Environment Setup
OS: AIX 7.1, WAS + IHS 8.5.0.2
#1. IHS (IBM HTTP Server) slows to a crawl during high load
Observation: Slow response times (up to minutes), errors in http_plugin.log suggests an issue with SSL & GSKit.
Fix: IBM had a fix for the GSKit component a month ago, but no, they didn't feel the need to inform other customers running the same version of their product.
Lesson Learnt: Stress test must cover static resources too (e.g. images, stylesheets, javascripts, fonts).
#2 WAS (WebSphere Application Server) memory leak
Observation: OutOfMemoryError (duh!), due to usage of JMS Queue Connection Factories over a long period of time (more than 12 hours).
Fix: IBM came out with a spanking new fix.
Lession Learnt: Endurance stress test should span across a few days.
Sunday, April 13, 2014
Thursday, February 13, 2014
How To: Setup a Forward Proxy using IBM HTTP Server
First of all, this is a setup for a forward proxy, not a reverse proxy. Too many people have believed that God only created reverse proxies. For example, "Let's create a reverse proxy to allow our applications to connect to the Internet", or "Our application is sitting in the secure zone and needs to access this API available on the internet. All I need is a reverse proxy". Enough is enough!
1. IBM HTTP Server 8.5.0.2 (IHS)
2. AIX 7.1 (not that it matters)
Example scenario:
- 2-tier firewall architecture
- the web server (with IHS installed) behind the Tier-1 firewall.
- the application server (e.g. WAS, Tomcat) behind the Tier-2 firewall
- need to connect to https://some.bloody.api.com from the application via HTTPS
Step(s):
1. Make sure all firewall ports are open. Get your favourite firewall-opener (usually a person) to open the ports from your application server to the web server, let's say port 8080. Also, from the web server to the target site.
2. Time to modify the IHS config, the one and only httpd.conf
- Search the keyword "Listen" and add the following line. Your proxy will start listening at this port.
Listen 8080
- Uncomment the following lines, if they aren't already
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so
- Modify the "Proxy Server directives" section, to look like the following. APPSERVER1 and APPSERVER2 are the "clients" of this proxy. If the target port is not the standard HTTP (80) or HTTPS (443); for example https://some.bloody.api.com:6767/services, then add 6767 to the AllowCONNECT list of ports.
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
<IfModule mod_proxy.c>
#Enable the forward proxy server. Note: Do not use the ProxyRequests directive if
#all you require is reverse proxy.
#
ProxyRequests On
#
<Proxy *>
Order deny,allow
Allow from 127.0.0.1 APPSERVER1 APPSERVER2
Deny from all
</Proxy>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia On
AllowCONNECT 8080 80 443 6767
</IfModule>
# End of proxy directives.
Labels:
Technology
Have a break, have a Samsung Galaxy S2 on KitKat!
It's been a while since the last post. Because they were all Jelly Bean releases! 4.1, 4.2, 4.3... Enough is enough! Then came KitKat, but guess what, oh no, there's no maintainer for my phone model for CM11. Thanks to XDA, I came to know of OmniROM, which I've tried but regretted (there were 3 different packages for gapps, what's up with that?). However, the difference in smoothness compared to Jelly Bean was amazing. I couldn't go back to CM10.2. Then I found CyanFox, a modified version of CM11 and possibly other ROMs. It's fast, and nothing feels broken so far. How am I going to change my phone now? :P
Highest scores on JellyBean vs KitKat
Subscribe to:
Posts (Atom)