

+

+The worker attribute ping_mode can be set to a combination of characters +to determine, in which situations test packets are used: +

    +
  • C: connect mode, timeout ping_timeout overwritten by connect_timeout
    • +
  • P: prepost mode, timeout ping_timeout overwritten by prepost_timeout
    • +
  • I: interval mode, timeout ping_timeout, idle time connection_ping_interval
    • +
  • A: all modes
    • +
+

+

+Multiple values must be concatenated without any separator characters. +We recommend using all CPing tests. If your application is very latency sensitive, then +you should only use the combination of connect and interval mode. +

+

+Activating the CPing probing via ping_mode has been added in version 1.2.27. +For older versions only the connect and prepost modes exist and must be activated by +explicitely setting connect_timeout and prepost_timeout. +

+

+The worker attribute ping_timeout sets the default wait timeout +in milliseconds for CPong for all modes. By default the value is "10000" +milliseconds. The value only gets used, if you activate CPing/Cpong probes +via ping_mode. The default value should be fine, except if you experience +very long Java garbage collection pauses. +Depending on your network latency and stability, good custom values +often are between 5000 and 15000 milliseconds. +You can overwrite the timeout used for connect and prepost mode with +connect_timeout and prepost_timeout. +Remember: don't use extremely small values. +

+

+The worker attribute connect_timeout sets the wait timeout +in milliseconds for CPong during connection establishment. You can use it +if you want to overwrite the general timeout set with ping_timeout. +To use connect mode CPing, you need to enable it via ping_mode. +Since JK usually uses persistent connections, opening new connections is a +rare event. We therefore recommend activating connect mode. +Depending on your network latency and stability, good values often +are between 5000 and 15000 milliseconds. +Remember: don't use extremely small values. +

+

+The worker attribute prepost_timeout sets the wait timeout +in milliseconds for CPong before request forwarding. You can use it +if you want to overwrite the general timeout set with ping_timeout. +To use prepost mode CPing, you need to enable it via ping_mode. +Activating this type of CPing/CPong adds a small latency to each +request. Usually this is small enough and the benefit of CPing/CPong is more important. +So in general we also recommend using prepost_timeout. +Depending on your network latency and stability, good values often +are between 5000 and 10000 milliseconds. +Remember: don't use extremely small values. +

+

+Until version 1.2.27 ping_mode and ping_timeout did not +exist and to enable connect or prepost mode CPing you had to set connect_timeout +respectively prepost_timeout to some reasonable positive value. +

+ + + +

+Some platforms allow to set timeouts for all operations on TCP sockets. +This is available for Linux and Windows, other platforms do not support this, +e.g. Solaris. If your platform supports TCP send and receive timeouts, +you can set them using the worker attribute socket_timeout. +You can not set the two timeouts to different values. +

+

+JK will accept this attribute even if your platform does not support +socket timeouts. In this case setting the attribute will have no effect. +By default the value is "0" and the timeout is disabled. +You can set the attribute to some seconds value (not: milliseconds). +JK will then set the send and the receive timeouts of the backend +connections to this value. The timeout is low-level, it is +used for each read and write operation on the socket individually. +

+

+Using this attribute will make JK react faster to some types of network problems. +Unfortunately socket timeouts have negative side effects, because for most +platforms, there is no good way to recover from such a timeout, once it fired. +For JK there is no way to decide, if this timeout fired because of real network +problems, or only because it didn't receive an answer packet from a backend in time. +So remember: don't use extremely small values. +

+

+For the general case of connection establishment you can use +socket_connect_timeout. It takes a millisecond value and works +on most platforms, even if socket_timeout is not supported. +We recommend using socket_connect_timeout because in some network +failure situations failure detection during connection establishment +can take several minutes due to TCP retransmits. Depending on the quality +of your network a timeout somewhere between 1000 and 5000 milliseconds +should be fine. Note that socket_timeout is in seconds, and +socket_connect_timeout in milliseconds. +

