烦恼岁月

付出总是有回报的 take action follow your heart , or follow your head
posts - 40, comments - 5, trackbacks - 0, articles - 4

最近研究了一下opencms的locale,总结如下:
(1)opencms 在启动的时候会设置locale为en。
(2)可以在folder上面设置locale,如果本级locale没有设置使用父级的,如果还是为空使用en。

posted @ 2008-03-17 22:25 不需要解释 阅读(415) | 评论 (1)编辑 收藏

 

本年度的学习主要围绕当前的工作主题和自己比较有兴趣的内容制定此计划。

2008-2

1opencms

进一步熟悉jsp170规范,比较opencms7比当前我们使用的opencms6.2.3的改进。熟悉opencms user manager,权限,模块开发,site development

2)整理,编写opencms的开发文档

2008-3

1sso,分析当前sso的现状。了解使用sso带来的好处。配置和使用cas做练习。

2weblogic ssl配置。

3openssl的使用。

2008-4

1jetspeed 学习jsr268规范,了解和jsr168的区别和改动。进一步分析jetspeedsso实现。porelet定制实现。

2)研究mvnforum的配置和使用。

3)企业门户研究,研究企业门户应该满足那些功能,怎么更好的实现。

2008-5

1webservice,分析和学习apachewebservice实现。

2etom模型的sid规范。

2008-6

1osgi,学习osgi的规范,在设计中应该怎么使用osgi思想。

2008-7

1jpa的使用和实现。


 

posted @ 2008-03-08 22:30 不需要解释 阅读(243) | 评论 (0)编辑 收藏

     摘要:  # # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file.  It contains the # configuration directives that give...  阅读全文

posted @ 2007-11-22 10:35 不需要解释 阅读(1307) | 评论 (0)编辑 收藏

通常,在一个设计良好的Web应用中,都会综合使用Servlet和JSP技术。Servlet控制业务流转,JSP则负责业务处理结果的显示。此时,将大量用到重定向技术。

        重定向技术可以分为两类,一类是客户端重定向,一类是服务器端重定向。客户端重定向可以通过设置特定的HTTP头,或者写JavaScript脚本实现。本文主要探讨服务器端重定向技术的实现。


服务器端的重定向相关类
        服务器端的重定向技术涉及到javax.servlet.ServletContext、javax.servlet.RequestDispatcher、javax.servlet.http.ServletRequest、javax.servlet.http.ServletResponse等几个接口。
服务器端的重定向方式
        服务器端的重定向可以有两种方式,一是使用HttpServletResponse的sendRedirect()方法,一是使用RequestDispatcher的forward()方法。下面对这两种方式进行介绍。

HttpServletResponse.sendRedirect()方法

HttpServletResponse接口定义了可用于转向的sendRedirect()方法。代码如下:

public void sendRedirect(java.lang.String location)throws java.io.IOException


        这个方法将响应定向到参数location指定的、新的URL。location可以是一个绝对的URL,如response.sendRedirect("http://java.sun.com")也可以使用相对的URL。如果location以“/”开头,则容器认为相对于当前Web应用的根,否则,容器将解析为相对于当前请求的URL。这种重定向的方法,将导致客户端浏览器的请求URL跳转。从浏览器中的地址栏中可以看到新的URL地址,作用类似于上面设置HTTP响应头信息的实现。

RequestDispatcher.forward()方法

        RequestDispatcher是一个Web资源的包装器,可以用来把当前request传递到该资源,或者把新的资源包括到当前响应中。RequestDispatcher接口中定义了两个方法,参见如下代码:

public interface RequestDispatcher {
void forward(ServletRequest request, ServletResponse response);
void include(ServletRequest request, ServletResponse response);
}

        forward()方法将当前的request和response重定向到该RequestDispacher指定的资源。这在实际项目中大量使用,因为完成一个业务操作往往需要跨越多个步骤,每一步骤完成相应的处理后,转向到下一个步骤。比如,通常业务处理在Servlet中处理,处理的结果转向到一个JSP页面进行显示。这样看起来类似于Servlet链的功能,但是还有一些区别。一个RequestDispatcher对象可以把请求发送到任意一个服务器资源,而不仅仅是另外一个Servlet。 include()方法将把Request Dispatcher资源的输出包含到当前输出中。

