[pydotorg-www] apache on ximinez

Richard Jones richard at python.org
Thu Apr 7 05:33:49 CEST 2011


On Thu, Apr 7, 2011 at 11:33 AM, Richard Jones <richard at python.org> wrote:
> On Thu, Apr 7, 2011 at 10:45 AM, Richard Jones <richard at python.org> wrote:
>> On Thu, Apr 7, 2011 at 5:44 AM, Aahz <aahz at pythoncraft.com> wrote:
>>> On Wed, Apr 06, 2011, skip at pobox.com wrote:
>>>>
>>>> >>>>> "Martin" == Martin v L?wis <martin at v.loewis.de> writes:
>>>>
>>>>     Martin> Am 06.04.2011 10:38, schrieb Richard Jones:
>>>>     >> I've had to kick apache on ximinez in the head twice in the last hour
>>>>     >> or two. It just stopped responding.
>>>>
>>>>     Martin> I did it also a number of times.
>>>>
>>>> I sense a pattern, but I can't quite put my finger on it. ;-)
>>>
>>> Well, I didn't kick apache.
>>
>> I'm not sure what you're getting at there :-)
>>
>> Anyone have any ideas why apache would just stop responding like that?
>> Or how I could diagnose it when it happens again in my timezone?
>
> Just restarted it again. Looking at the various access logs it looks
> like apache just stopped handling requests at 07/Apr/2011:03:23 +0200
>
> Interestingly in the logs *after* the last lines for that time there's
> a whole lotta lines line this:
>
> [snip] [07/Apr/2011:02:38:03 +0200] "GET /pypi?:action=rss HTTP/1.1"
> 500 621 [snip]
>
> and various other timestamps from before the lockup - some of which
> are over an hour older than the lockup time.
>
> So perhaps client connections hanging are causing it to run out of connections?
>
> Is there some way we could configure apache to be more resilient
> against this? My apache-fu is lacking...

>From what I've been able to determine apache is configured with the
default 5-minute timeout for clients.

Unless I'm reading the meaning of those log lines incorrectly that
means the apache timeout is insufficient to protect against dangling
client connections.

I've received the following advice from Chris Adams on Twitter: "Put
nginx/varnish in front. Apache TimeOut & TCP keepalives are a poor
substitute & ineffective against DoS or broken clients".


      Richard


More information about the pydotorg-www mailing list