+ + + +

+JK handles backend connections in a connection pool per web server process. +The connections are used in a persistent mode. After a request completed +successfully we keep the connection open and wait for the next +request to forward. The connection pool is able to grow according +to the number of threads that want to forward requests in parallel. +

+

+Most applications have a varying load depending on the hour of the day +or the day of the month. Other reasons for a growing connection pool +would be temporary slowness of backends, leading to an increasing +congestion of the frontends like web servers. Many backends use a dedicated +thread for each incoming connection they handle. So usually one wants the +connection pool to shrink, if the load diminishes. +

+

+JK allows connections in the pool to get closed after some idle time. +This maximum idle time can be configured with the attribute +connection_pool_timeout which is given in units of seconds. +The default value is "0", which disables closing idle connections. +

+

+We generally recommend values around 10 minutes, so setting +connection_pool_timeout to 600 (seconds). If you use this attribute, +please also set the attribute connectionTimeout in the AJP +Connector element of your Tomcat server.xml configuration file to +an analogous value. Caution: connectionTimeout is in milliseconds. +So if you set JK connection_pool_timeout to 600, you should set Tomcat +connectionTimeout to 600000. +

+

+JK connections do not get closed immediately after the timeout passed. +Instead there is an automatic internal maintenance task +running every 60 seconds, that checks the idle status of all connections. +The 60 seconds interval +can be adjusted with the global attribute worker.maintain. We do not +recommend to change this value, because it has a lot of side effects. +Until version 1.2.26, the maintenance task only runs, if requests get +processed. So if your web server has processes that do not receive any +requests for a long time, there is no way to close the idle connections +in its pool. Starting with version 1.2.27 you can configure an independent +watchdog thread when using Apache 2.x with threaded APR or IIS. +

+

+The maximum connection pool size can be configured with the +attribute connection_pool_size. We generally do not recommend +to use this attribute in combination with Apache httpd. For +Apache httpd we automatically detect the number of threads per +process and set the maximum pool size to this value. For IIS we use +a default value of 250 (before version 1.2.20: 10), +for the Sun Web Server the default is "1". +We strongly recommend adjusting this value for IIS and the Sun Web Server +to the number of requests one web server process should +be able to send to a backend in parallel. You should measure how many connections +you need during peak hours without performance problems, and then add some +percentage depending on your growth rate etc. Finally you should check, +whether your web server processes are able to use at least as many threads, +as you configured as the pool size. +

+

+The JK attribute connection_pool_minsize defines, +how many idle connections remain when the pool gets shrunken. +By default this is half of the maximum pool size. +

+ + + +

+One particular problem with idle connections comes from firewalls, that +are often deployed between the web server layer and the backend. +Depending on their configuration, they will silently drop +connections from their status table if they are idle for to long. +

+

+From the point of view of JK and of the web server, the other side +simply doesn't answer any traffic. Since TCP is a reliable protocol +it detects the missing TCP ACKs and tries to resend the packets for +a relatively long time, typically several minutes. +

+

+Many firewalls will allow connection closing, even if they dropped +the connection for normal traffic. Therefore you should always use +connection_pool_timeout and +connection_pool_minsize on the JK side +and connectionTimeout on the Tomcat side. +

+

+Furthermore using the boolean attribute socket_keepalive you can +set a standard socket option, that automatically sends TCP keepalive packets +after some idle time on each connection. By default this is set to "False". +If you suspect idle connection drops by firewalls you should set this to +"True". +

+

+Unfortunately the default intervals and algorithms for these packets +are platform specific. You might need to inspect TCP tuning options for +your platform on how to control TCP keepalive. +Often the default intervals are much longer than the firewall timeouts +for idle connections. Nevertheless we recommend talking to your firewall +administration and your platform administration in order to make them agree +on good configuration values for the firewall and the platform TCP tuning. +

+

+In case none of our recommendations help and you are definitively having +problems with idle connection drops, you can disable the use of persistent +connections when using JK together with Apache httpd. For this you set +"JkOptions +DisableReuse" in your Apache httpd configuration. +This will have a huge negative performance impact! +