        注意,只有在尚未向客户端输出响应时才可以调用forward()方法,如果页面缓存不为空,在重定向前将自动清除缓存。否则将抛出一个IllegalStateException异常。


如何得到RequestDispatcher


        有三种方法可以得到Request Dispatcher对象。

1.javax.servlet. ServletRequest的getRequestDispatcher(String path)方法,其中path可以是相对路径,但不能越出当前Servlet上下文。如果path以“/”开头,则解析为相对于当前上下文的根。

2.javax.servlet. ServletContext的getRequestDispatcher(String path)方法,其中path必须以“/”开头,路径相对于当前的Servlet上下文。可以调用ServletContext的getContext(String uripath)得到另一个Servlet上下文,并可以转向到外部上下文的一个服务器资源链接。

3.使用javax.servlet. ServletContext的getNamedDispatcher(String name)得到名为name的一个Web资源,包括Servlet和JSP页面。这个资源的名字在Web应用部署描述文件web.xml中指定。

这三种方法的使用有细微的差别。比如,下面是一个应用的配置文件web.xml:

<?xml version="1.0" ?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<servlet>
<servlet-name>FirstServlet</servlet-name>
<servlet-class>org. javaresearch.redirecttest.ServletOne</servlet-class>
</servlet>
<servlet>
<servlet-name>SecondServlet</servlet-name>
<servlet-class>org.javaresearch. redirecttest.ServletTwo</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>FirstServlet</servlet-name>
<url-pattern>/servlet/firstservlet/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SecondServlet</servlet-name>
<url-pattern>/servlet/secondservlet/</url-pattern>
</servlet-mapping>
</web-app>

 

        其中定义了两个Servlet,名字分别为FirstServlet和SecondServlet,对应的类分别为org.javaresearch. redirecttest.ServletOne和org. javaresearch.redirecttest.ServletTwo。可以在浏览器中通过类似于下面的链接访问:

http://localhost:8080/servlet/firstservlet/

使用1中方法,例如在firstservlet可以写入下面的代码:

RequestDispatcher rd = request.getRequestDispatcher("secondservlet");
rd.forward(request, response);

 

此时控制权将转向到第二个Servlet了。

使用2中的方法,可以从Servlet Context中得到RequestDispatcher代码如下:

RequestDispatcher rd = getServletContext().getRequest
Dispatcher("/servlet/secondservlet");
rd.forward(request, response);

 

使用3中的方法,从上面的web. xml配置文件可以看到定义了两个Servlet,名字分别为FirstServlet和SecondServlet,所以可以得到命名的Dispatcher:

RequestDispatcher rd = getServletContext().getNamedDispatcher("SecondServlet");
rd.forward(request, response);

 

这样也可以重定向到SecondServlet了。


JSP页面中的重定向


        JSP在解析后编译为一个Servlet运行,所以在JSP中也可以使用上面的重定向代码,并且,JSP还提供了更便利的操作,如下:

<jsp:forward page= "nextpage.jsp"/>

 

        JSP页面执行到这儿,将终止当前的处理,将控制权交由nextpage.jsp。


如何选择


        RequestDispatcher.forward()方法和HttpServletResponse.sendRedirect()方法的区别是:前者仅是容器中控制权的转向,在客户端浏览器地址栏中不会显示出转向后的地址;后者则是完全的跳转,浏览器将会得到跳转的地址,并重新发送请求链接。这样,从浏览器的地址栏中可以看到跳转后的链接地址。所以,前者更加高效,在前者可以满足需要时,尽量使用Request Dispatcher.forward()方法,并且,这样也有助于隐藏实际的链接。在有些情况下,比如,需要跳转到一个其它服务器上的资源,则必须使用HttpServletResponse.sendRequest()方法


posted @ 2007-11-16 10:40 不需要解释 阅读(812) | 评论 (0)编辑 收藏

Apache HTTP Server 插件概述

Apache HTTP Server 插件允许将请求从 Apache HTTP Server 代理到 WebLogic Server。该插件允许 WebLogic Server 处理要求使用 WebLogic Server 动态功能的请求,从而增强了 Apache 安装。

