Thursday, July 17, 2014

Configuring Apache Http Server with Weblogic

In this article we will see how we can configure Apache to talk with Weblogic server at the backend. We will use the weblogic Apache plugin for connecting the Apache http server to weblogic. For this article I will be using Weblogic 10.3 on a Linux 6 -64 Machine. The apache server running is 2.2.15.

Here is the sequence of steps to configure Apache Http server with weblogic.

1. Copy the so file from
Wlserver_10.2/server/plugin/linux/x86_64/mod_wl_22.so to httpd/modules location

The mod_wl_22.so file depends on the architecture. You need to copy the correct file depending on your architecture.

2. Load the weblogic module using
LoadModule weblogic_module modules/mod_wl_22.so

3. Now add the If Module information which will point to the Weblogic server running at back.

<IfModule mod_weblogic.c>
        WebLogicHost 127.0.0.1
        WebLogicport 7001
        MatchExpression /*
</IfModule>

The above <IfModule> is a basic syntax for providing details about the running weblogic server. We define the weblogic Host and Port and Match Expression as /*.

Now once the configuration is done,restart the apache and access
Http://localhost/console and we will see the login page of the weblogic admin console.


More to learn , Happy learning 
Read More

Apache Rewrite URLs

In many cases , applications deployed into production servers will be accessed with a specific URL rather then accessing the same application with localhost Url. These Url are configured specifically for every application deployed into the production machines. In this article we will see the basics of configuring the Apache Rewrite module which will help in rewriting normal Url to a different one.

For this demo purpose, I will be using 2 sample application written by and deployed in tomcat which are being accessed normally using

http://localhost:8080/Sample-app/test.html
http://localhost:8080/myApp/

Now I want to configure different URL for both these applications which the below URL

http://localhost/Sample-app/test.html
http://localhost/myApp/

Now for the Rewrite to work , we need to start making changes to the httpd.conf file for the apache server.

1. The first thing we need to do is the enable the mod_rewrite module by adding,
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module/mod_proxy.so

2.Now create a VirtualHost element for out configuration. Here is the configuration that I have used for this article

<VirtualHost *:80>
   ServerAdmin webmaster@domain.com
   DocumentRoot /var/www/webroot/ROOT
   ServerName tester123.com

   ServerAlias *
   RewriteEngine On

   RewriteRule ^/application1/(.*) http://localhost:8080/myApp/ [P]
   ProxyPassReverse /application1/ http://localhost:8080/myApp/

   RewriteRule ^/application2/(.*) http://localhost:8080/Sample-app/test.html [P]
   ProxyPassReverse /application2/ http://localhost:8080/Sample-app/test.html

   RewriteLog "/var/log/httpd/rewrite.log"

   ErrorLog logs/apache-rewrite-test-error_log
   CustomLog logs/apache-rewrite-test common
</VirtualHost>

In the above snippet ,

  • RewriteEngine On enables rewriting ability
  • RewriteRule and ProxyPassReverse specify the conditions and the result of rewriting for both applications
  • RewriteLog is optionally added to store the logs of rewriting in the specified location

So if we take the statements

   RewriteRule ^/application1/(.*) http://localhost:8080/myApp/ [P]
   ProxyPassReverse /application1/ http://localhost:8080/myApp/


The first line tell you that when ever a request comes for application1 in the URL path, redirect  the request to the backend servers and access http://localhost:8080/myApp/ URL from the back end servers.

Once the changes are done, restart the back end tomcat and apache server.

Now access the application using, http://localhost:80/application1 which will access the application from tomcat.

Issues faced:
While working with the above article ,I have seen the below exception in the apache httpd server logs files

(13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed – this error is because of httpd/apache2 has been denied permission to connect to IP address and port.

The main reason for this is the SELinux , The SELinux in here is not permitting httpd/apace2 to make a network connections.

We can resolve this disabling the SELinux or we can allow the httpd to make network connection like

Run either of following command to allow SELinux to permit httpd/apache2 to make network connections:

$ /usr/sbin/setsebool httpd_can_network_connect 1
                         or
$ /usr/sbin/setsebool httpd_can_network_connect true

Then restart httpd/apache2.
 

More to learn , Happy Learning.
Read More

Wednesday, July 16, 2014

Solving “Out of Socket Memory”

We some times see “Out of Socket Memory” errors in the messages file in the logs location.

[root@vx132s ~]# tail -f /var/log/messages
Apr 22 15:05:39 ztm-n08 kernel: [12624150.315458] Out of socket memory

At this point there are a couple of cases where this condition falls,
1. There are too many Orphan Sockets.
2. The TCP memory is using high or it is running out of memory

Most of the times, these issues come under the Condition 1.

In order to find out how much memory is configured for the TCP , we can get these details from

[root@vx132s sysconfig]# cat /proc/sys/net/ipv4/tcp_mem
743136 990848 1486272

The above tcp memory contains 3 parts.
min : below this number of pages TCP is not bothered about its memory consumption. 
pressure: when the amount of memory allocated to TCP by the kernel exceeds this threshold, the kernel starts to moderate the memory consumption. This mode is exited when memory consumption falls under min.
max : the max number of pages allowed for queuing by all TCP sockets. When the system goes above this threshold, the kernel will start throwing the "Out of socket memory" error in the logs.

Now lets see how much of the memory does TCP uses , we can get these details using

[root@vx132s sysconfig]# cat /proc/net/sockstat
sockets: used 651
TCP: inuse 6 orphan 2314 tw 0 alloc 12 mem 1893
UDP: inuse 9 mem 0
UDPLITE: inuse 0
RAW: inuse 0
FRAG: inuse 0 memory 0

we can see from the above output that the current memory used by TCP is 1895 pages. This value is way lower than the maximum pages allocated (1486272 ).

From this we can dismiss that TCP Is using high memory. Now our next step is find the orphan sockets. We can get that information from the above output as 2314. We can get the limit of the orphan sockets using

[root@vx132s sysconfig]# cat /proc/sys/net/ipv4/tcp_max_orphans 
65536

The orphan socket count 2314 is very less when compared to 65536. If this number is bigger than the one from tcp_max_orphans then this can be a reason for the "Out of socket memory" Normally an orphan socket is a socket that isn't associated with a file descriptor, usually after the close() call and there is no longer a file descriptor that reference it, but the socket still exists in memory, until TCP is done with it.

Each orphan sockets eats up to 64K of unswappable memory. The file tcp_max_orphans file shows the maximum number of TCP sockets not attached to any user file handle, held by system that the kernel can support. If the number normally exceeds the orphaned connections they are reset and a warning is printed.

We can solve this by increasing tcp_max_orphans value like,
echo 400000 > /proc/sys/net/ipv4/tcp_max_orphans

In some cases the kernel may show more sockets by multiplying the number of orphans by 2x or 4x to artificially increase the score of the bad socket. It is always better to get the number of the orphaned sockets during peak server utilization and multiple by 4 and add that to the max value of orphan sockets value

More to come , happy learning 
Read More