+ + + +

+JK can also use a timeout on request replies. This timeout does not +measure the full processing time of the response. Instead it controls, +how much time between consecutive response packets is allowed. +

+

+In most cases, this is what one actually wants. Consider for example +long running downloads. You would not be able to set an effective global +reply timeout, because downloads could last for many minutes. +Most applications though have limited processing time before starting +to return the response. For those applications you could set an explicit +reply timeout. Applications that do not harmonise with reply timeouts +are batch type applications, data warehouse and reporting applications +which are expected to observe long processing times. +

+ +If JK aborts waiting for a response, because a reply timeout fired, +there is no way to stop processing on the backend. Although you free +processing resources in your web server, the request +will continue to run on the backend - without any way to send back a +result once the reply timeout fired. + +

+JK uses the worker attribute reply_timeout to set reply timeouts. +The default value is "0" (timeout disabled) and you can set it to any +millisecond value. +

+

+In combination with Apache httpd, you can also set a more flexible reply_timeout +using an httpd environment variable. If you set the variable JK_REPLY_TIMEOUT +to some integer value, this value will be used instead of the value in +the worker configuration. This way you can set reply timeouts more flexible +with mod_setenvif and mod_rewrite depending on URI, query string etc. +If the environment variable JK_REPLY_TIMEOUT is not set, or is set to a +negative value, the default reply timeout of the worker will be used. If +JK_REPLY_TIMEOUT contains the value "0", then the reply timeout will be disabled +for the request. +

+

+In combination with a load balancing worker, JK will disable a member +worker of the load balancer if a reply timeout fires. The worker will then +no longer be used until it gets recovered during the next automatic +maintenance task. Starting with JK 1.2.24 you can improve this behaviour using +max_reply_timeouts. This +attribute will allow occasional long running requests without disabling the +worker. Only if those requests happen to often, the worker gets disabled by the +load balancer. +

+ +
+ +
+
+ +

+A load balancer worker does not only have the ability to balance load. +It also handles stickyness and failover of requests in case of errors. +When a load balancer detects an error on one of its members, it needs to +decide, whether the error is serious, or only a temporary error or maybe +only related to the actual request that was processed. Temporary errors +are called local errors, serious errors will be called global errors. +

+

+If the load balancer decides that a backend should be put into the global error +state, then the web server will not send any more requests there. If no session +replication is used, this means that all user sessions located on the respective +backend are no longer available. The users will be send to another backend +and will have to login again. So the global error state is not transparent to the +users. The application is still available, but users might loose some work. +

+

+In some cases the decision between local error and global error is easy. +For instance if there is an error sending back the response to the client (browser), +then it is very unlikely that the backend is broken. +So this situation is a typical example of a local error. +

+

+Some situations are harder to decide though. If the load balancer can't establish +a new connection to a backend, it could be because of a temporary overload situation +(so no more free threads in the backend), or because the backend isn't alive any more. +Depending on the details, the right state could either be local error or global error. +

+ + +

+Until version 1.2.26 most errors were interpreted as global errors. +Starting with version 1.2.27 many errors which were previously interpreted as global +were switched to being local whenever the backend is still busy. Busy means, that +other concurrent requests are send to the same backend (successful or not). +

+

+In many cases there is no perfect way of making the decision +between local and global error. The load balancer simply doesn't have enough information. +In version 1.2.28 you can now tune, how fast the load balancer switches from local error to +global error. If a member of a load balancer stays in local error state for too long, +the load balancer will escalate it into global error state. +

+

+The time tolerated in local error state is controlled by the load balancer attribute +error_escalation_time (in seconds). The default value is half of recover_time, +so unless you changed recover_time the default is 30 seconds. +

+

+Using a smaller value for error_escalation_time will make the load balancer react +faster to serious errors, but also carries the risk of more often loosing sessions +in not so serious situations. You can lower error_escalation_time down to 0 seconds, +which means all local errors which are potentially serious are escalated to global errors +immediately. +

