- 论坛徽章:
- 0
|
以下内容都是自己不断实验总结的,而非resin官方的建议,可能不适合你的情况,我的经验仅做为参考。)
最近发现有人用黑客类工具恶意点击网站,或发送大量垃圾包,具体是什么不清楚,但是很明显是故意的,造成80端口无法正常访问,或访问速度极慢。
用netstat -an >>c:\temp\aaa.txt 命令查看了当时情况,发现某几个ip的连接数量巨大,是不正常的。
不管是访问量大,还是有黑客骚扰,我想还是试试看把resin优化一下。
首先要在访问量巨大的时候进行观察。
先将resin.conf文件中的thread-min,thread-max,thread-keepalive三个参数设置的比较大,分别写上,1000,3000,1000,当然这是根据你的机器情况和可能同时访问的数量决定的,如果你的网站访问量很大的,应该再适当放大。
然后观察任务管理器中的java线程变化情况,看看到底是线程达到多大的时候,java进程当掉的。我的是在379左右当掉。
然后将thread-min,thread-max,thread-keepalive分别写为150,400,300;,也就是将当掉的时候的最大值稍微放大点,作为thread-max的值,因为该系统一般不会超过这个值。然后其他两个参数根据情况设置一下。
这只是我的估计值,根据机器性能和访问量不同,应该有所不同。
然后将accept-buffer-size值设置的较大,我设置到10000以上,这样可以让java能使用到更多的内存资源。
这样的设置基本上能够满足resin的正常运行,当掉resin服务的情况大大减少,本设置适合于中小型网站。
Resin Threads
Resin will automatically allocate and free threads as the load requires. Since the threads are pooled, Resin can reuse old threads without the performance penalty of creating and destroying the threads. When the load drops, Resin will slowly decrease the number of threads in the pool until is matches the load.
Most users can set thread-max to something large (200 or greater) and then forget about the threading. Some ISPs dedicate a JVM per user and have many JVMs on the same machine. In that case, it may make sense to reduce the thread-max to throttle the requests.
Since each servlet request gets its own thread, thread-max determines the maximum number of concurrent users. So if you have a peak of 100 users with slow modems downloading a large file, you'll need a thread-max of at least 100. The number of concurrent users is unrelated to the number of active sessions. Unless the user is actively downloading, he doesn't need a thread (except for "keepalives").
Keepalives
Keepalives make HTTP and srun requests more efficient. Connecting to a TCP server is relatively expensive. The client and server need to send several packets back and forth to establish the connection before the first data can go through. HTTP/1.1 introduced a protocol to keep the connection open for more requests. The srun protocol between Resin and the web server plugin also uses keepalives. By keeping the connection open for following requests, Resin can improve performance.
resin.conf for thread-keepalive
250
500
120s
...
Timeouts
Requests and keepalive connections can only be idle for a limited time before Resin closes them. Each connection has a read timeout, request-timeout. If the client doesn't send a request within the timeout, Resin will close the TCP socket. The timeout prevents idle clients from hogging Resin resources.
...
250
...
...
250
20s
...
In general, the read-timeout and keepalives are less important for Resin standalone configurations than Apache/IIS/srun configurations. Very heavy traffic sites may want to reduce the timeout for Resin standalone.
Since read-timeout will close srun connections, its setting needs to take into consideration the client-live-time setting for mod_caucho or isapi_srun. client-live-time is the time the plugin will keep a connection open. read-timeout must always be larger than client-live-time, otherwise the plugin will try to reuse a closed socket.
Plugin keepalives (mod_caucho/isapi_srun)
The web server plugin, mod_caucho, needs configuration for its keepalive handling because requests are handled differently in the web server. Until the web server sends a request to Resin, it can't tell if Resin has closed the other end of the socket. If the JVM has restarted or if closed the socket because of read-timeout, mod_caucho will not know about the closed socket. So mod_caucho needs to know how long to consider a connection reusable before closing it. client-live-time tells the plugin how long it should consider a socket usable.