该插件专用于某种环境,在这样的环境中,Apache Server 提供静态页,而文档树的另一个部分(最好是由 HTTP Servlet 或 Java Server Page 生成的动态页)会委托给可以在不同的进程中(可能在不同的主机上)进行操作的 WebLogic Server。对于最终用户(浏览器),委托给 WebLogic Server 的 HTTP 请求看似仍然来自同一个来源。

HTTP 隧道是一种技术,它允许 HTTP 请求和响应通过公司的防火墙进行访问。它也可以通过插件操作,提供对 WebLogic Server 服务的非浏览器客户端访问。

Apache HTTP Server 插件充当 Apache HTTP Server 中的 Apache 模块。Apache 模块由 Apache Server 在启动时加载,然后某些 HTTP 请求会委托给它。Apache 模块类似于 HTTP Servlet(除了 Apache 模块是用平台本地代码编写的之外)。

有关支持 Apache HTTP Server 插件的配置的信息,请参阅 http://edocs.bea.com/platform/suppconfigs/configs92/92_over/add-ons.html

Apache 2.0 版中的保持活动连接

2.0 版的 Apache HTTP Server 插件通过使用从插件到 WebLogic Server 的可重用连接缓冲池提高了性能。该插件通过对来自同一客户端的后续请求重用缓冲池中的同一连接,在插件和 WebLogic Server 之间实现了 HTTP 1.1 保持活动连接。如果连接处于非活动状态的时间超过 30 秒(或用户定义的时间),则会关闭该连接并将其返回到缓冲池中。可以根据需要禁用此功能。有关详细信息,请参阅“KeepAliveEnabled”。

代理请求

插件根据指定的配置将请求代理到 WebLogic Server。可以根据请求的 URL(或 URL 的一个部分)代理请求。这称为按路径进行代理。还可以根据请求文件的 MIME 类型代理请求。或者可以使用这两种方法的组合。如果请求同时符合这两个条件,则按路径代理请求。同时,可以为每种类型的请求指定其他参数,来定义插件的其他行为。有关详细信息,请参阅配置 Apache HTTP Server 插件

Apache 2.2

尽管此文档讨论的是 Apache 2.0,您可应用同样的说明来使用具有表 3-2 中所示的库的 Apache 2.2。

证书

Linux、Solaris、Windows 和 HPUX11 平台支持 Apache HTTP Server 插件。有关对特定 Apache 版本的支持信息,请参阅 http://edocs.bea.com/platform/suppconfigs/configs92/92_over/add-ons.html

 


安装 Apache HTTP Server 插件

可将 Apache HTTP Server 插件作为 Apache HTTP Server 安装中的 Apache 模块进行安装,并将其作为动态共享对象(Dynamic Shared Object,简称 DSO)进行链接。

DSO 作为服务器在运行时动态加载的库进行编译,可以在不重新编译 Apache 的情况下安装。

将 Apache HTTP Server 插件作为动态共享对象安装

Apache 插件作为 Solaris、Linux、Windows 和 HPUX11 平台的共享对象 (.so) 分发。BEA WebLogic 提供因平台、是否要在客户端和 Apache 之间使用 SSL 以及 SSL 加密强度(常规或 128 位 - 只有在安装 128 位版本的 WebLogic Server 时才会安装 128 位版本)而异的共享对象文件版本。

