apache proxy to tomcat keep alive confusion

Patrick picture Patrick · Nov 24, 2009 · Viewed 15.6k times · Source

I have an apache 2.2 server infront of a tomcat 6 server. using mod_proxy_ajp on apache to proxy requests to tomcat. pretty standard setup.

If I need to disable keep-alive connections for browsers, how do i do this?

I need to do disable keep-alive http requests because i suspect some of my users have firewalls that might be dropping an un-active keep-alive connection which randomly causes problems.

There are various 'keep alive' bits and pieces of configuration on both apache and tomcat.

httpd.conf has "KeepAlive Off" (which does not seem to be making a difference in my case)

also in httpd.conf where you set ProxyPass, you can have a parameter "keepalive" but this is only supposed to help if there are proxies/firewalls between my apache and tomcat, which there isn't in my case and is not the problem.

Tomcat itself, the http connector has "keepAliveTimeout" and "maxKeepAliveRequests" but this is only for http connectors.

The tomcat ajp connector also has a "keepAliveTimeout", but this is for ajp requests coming from apache, not sure if this should/flows on to the real HTTP request from the browser to apache.

To top it all there is also the HTTP1.0 vs HTTP1.1 differentiation.

So it gets confusing.... can someone please explain?

Answer

habe picture habe · Nov 24, 2009

There are (at least) four “keep-alive”s.

  1. HTTP layer keep-alive between client browser and Apache. (Enables multiple client requests in a HTTP/TCP connection. “KeepAlive” directive to configure.)

  2. TCP layer keep-alive between client browser and Apache. (To avoid connection to be closed by firewalls, send empty packet periodically (around 2 hours by default in Linux). I don't know how to configure in Apache.)

  3. AJP layer keep-alive between Apache and Tomcat. (Enables multiple Apache request in a AJP/TCP connection. “max” and “smax” options for “ProxyPass” to configure.)

  4. TCP layer keep-alive between Apache and Tomcat. (Same as 2, but for firewall between Apache and Tomcat. “keepalive” option for “ProxyPass” directive to configure.)

So, your configuration (“KeepAlive off”) might work correctly for firewalls within client and Apache. Use “%X” for “LogFormat” directive to check if keep-alive (of type 1 above) was disabled.

By the way, I think connection closure by firewalls doesn't cause serious problem when “KeepAliveTimeout” is not so large. If you don't have problem (other than warning messages), in my opinion, you might leave as is.