Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.4 stop loading ressources |
|
| Author |
|
MJoubert
Joined: 03 Mar 2015
Posts: 2
|
 Posted: Tue 03 Mar '15 16:28 Post subject: Apache 2.4 stop loading ressources |
 |
|
Hello,
I encounter a strange issue with Apache.
My apache proxy is configured to work as a reverse proxy with virtuals hosts using SSL.
When I try to load a web site page with several ressources, internet navigator begin to load ressources but often stop without ending.
It continue to load (cursor) but don't do anything.
On both side (client and server), requests terminate with status 200 so all seem good but... (debug navigateur and acces.log OK)
After several F5 (refresh), all ressources are finally loaded and the html page display correctly.
Here is my configuration :
Server OS : Ubuntu server 14.04.2 (64 bits)
Apache version : 2.4.10
SSL version : 1.0.1f (ubuntu version)
-------------------------------------------------------------------------------
An example of host :
...
<VirtualHost 192.168.254.16:443>
ServerName ged.irsa.fr
SSLEngine on
SSLCertificateFile /etc/certificates/ged.irsa.fr.2.crt
SSLCertificateKeyFile /etc/certificates/ged.irsa.fr.2.key
SSLCertificateChainFile /etc/certificates/gandi/Gandi_bundle_CA.pem
SSLProxyEngine on
SSLProxyCACertificateFile /etc/certificates/ged.irsa.fr.2.crt
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / ajp://192.168.254.5:8009/
ProxyPassReverse / ajp://192.168.254.5:8009/
</VirtualHost>
...
-------------------------------------------------------------------------------
Modified configuration in apache2.conf file :
...
AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off
...
-------------------------------------------------------------------------------
Modified configuration in mods_enabled/ssl.conf :
...
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLProtocol all -SSLv2 -SSLv3
...
-------------------------------------------------------------------------------
Here is an extract off /var/log/apacheƩ/error.log with trace mode, juste before the stop loading :
[Tue Mar 03 11:52:00.115567 2015] [proxy:debug] [pid 5339:tid 140124566247168] proxy_util.c(2146): AH00943: AJP: has released connection for (*)
[Tue Mar 03 11:52:00.115671 2015] [ssl:trace4] [pid 5339:tid 140124566247168] ssl_engine_io.c(2054): [client 90.83.195.161:16378] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7163bfdff0 [mem: 7f71180798d3]
[Tue Mar 03 11:52:00.360904 2015] [proxy_ajp:trace1] [pid 5339:tid 140124398393088] ajp_header.c(724): [client 90.83.195.161:26898] ajp_read_header: ajp_ilink_received END_RESPONSE (0x05), referer: https://ged.irsa.fr/share/page?pt=login
[Tue Mar 03 11:52:00.360943 2015] [proxy_ajp:trace6] [pid 5339:tid 140124398393088] ajp_header.c(735): [client 90.83.195.161:26898] ajp_parse_type: got END_RESPONSE (0x05), referer: https://ged.irsa.fr/share/page?pt=login
[Tue Mar 03 11:52:00.360980 2015] [proxy_ajp:debug] [pid 5339:tid 140124398393088] mod_proxy_ajp.c(630): [client 90.83.195.161:26898] AH00892: got response from (null) (*), referer: https://ged.irsa.fr/share/page?pt=login
[Tue Mar 03 11:52:00.360989 2015] [proxy:debug] [pid 5339:tid 140124398393088] proxy_util.c(2146): AH00943: AJP: has released connection for (*)
[Tue Mar 03 11:52:00.361107 2015] [ssl:trace4] [pid 5339:tid 140124398393088] ssl_engine_io.c(2054): [client 90.83.195.161:26898] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7118010040 [mem: 7f7118081a23]
[Tue Mar 03 11:52:09.512532 2015] [ssl:trace4] [pid 5339:tid 140124583032576] ssl_engine_io.c(2054): [client 90.83.195.161:10795] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7130028500 [mem: 7f7154062663]
[Tue Mar 03 11:52:09.516492 2015] [ssl:trace4] [pid 5339:tid 140124616603392] ssl_engine_io.c(2054): [client 90.83.195.161:25247] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7118035cb0 [mem: 7f712c070393]
[Tue Mar 03 11:52:09.516589 2015] [ssl:debug] [pid 5339:tid 140124616603392] ssl_engine_io.c(1003): [client 90.83.195.161:25247] AH02001: Connection closed to child 83 with standard shutdown (server ged.irsa.fr:443)
[Tue Mar 03 11:52:09.516721 2015] [ssl:debug] [pid 5339:tid 140124583032576] ssl_engine_io.c(1003): [client 90.83.195.161:10795] AH02001: Connection closed to child 87 with standard shutdown (server ged.irsa.fr:443)
[Tue Mar 03 11:52:09.548501 2015] [ssl:trace4] [pid 5339:tid 140124633388800] ssl_engine_io.c(2054): [client 90.83.195.161:63174] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7163c48570 [mem: 7f7163c8ac73]
[Tue Mar 03 11:52:09.548664 2015] [ssl:debug] [pid 5339:tid 140124633388800] ssl_engine_io.c(1003): [client 90.83.195.161:63174] AH02001: Connection closed to child 81 with standard shutdown (server ged.irsa.fr:443)
[Tue Mar 03 11:52:10.132532 2015] [ssl:trace4] [pid 5339:tid 140124566247168] ssl_engine_io.c(2054): [client 90.83.195.161:16378] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7163bfdff0 [mem: 7f71180798d3]
[Tue Mar 03 11:52:10.132687 2015] [ssl:debug] [pid 5339:tid 140124566247168] ssl_engine_io.c(1003): [client 90.83.195.161:16378] AH02001: Connection closed to child 89 with standard shutdown (server ged.irsa.fr:443)
[Tue Mar 03 11:52:10.376517 2015] [ssl:trace4] [pid 5339:tid 140124398393088] ssl_engine_io.c(2054): [client 90.83.195.161:26898] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7118010040 [mem: 7f7118081a23]
[Tue Mar 03 11:52:10.376674 2015] [ssl:debug] [pid 5339:tid 140124398393088] ssl_engine_io.c(1003): [client 90.83.195.161:26898] AH02001: Connection closed to child 109 with standard shutdown (server ged.irsa.fr:443)
I have test many things but nothing worked for the moment.
I can provide more details if necessary.
If you have any lead in order to resolve this problem, i will really appreciate it !! (It will save me !)
Thank you |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 03 Mar '15 18:23 Post subject: |
|
|
The IO errors are often because of a buggy backend.
You can try
| Code: |
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
RequestHeader unset Expect early
|
|
|
| Back to top |
|
MJoubert
Joined: 03 Mar 2015
Posts: 2
|
| Posted: Tue 03 Mar '15 19:54 Post subject: |
|
|
Thank you for your reply.
I have added this conf in my apache2.conf file but it does not resolve the problem.
I've also desactivated the "keep alive" functionality which seems to slow down responses.
KeepAlive Off
But no real improvement so far.
I also do tests on linux OS and it seems to wrok "fine". Its slow but the page is fully loaded. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 16 Mar '15 12:17 Post subject: |
|
|
| Yes KeepAlive increases the speed, since the browser can reuse a made connection. |
|
| Back to top |
|
|
|
|
|
|