表 3-1 显示包含各种平台的共享对象文件的 WebLogic Server 安装目录(其中 WL_HOME 是 WebLogic 平台的顶级安装目录)。

表 3-2 针对不同版本的 Apache HTTP Server 和不同加密强度来标识 WebLogic Server Apache 插件模块。

表 3-1 插件共享对象文件的位置
操作系统
共享对象位置
Solaris
WL_HOME/weblogic92/server/plugin/solaris/sparc
Linux
WL_HOME/weblogic92/server/plugin/linux/i686
WL_HOME/weblogic92/server/plugin/linux/ia64
WL_HOME/weblogic92/server/plugin/linux/s390
Windows(仅适用于 Apache 2.0)
WL_HOME\weblogic92\server\plugin\win\32
WL_HOME\weblogic92\server\plugin\win\64
HPUX11
WL_HOME/weblogic92/server/plugin/hpux11/IPF64
WL_HOME/weblogic92/server/plugin/hpux11/PA_RISC
警告: 如果在 HP-UX11 上运行 Apache 2.0.x Server,请在构建 Apache Server 之前设置下面紧邻的环境变量。由于 HP-UX 上加载链接库的顺序问题,如果在生成之前未将加载顺序预设为环境变量,则可能导致核心转储。设置下列环境变量,然后继续 Apache configure, makemake install 步骤(在 Apache HTTP Server 文档中描述了这些步骤,该文档位于 http://httpd.apache.org/docs-2.1/install.html#configure):
export EXTRA_LDFLAGS="-lstd -lstream -lCsup -lm -lcl -ldld -lpthread"

从下表中选择适当的插件共享对象版本:

表 3-2 Apache 插件共享对象文件版本
Apache 版本
常规强度的加密
128 位加密
标准 Apache 2.0.x 版
mod_wl_20.so
mod_wl28_20.so
标准 Apache 2.2.x 版
mod_wl_22.so
mod_wl28_22.so

要将 Apache HTTP Server 插件作为动态共享对象安装,请执行下列操作:

  1. 使用表 3-1 找到您的平台的共享对象目录。
  2. 表 3-2 中确定您的 Apache 版本的插件共享对象文件。
  3. 验证是否已启用 WebLogic Server Apache HTTP Server 插件 mod_so.c 模块。

    Apache HTTP Server 插件将作为动态共享对象 (DSO) 安装在 Apache HTTP Server 安装中。Apache 中的 DSO 支持是基于模块 mod_so.c 的,必须在加载 mod_wl_20.so 之前启用该模块。如果使用 Apache 提供的脚本安装 Apache HTTP Server,则 mod_so.c已被启用。通过执行以下命令,验证是否已启用 mod_so.c

    APACHE_HOME\bin\apache -l

    (其中 APACHE_HOME 是包含 Apache HTTP Server 安装的目录。)

    此命令会列出所有已启用的模块。如果未列出 mod_so.c,则必须重新生成 Apache HTTP Server,以确保配置下列选项:

    ...
    --enable-module=so
    --enable-rule=SHARED_CORE
    ...
    请参阅位于 
        http://httpd.apache.org/docs/2.0/dso.html 的“Apache 2.0 Shared Object (DSO) Support”。
  4. mod_wl_20.so 文件复制到 APACHE_HOME\modules 目录中,并将以下行手工添加到 APACHE_HOME/conf/httpd.conf 文件中,为 Apache 2.0.x 版安装 Apache HTTP Server 插件模块:
    LoadModule weblogic_module     modules/mod_wl_20.so
  5. 为 Apache HTTP Server 插件定义任何其他参数。

    Apache HTTP Server 插件可识别 Web 服务器插件的常规参数中列出的参数。要修改 Apache HTTP Server 插件的行为,请在以下块中定义这些参数:

    • Location 块中,定义适用于按路径进行的代理的参数
    • IfModule 块中,定义适用于按 MIME 类型进行的代理的参数
  6. 使用下列命令验证 APACHE_HOME\conf\httpd.conf 文件的语法:
    APACHE_HOME\bin\apachectl -t 

    此命令的输出将报告 httpd.conf 文件中的任何错误或返回:

