It is very common to see a 504 Gateway Time-out using Nginx webserver. This timeout error is generated often by a number of reasons on the backend connection that is serving content. To fix it, you will have to figure out what configuration are you using. 继续阅读
This article covers setup of simple and cost-effective 2-node Proxmox VE cluster featuring locally installed GlusterFS as shared filesystem for cluster VMs. Through this solution is not intended for mission critical or enterprise needs, its ease and ability to run on bargain priced hardware makes it interesting for non-profit organisations, labs or clustering enthusiasts.
This HOWTO implies you have 2 freshly installed Proxmox VE 3.3 nodes:
pve-node-01 (IPv4 10.10.0.1) and pve-node-02 (IPv4 10.10.0.2) connected to the 10.10.0.0/16 private network. Keep in mind that your actual setup may differ and you may need to change some of commands in this HOWTO to suit your needs. 继续阅读
TCPCopy – A TCP Stream Replay Tool
TCPCopy is a TCP stream replay tool to support real testing of Internet server applications.
Although the real live flow is important for the test of Internet server applications, it is hard to simulate it as online environments are too complex. To support more realistic testing of Internet server applications, we develop a live flow reproduction tool – TCPCopy, which could generate the test workload that is similar to the production workload. Currently, TCPCopy has been widely used by companies in China.
TCPCopy has little influence on the production system except occupying additional CPU, memory and bandwidth. Moreover, the reproduced workload is similar to the production workload in request diversity, network latency and resource occupation. 继续阅读
If you have your web application running on one tomcat instance and want to add another tomcat instance (ideally on a different machine), following steps will guide you.
Step 1: Independently deploy your web application (WAR file) on each instance and make sure they can work independently.
Step 2: Stop tomcat
Step 3: Update the <Cluster> element under the <Engine> element in the Server.xml file (under the conf dir in tomcat installation dir) on both your servers with:
<Engine name="<meaningful_unique_name>" defaultHost="localhost"> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" channelSendOptions="8"> <Manager className="org.apache.catalina.ha.session.DeltaManager" expireSessionsOnShutdown="false" notifyListenersOnReplication="true"/> <Channel className="org.apache.catalina.tribes.group.GroupChannel"> <Membership className="org.apache.catalina.tribes.membership.McastService" address="184.108.40.206" port="45564" frequency="500" dropTime="3000"/> <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver" address="auto" port="4000" autoBind="100" selectorTimeout="5000" maxThreads="6"/> <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> </Sender> <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/> </Channel> <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;"/> <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/> </Cluster> ... </Engine>
HAProxy’s load-balancing algorithms
HAProxy supports many load-balancing algorithms which may be used in many different type of cases.
That said, cache servers, which deliver most of the time the static content from your web applications, may require some specific load-balancing algorithms.
HAProxy stands in front of your cache server for some good reasons:
- SSL offloading (read PHK’s feeling about SSL, Varnish and HAProxy)
- HTTP content switching capabilities
- advanced load-balancing algorithms
The main purpose of this article is to show how HAProxy can be used to aggregate Varnish servers memory storage in some kind of “JBOD” mode (like the “Just a Bunch Of Disks“).
Main purpose of the examples delivered here are to optimize the resources on the cache, mainly its memory, in order to improve the HIT rate. This will also improve your application response time and make your site top ranked on google 继续阅读
We’ve seen recently more and more DOS and DDOS attacks. Some of them were very big, requiring thousands of computers…
But in most cases, this kind of attacks are made by a few computers aiming to make a service or website unavailable, either by sending it too many requests or by taking all its available resources, preventing regular users to use the service.
Some attacks targets known vulnerabilities of widely used applications.
In the present article, we’ll explain how to take advantage of an application delivery controller to protect your website and application against DOS, DDOS and vulnerability scans.
Why using a LB for such protection since a firewall and a Web Application Firewall (aka WAF) could already do the job?
Well, the Firewall is not aware of the application layer but would be useful to pretect against SYN flood attacks. That’s why we saw recently application layer firewalls: Web Application Firewalls, also known as WAF.
Well, since the load balancer is in front of the platform, it can be a good partner for the WAF, filtering out 99% of the attacks, which are managed by script kiddies. The WAF can then happily clean up the remaining attacks.
Well, maybe you don’t need a WAF and you want to take advantage of your Aloha and save some money ;).
Note that you need an application layer load-balancer, like Aloha or OpenSource HAProxy to be efficient. 继续阅读
To ensure high availability and performance of Web applications, it is now common to use a load-balancer.
While some people uses layer 4 load-balancers, it can be sometime recommended to use layer 7 load-balancers to be more efficient with HTTP protocol.
NOTE: To understand better the difference between such load-balancers, please read the Load-Balancing FAQ.
A load-balancer in an infrastructure
The picture below shows how we usually install a load-balancer in an infrastructure:
This is a logical diagram. When working at layer 7 (aka Application layer), the load-balancer acts as a reverse proxy.
So, from a physical point of view, it can be plugged anywhere in the architecture:
- in a DMZ
- in the server LAN
- as front of the servers, acting as the default gateway
- far away in an other separated datacenter
Lately Docker has emerged as a key technology for deploying applications in the cloud environment. Compared to traditional hardware virtualization, Docker-based container sandbox provides a number of advantages for application deployment environment, such as lightweight isolation, deployment portability, ease of maintenance, etc. Now Red Hat is steering community efforts in streamlining the management and deployment of Docker containers. 继续阅读
In this article we will explore how to setup a simple Tomcat cluster and load balancing using HAProxy. Our environment will consists of two Tomcat (latest version) instances running under Ubuntu Lucid (10.04 LTS). We will use sample applications from the built-in Tomcat package to demonstrate various scenarios. Later in the tutorial, we will study in-depth how to configure HAProxy and how to setup logging.
What is HAProxy?
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing – http://haproxy.1wt.eu/
What is Tomcat?
Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies… Apache Tomcat powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations – http://tomcat.apache.org/
Table of Contents
- Setting-up the Environment
- Download Tomcat
- Configure Tomcat
- Run Tomcat
- Download HAProxy
- Configure HAProxy
- Load Balancing
- Default Setup
- Sharing Sessions
- Configure Tomcat to Share Sessions
- Retest Session Sharing
- Session Sharing Caveat
- Sharing Sessions
- HAProxy Configuration
- Configuration File
1. High Availability of Tomcat
frontend tomcat *:82
cookie JSESSIONID prefix
# http-server-close is very important – without this, only the first request will have its headers inspected for cookies and hence our JSESSIONID – so sticky sessions will not work.
server tomcat1 127.0.0.1:8080 cookie JSESSIONID_SERVER_1 check inter 5000
server tomcat2 127.0.0.1:8180 cookie JSESSIONID_SERVER_2 check inter 5000