+

+Note that without good basic error detection the whole escalation procedure is useless. +So you should definitely use socket_connect_timeout and activate CPing/CPong +with ping_mode and ping_timeout before thinking about also tuning +error_escalation_time. +

+ +
+ + + diff --git a/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/workers.xml b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/workers.xml new file mode 100644 index 00000000..0c97d0c1 --- /dev/null +++ b/rubbos/app/tomcat-connectors-1.2.32-src/xdocs/generic_howto/workers.xml @@ -0,0 +1,445 @@ + + +]> + + + &project; + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +Workers HowTo +Henri Gomez +Gal Shachor +Mladen Turk +$Date: 2010-01-28 20:47:58 +0100 (Thu, 28 Jan 2010) $ + + +
+

+A Tomcat worker is a Tomcat instance that is waiting to execute servlets on behalf of some web server. +For example, we can have a web server such as Apache forwarding servlet requests to a +Tomcat process (the worker) running behind it. +

+

+The scenario described above is a very simple one; +in fact one can configure multiple Tomcat workers to serve servlets on +behalf of a certain web server. +The reasons for such configuration can be: +

+
    +
  • +We want different contexts to be served by different Tomcat workers to provide a +development environment where all the developers share the same web server but own a Tomcat worker of their own. +
    • +
  • +We want different virtual hosts served by different Tomcat processes to provide a +clear separation between sites belonging to different companies. +
    • +
  • +We want to provide load balancing, meaning run multiple Tomcat workers each on a +machine of its own and distribute the requests between them. +
    • +
+ +

+There are probably more reasons for having multiple workers but I guess that this list is enough... +Tomcat workers are defined in a properties file dubbed workers.properties and this tutorial +explains how to work with it. +

+ +

+This document was originally part of Tomcat: A Minimalistic User's Guide written by Gal Shachor, +but has been split off for organisational reasons. +

+
+ +
+

+Defining workers to the Tomcat web server plugin can be done using a properties file +(a sample file named workers.properties is available in the conf/ directory). +

+ +

+the file contains entries of the following form: +

+ +

+worker.list=<a comma separated list of worker names> +

+ + + # the list of workers + worker.list= worker1, worker2 + + +

+When starting up, the web server plugin will instantiate the workers whose name appears in the +worker.list property, these are also the workers to whom you can map requests. The directive can be used multiple times. +

+ + +

+Each named worker should also have a few entries to provide additional information on his behalf. +This information includes the worker's type and other related worker information. +Currently the following worker types that exists are (JK 1.2.5): +

+ + + + + + + + +
TypeDescription
ajp12This worker knows how to forward requests to out-of-process Tomcat workers using the ajpv12 protocol.
ajp13This worker knows how to forward requests to out-of-process Tomcat workers using the ajpv13 protocol.
jniDEPRECATED: This worker knows how to forward requests to in-process Tomcat workers using JNI.
lbThis is a load-balancing worker; it knows how to provide round-robin based sticky load balancing with a certain level of fault-tolerance.
statusThis is a status worker for managing load balancers.
+ +

+Defining workers of a certain type should be done with the following property format: +

+ +

+worker.worker name.type=<worker type> +Where worker name is the name assigned to the worker and the worker type is one of the four types defined +in the table (a worker name may only contain any space the characters [a-zA-Z0-9\-_]). +

+ + + # Defines a worker named "local" that uses the ajpv12 protocol to forward requests to a Tomcat process. + worker.local.type=ajp12 + # Defines a worker named "remote" that uses the ajpv13 protocol to forward requests to a Tomcat process. + worker.remote.type=ajp13 + # Defines a worker named "loadbalancer" that loadbalances several Tomcat processes transparently. + worker.loadbalancer.type=lb + + + + +
+ +
+

+After defining the workers you can also specify properties for them. +Properties can be specified in the following manner: +

+ +

+worker.<worker name>.<property>=<property value> +

+ +Each worker has a set of properties that you can set as specified in the following subsections: + + +

+The ajp12 has been deprecated with Tomcat 3.3.x and you should use instead +ajp13 which is the only ajp protocol known by Tomcat 4.x and 5 and 5.5 and Tomcat 6. +