    Syntax OK
  7. 重新启动 Weblogic Server。
  8. 启动(或重新启动,如果已更改配置)Apache HTTP Server。
  9. 通过打开浏览器并将 URL 设置为 Apache Server +“/weblogic/”(这将打开默认 WebLogic Server HTML 页、欢迎文件或默认 Servlet,如 WebLogic Server 上对默认 Web 应用程序的定义)来测试插件。例如:
    http://myApacheserver.com/weblogic/

 


配置 Apache HTTP Server 插件

在 Apache HTTP Server 中安装插件后,需要对 WebLogic Server Apache 插件进行配置并将服务器配置为使用该插件。本部分说明如何编辑 Apache httpd.conf 文件以指示 Apache 服务器为作为 Apache 模块的插件加载 WebLogic Server 库,并指定应由该模块处理的应用程序请求。

编辑 httpd.conf 文件

编辑 Apache HTTP Server 安装中的 httpd.conf 文件以配置 Apache HTTP Server 插件。

本部分说明如何查找和编辑 httpd.conf 文件以实现下列操作:配置服务器以使用 WebLogic Server Apache 插件、按路径或 MIME 类型代理请求、启用 HTTP 隧道,以及使用其他 WebLogic Server 插件参数。

  1. 打开 httpd.conf 文件。

    该文件位于 APACHE_HOME\conf\httpd.conf(其中 APACHE_HOME 是 Apache HTTP Server 安装的根目录)。请参阅设置边界身份验证中的示例 httpd.conf 文件。

  2. 确保 Apache 2.0.x 中包含 WebLogic Server 模块,手工将下面的行添加到 httpd.conf 文件中。
    LoadModule weblogic_module   modules\mod_wl_20.so
  3. 添加用于定义以下参数之一的 IfModule 块:

    对于非群集 WebLogic Server:

    WebLogicHost 和 WebLogicPort 参数。

    对于 WebLogic Server 群集:

    WebLogicCluster 参数。

    例如:

    <IfModule mod_weblogic.c>
      WebLogicHost myweblogic.server.com
      WebLogicPort 7001
    </IfModule>
  4. 要按 MIME 类型代理请求,请将 MatchExpression 行添加到 IfModule 块中。请注意,如果同时启用按 MIME 类型进行的代理和按路径进行的代理,则按路径进行的代理优先于按 MIME 类型进行的代理。

    例如,以下针对非群集 WebLogic Server 的 IfModule 块指定代理具有 MIME 类型 .jsp 的所有文件:

    <IfModule mod_weblogic.c>
      WebLogicHost myweblogic.server.com
      WebLogicPort 7001
      MatchExpression *.jsp
    </IfModule>

    也可以使用多个 MatchExpressions,例如:

    <IfModule mod_weblogic.c>
      WebLogicHost myweblogic.server.com
      WebLogicPort 7001
      MatchExpression *.jsp
      MatchExpression *.xyz
    </IfModule>

    如果要按 MIME 类型将请求代理到 WebLogic Server 群集,请使用 WebLogicCluster 参数,而不使用 WebLogicHostWebLogicPort 参数。例如:

    <IfModule mod_weblogic.c>
      WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
      MatchExpression *.jsp
      MatchExpression *.xyz
    </IfModule>
  5. 要按路径代理请求,请使用 Location 块和 SetHandler 语句。SetHandler 指定Apache HTTP Server 插件模块的处理程序。例如,以下位置块代理 URL 中包含 /weblogic 的所有请求:
    <Location /weblogic>
    SetHandler weblogic-handler
    PathTrim /weblogic
    </Location>