Because the plugin isn't signalled when Resin closes the socket, the socket will remain half-closed until the next web server request. A netstat will show that as a bunch of sockets in the FIN_WAIT_2 state. With Apache, there doesn't appear to be a good way around this. If these become a problem, you can increase read-timeout and client-live-time so the JVM won't close the keepalive connections as fast.
unix> netstat
...
localhost.32823 localhost.6802 32768 0 32768 0 CLOSE_WAIT
localhost.6802 localhost.32823 32768 0 32768 0 FIN_WAIT_2
localhost.32824 localhost.6802 32768 0 32768 0 CLOSE_WAIT
localhost.6802 localhost.32824 32768 0 32768 0 FIN_WAIT_2
...
TCP limits (TIME_WAIT)
A client and a server that open a large number of TCP connections can run into operating system/TCP limits. If mod_caucho isn't configured properly, it can use too many connections to Resin. When the limit is reached, mod_caucho will report "can't connect" errors until a timeout is reached. Load testing or benchmarking can run into the same limits, causing apparent connection failures even though the Resin process is running fine.
The TCP limit is the TIME_WAIT timeout. When the TCP socket closes, the side starting the close puts the socket into the TIME_WAIT state. A netstat will short the sockets in the TIME_WAIT state. The following shows an example of the TIME_WAIT sockets generated while benchmarking. Each client connection has a unique ephemeral port and the server always uses its public port:
Typical Benchmarking Netstat
unix> netstat
...
tcp 0 0 localhost:25033 localhost:8080 TIME_WAIT
tcp 0 0 localhost:25032 localhost:8080 TIME_WAIT
tcp 0 0 localhost:25031 localhost:8080 TIME_WAIT
tcp 0 0 localhost:25030 localhost:8080 TIME_WAIT
tcp 0 0 localhost:25029 localhost:8080 TIME_WAIT
tcp 0 0 localhost:25028 localhost:8080 TIME_WAIT
...
The socket will remain in the TIME_WAIT state for a system-dependent time, generally 120 seconds, but usually configurable. Since there are less than 32k ephemeral socket available to the client, the client will eventually run out and start seeing connection failures. On some operating systems, including RedHat Linux, the default limit is only 4k sockets. The full 32k sockets with a 120 second timeout limits the number of connections to about 250 connections per second.
If mod_caucho or isapi_srun are misconfigured, they can use too many connections and run into the TIME_WAIT limits. Using keepalives effectively avoids this problem. Since keepalive connections are reused, they won't go into the TIME_WAIT state until they're finally closed. A site can maximize the keepalives by setting thread-keepalive large and setting live-time and request-timeout to large values. thread-keepalive limits the maximum number of keepalive connections. live-time and request-timeout will configure how long the connection will be reused.
Configuration for a medium-loaded Apache
...
250
250
120s
120s
...
read-timeout must always be larger than client-live-time. In addition, keepalive-max should be larger than the maximum number of Apache processes.
Apache 1.3 issues
Using Apache as a web server on Unix introduces a number of issues because Apache uses a process model instead of a threading model. The Apache processes don't share the keepalive srun connections. Each process has its own connection to Resin. In contrast, IIS uses a threaded model so it can share Resin connections between the threads. The Apache process model means Apache needs more connections to Resin than a threaded model would.
In other words, the keepalive and TIME_WAIT issues mentioned above are particularly important for Apache web servers. It's a good idea to use netstat to check that a loaded Apache web server isn't running out of keepalive connections and running into TIME_WAIT problems.