+

+The ajp12 typed workers forward requests to out-of-process Tomcat workers +using the ajpv12 protocol over TCP/IP sockets. +

+ +

+the ajp12 worker properties are : +

+ +

+host property sets the host where the Tomcat worker is listening for ajp12 requests. +

+ +

+port property sets the port where the Tomcat worker is listening for ajp12 requests +

+ +

+lbfactor property is used when working with a load balancer worker, this is the load-balancing factor for the worker. +We'll see more on this in the lb worker section. +

+ + + # worker "worker1" will talk to Tomcat listening on machine www.x.com at port 8007 using 2 lb factor + worker.worker1.host=www.x.com + worker.worker1.port=8007 + worker.worker1.lbfactor=2 + + +

+Notes: In the ajpv12 protocol, connections are created, used and then closed at each request. +The default port for ajp12 is 8007 +

+ + + + +

+The ajp13 typed workers forward requests to out-of-process Tomcat workers using the ajpv13 protocol over TCP/IP sockets. +The main difference between ajpv12 and ajpv13 are that: +

    +
  • +ajpv13 is a more binary protocol and it tries to compress some of the request data by coding +frequently used strings as small integers. +
    • +
  • +ajpv13 reuses open sockets and leaves them open for future requests (remember when you've got a Firewall between your +web server and Tomcat). +
    • +
  • +ajpv13 has special treatment for SSL information so that the container can implement +SSL related methods such as isSecure(). +
    • +
+ +

+ +

+You should note that Ajp13 is now the only out-process protocol supported by Tomcat 4.0.x, 4.1.x, 5.0.x, 5.5.x and 6. +

+ + + + # worker "worker2" will talk to Tomcat listening on machine www2.x.com at port 8009 using 3 lb factor + worker.worker2.host=www2.x.com + worker.worker2.port=8009 + worker.worker2.lbfactor=3 + # worker "worker2" uses connections, which will stay no more than 10mn in the connection pool + worker.worker2.connection_pool_timeout=600 + # worker "worker2" ask operating system to send KEEP-ALIVE signal on the connection + worker.worker2.socket_keepalive=1 + # mount can be used as an alternative to the JkMount directive + worker.worker2.mount=/contexta /contexta/* /contextb /contextb/* + + +

+Notes: In the ajpv13 protocol, the default port is 8009 +

+ + + + +

+The load-balancing worker does not really communicate with Tomcat workers. +Instead it is responsible for the management of several "real" workers. +This management includes: +

+ +
    +
  • +Instantiating the workers in the web server. +
    • +
  • +Using the worker's load-balancing factor, perform weighed-round-robin load balancing where +high lbfactor means stronger machine (that is going to handle more requests) +
    • +
  • +Keeping requests belonging to the same session executing on the same Tomcat worker. +
    • +
  • +Identifying failed Tomcat workers, suspending requests to them and instead falling-back on +other workers managed by the lb worker. +
    • +
+ +

+The overall result is that workers managed by the same lb worker are load-balanced (based on their lbfactor and current user session) and also fall-backed so a single Tomcat process death will not "kill" the entire site. +The following table specifies some properties that the lb worker can accept: +

    +
  • balance_workers is a comma separated list of workers that the load balancer need to manage. +As long as these workers should only be used via the load balancer worker, +there is no need to also put them into the worker.list property. +This directive can be used multiple times for the same load balancer.
    • +
  • sticky_session specifies whether requests with SESSION ID's should be routed back to the same +Tomcat worker. Set sticky_session to False when Tomcat is using a Session Manager which +can persist session data across multiple instances of Tomcat. By default sticky_session is set to True.
    • +
+

+ + + # The worker balance1 while use "real" workers worker1 and worker2 + worker.balance1.balance_workers=worker1, worker2 + + + + + +

+The status worker does not communicate with Tomcat. +Instead it is responsible for the load balancer management. +

+ + # Add the status worker to the worker list + worker.list=jkstatus + # Define a 'jkstatus' worker using status + worker.jkstatus.type=status + +

