We have a server with the spec 8 vCore and 16GB RAM. At its peak, the server uses only 15 to 25% CPU and around 40% of RAM.
The issue that we face is once the number of users start increasing, the response from apache simply starts taking more and more time. And at times doesnt respond itself.
proxy pass is used to connect apache to a node application running on a particular port. At the same time when there is delay in getting response from apache, the port gives response in ms.
When I use apache for example www.mydomainname.com/abc/endpoint I get response in 5 secs.At the same time if I use www.mydomainname.com:3001/endpoint I get response in 30 ms.
Apache is running on event mode with the below configuration.
<IfModule mpm_event_module>
StartServers 4
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 800
ServerLimit 32
MaxConnectionsPerChild 10000
</IfModule>
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 3
The sites are configure as below :
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName mysite.ae
ServerAlias www.mysite.ae
ServerAdmin webmaster@localhost
DocumentRoot /var/www/mysite
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/ssl/mysite/mysite.crt
SSLCertificateKeyFile /etc/ssl/mysite/mysite.key
ProxyPreserveHost off
ProxyReceiveBufferSize 2048
ProxyPass /e1/ https://127.0.0.1:4001/
ProxyPassReverse /e1/ https://127.0.0.1:4001/
ProxyPass /e2/ https://127.0.0.1:4002/
ProxyPassReverse /e2/ https://127.0.0.1:4002/
ProxyPass /e3/ https://127.0.0.1:4003/
ProxyPassReverse /e3/ https://127.0.0.1:4003/
ProxyPass /e4/ https://127.0.0.1:4004/
ProxyPassReverse /e4/ https://127.0.0.1:4004/
Alias /assets/ /var/www/e4/apis/
</VirtualHost>
</IfModule>
The error logs has this.
[proxy_http:error] [pid 7020:tid 140346369500864] [client 102.129.215.155:56380] AH01097: pass request body failed to 170.33.96.254:443 (wiocdsd.world) from 102.129.215.155 ()
[Mon Jun 12 12:25:36.000975 2023] [proxy:error] [pid 22976:tid 140345102825152] (20014)Internal error (specific information not available): [client 102.129.215.155:57246] AH01084: pass request body failed to 170.33.96.254:443 (wiocdsd.world)
[Mon Jun 12 12:25:36.001002 2023] [proxy:error] [pid 22976:tid 140345102825152] [client 102.129.215.155:57246] AH00898: Error during SSL Handshake with remote server returned by /api/index/getline
[Mon Jun 12 12:25:36.001007 2023] [proxy_http:error] [pid 22976:tid 140345102825152] [client 102.129.215.155:57246] AH01097: pass request body failed to 170.33.96.254:443 (wiocdsd.world) from 102.129.215.155 ()
[Mon Jun 12 12:25:36.131766 2023] [proxy:error] [pid 22905:tid 140346151388864] (20014)Internal error (specific information not available): [client 102.129.215.155:42064] AH01084: pass request body failed to 170.33.96.254:443 (wiocdsd.world)
What could be possibly wrong?
ProxyPass /e4/ https://127.0.0.1:4004/directives does not add security and only adds unnecessary overhead. Assuming that those backend services can't be accessed directly over the internet, you can run those services without HTTPS -