先将resin.conf文件中的thread-min,thread-max,thread-keepalive三个参数设置的比较大,分别写上,1000,3000,1000,当然这是根据你的机器情况和可能同时访问的数量决定的,如果你的网站访问量很大的,应该再适当放大。
然后观察任务管理器中的java线程变化情况,看看到底是线程达到多大的时候,java进程当掉的。我的是在379左右当掉。
然后将thread-min,thread-max,thread-keepalive分别写为150,400,300;,也就是将当掉的时候的最大值稍微放大点,作为thread-max的值,因为该系统一般不会超过这个值。然后其他两个参数根据情况设置一下。
这只是我的估计值,根据机器性能和访问量不同,应该有所不同。
然后将accept-buffer-size值设置的较大,我设置到10000以上,这样可以让java能使用到更多的内存资源。
这样的设置基本上能够满足resin的正常运行,当掉resin服务的情况大大减少,本设置适合于中小型网站。
Resin优化:
The allocation of memory for the JVM is specified using -X options when starting Resin
(the exact options may depend upon the JVM that you are using, the examples here are for the Sun JVM).
JVM option passed to Resin Meaning
-Xms initial java heap size
-Xmx maximum java heap size
-Xmn the size of the heap for the young generation
Resin startup with heap memory options unix> bin/httpd.sh -Xmn100M -Xms500M -Xmx500M win> bin/httpd.exe -Xmn100M -Xms500M -Xmx500M install win service> bin/httpd.exe -Xmn100M -Xms500M -Xmx500M -install
原文:http://www.caucho.com/resin-3.0/performance/jvm-tuning.xtp
JVM 优化:
java -Xms
set initial Java heap size. default:Xms32m
java -Xmx
set maximum Java heap size. default:Xmx128m
set it like that:
java -Xms=32m -Xmx=256m
If the problem persist, increase Xmx more than 256 ( 512m for example )
-J-mx
Resin启动时通过bin目录下的wrapper.pl文件进行控制,我们可以修改这个文件来加一些参数,比如要加入Java的-Xms和-Xmx参数
进行
vi /usr/local/resin-2.1/bin/wrapper.pl
找到并修改以下这行为:
$JAVA_ARGS="-Xms512m -Xmx512m";
具体参数请根据自己的应用进行调节
Resin的优化---日志的设置
2007年03月06日 星期二 10:25
log设置
name 是指定对各个层次应用进行debug,name 设定有几种情况,如:
Name=’’ name为空,这对所有应用、包括端口全面进行调试记载日志
Name=’com.caucho.jsp’ 指定只对jsp进行调试记载日志
Name=’com.caucho.java’ 指定只对java类进行调试
Name=’com.caucho.server.port’ 指定只对端口、线程进行调试
Name=’com.caucho.server.port.AcceptPool 指定只对端口线程的创建和释放进行debug
….
level 的级别一般有::
Off Severe info config fine finer finest all 这几中配置级别;
Off 关闭日志输出
Severe 只输出些严重的出错信息
Info 输出一般的综合信息
Config 输出配置信息
Fine 输出resin的跟踪信息
Finer 输出详细的跟踪信息
Finest 输出比Finer更详细的跟踪消息、细节问题
All 输出所有的访问输出消息
path: 输出文件路径指向,可以形式如 path=’stdout:’ 注意后面有冒号;或指定绝对路径path=’/usr/local/resin-3.0.7/log/stdout.log’
Timestamp : 完整的输出日期格式[%Y/%m/%d %H:%M:%S.%s];
一般设置日志文件一周轮循一次,即 rollover-period=’1M’ 或 rollover-period=’7D’ , 当满一周,系统会自动生成新日志记录文件,格式如: stderr.log.20041201 stderr.log.20041208
rollover-period=’D’ 天
rollover-period=’h’ 小时
rollover-period=’W’ 周
rollover-period=’M’ 月
当不需要改动程序时,关闭java自动编译会更快些.
加个属性
batch="false"
$JAVA_ARGS="-server";
据说java中的-server参数是让本地化编译更完全.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/47207/showart_451794.html |
|
免费注册
发表于 2007-12-28 09:19