Next thing is to mount the requests to the jkstatus worker. For Apache +web servers use the:

+ + # Add the jkstatus mount point + JkMount /jkmanager/* jkstatus + +

To obtain a higher level of security use the:

+ + # Enable the JK manager access from localhost only + <Location /jkmanager/> + JkMount jkstatus + Order deny,allow + Deny from all + Allow from 127.0.0.1 + </Location> + + + + + +

+You can define "macros" in the property files. +These macros let you define properties and later on use them while +constructing other properties. +

+ + + # property example, like a network base address + mynet=194.226.31 + # Using the above macro to simplify the address definitions + # for a farm of workers. + worker.node1.host=$(mynet).11 + worker.node2.host=$(mynet).12 + worker.node3.host=$(mynet).13 + + + + + +

+Workers can reference configurations of other workers. +If worker "x" references worker "y", then it inherits all +configuration parameters from "y", except for the ones +that have explicitly been set for "x". +

+ + + # worker toe defines some default settings + worker.toe.type=ajp13 + worker.toe.socket_keepalive=true + worker.toe.connect_timeout=10000 + worker.toe.recovery_options=7 + # workers tic and tac inherit those values + worker.tic.reference=worker.toe + worker.tac.reference=worker.toe + + +

+Please note, that the reference contains +the full prefix to the referenced configuration attributes, +not only the name of the referenced worker. +

+ +

+References can be nested. Be careful to avoid loops! +

+ +

+Attributes which are allowed multiple times for a single worker +can not be merged from a worker and a reference. An attribute +is only inherited from a reference, if it is not already set +for the referring worker. +

+ +

+References are especially useful, when configuring load balancers. +Try to understand the following two stage references: +

+ + + # We only use one load balancer + worker.list=lb + # Let's define some defaults + worker.basic.port=8009 + worker.basic.type=ajp13 + worker.basic.socket_keepalive=true + worker.basic.connect_timeout=10000 + worker.basic.recovery_options=7 + # And we use them in two groups + worker.lb1.domain=dom1 + worker.lb1.distance=0 + worker.lb1.reference=worker.basic + worker.lb2.domain=dom2 + worker.lb2.distance=1 + worker.lb2.reference=worker.basic + # Now we configure the load balancer + worker.lb.type=lb + worker.lb.method=B + worker.lb.balanced_workers=w11,w12,w21,w22 + worker.w11.host=myhost11 + worker.w11.reference=worker.lb1 + worker.w12.host=myhost12 + worker.w12.reference=worker.lb1 + worker.w21.host=myhost21 + worker.w21.reference=worker.lb2 + worker.w22.host=myhost22 + worker.w22.reference=worker.lb2 + + + + +
+ +
+

+Since coping with worker.properties on your own is not an easy thing to do, +a sample worker.properties file is bundled along JK. +

+ +

+You could also find here a sample workers.properties defining : +

+ +
    +
  • +An ajp12 worker that used the host localhost and the port 8007 +
    • +
  • +An ajp13 worker that used the host localhost and the port 8008 +
    • +
  • +An lb worker that load balance the ajp12 and ajp13 workers +
    • +
+ + + # Define 3 workers, 2 real workers using ajp12, ajp13, the last one being a loadbalancing worker + worker.list=worker1, worker2, worker3 + # Set properties for worker1 (ajp12) + worker.worker1.type=ajp12 + worker.worker1.host=localhost + worker.worker1.port=8007 + worker.worker1.lbfactor=1 + # Set properties for worker2 (ajp13) + worker.worker2.type=ajp13 + worker.worker2.host=localhost + worker.worker2.port=8009 + worker.worker2.lbfactor=1 + worker.worker2.connection_pool_timeout=600 + worker.worker2.socket_keepalive=1 + worker.worker2.socket_timeout=60 + # Set properties for worker3 (lb) which use worker1 and worker2 + worker.worker3.balance_workers=worker1,worker2 + + +
+ + -- cgit 1.2.3-korg