    PathTrim 参数指定在将请求传递到 WebLogic Server 实例之前从 URL 的开始部分剪切的字符串(请参阅 Web 服务器插件的常规参数)。

  6. (可选)对 t3 或 IIOP 启用 HTTP 隧道。
    1. 要在使用 t3 协议和 weblogic.jar 时启用 HTTP 隧道,请将以下 Location 块添加到 httpd.conf 文件中:
      <Location /HTTPClnt>
      SetHandler weblogic-handler
      </Location>
    2. 要在使用 IIOP(WebLogic Server 瘦客户端 wlclient.jar使用的唯一协议)时启用 HTTP 隧道,请将以下 Location 块添加到 httpd.conf 文件中:
      <Location /iiop>
      SetHandler weblogic-handler
      </Location>
  7. 为 Apache HTTP Server 插件定义任何其他参数。

    Apache HTTP Server 插件可识别 Web 服务器插件的常规参数中列出的参数要修改 Apache HTTP Server 插件的行为,请在以下块中定义这些参数:

    • Location 块中,定义适用于按路径进行的代理的参数
    • IfModule 块中,定义适用于按 MIME 类型进行的代理的参数

将 weblogic.conf 文件包括在 httpd.conf 文件中

如果希望保留几个单独的配置文件,则可通过在 httpd.conf文件的 IfModule 块中使用 Apache Include 指令,在名为 weblogic.conf 文件的单独配置文件中定义参数:

<IfModule mod_weblogic.c>
# Config file for WebLogic Server that defines the parameters
Include conf/weblogic.conf
</IfModule>

weblogic.conf 文件的语法与 httpd.conf 文件的语法相同。

本部分描述如何创建 weblogic.conf 文件,并包括示例 weblogic.conf 文件。

创建 weblogic.conf 文件

构造 weblogic.conf 文件时,请注意下列事项:

  • 如果要在 Apache HTTP Server 插件和 WebLogic Server 之间使用 SSL,则无法在通过 Apache Include 指令访问的文件(与 weblogic.conf文件一样)中定义参数。
  • 在新行上输入每一个参数。请不要在参数和参数值之间放置“=”。例如:
    PARAM_1 value1
    PARAM_2 value2
    PARAM_3 value3
  • 如果请求既与 IfModule 块中的 MatchExpression 中指定的 MIME 类型匹配,又与 Location 块中指定的路径匹配,则 Location 块指定的行为优先。
  • 如果要定义 CookieName 参数,则必须在 IfModule 块中定义它。
  • 如果使用 Apache HTTP Server <VirtualHost> 块,则必须在 <VirtualHost> 块中包括虚拟主机的所有配置参数(例如 MatchExpression)(请参阅 Apache Virtual Host documentation)。
  • 如果希望只为环境中的所有虚拟主机配置一个日志文件,则可以使用全局属性来实现。可以在 <IfModule> 标记中一次指定 Debug、WLLogFile 和 WLTempDir 属性,而不是在每个虚拟主机中指定相同的 Debug、WLLogFile 和 WLTempDir 属性。
  • 示例 httpd.conf 文件:
    <IfModule mod_weblogic.c>
      WebLogicCluster	agarwalp02:8005,agarwalp02:8006
      Debug 		ON
      WLLogFile             c:/tmp/global_proxy.log 
      WLTempDir             "c:/myTemp"
      DebugConfigInfo       On
      KeepAliveEnabled ON
      KeepAliveSecs  15
    </IfModule>
    <Location /jurl>
      SetHandler weblogic-handler
      WebLogicCluster agarwalp01:7001
    </Location>
    <Location /web>
      SetHandler weblogic-handler
      PathTrim		/web
      Debug 		OFF
      WLLogFile 		c:/tmp/web_log.log
    </Location>
    <Location /foo>
      SetHandler weblogic-handler
      PathTrim		/foo
      Debug 		ERR
      WLLogFile 		c:/tmp/foo_proxy.log
    </Location>
  • 与 /jurl/* 匹配的所有请求的“调试级别”都将设置为“ALL”,并会将日志消息记录到 c:/tmp/global_proxy.log 文件中。与 /web/* 匹配的所有请求的“调试级别”都将设置为“OFF”,并且不会记录任何日志消息。与 /foo/* 匹配的所有请求的“调试级别”都将设置为“ERR”,并会将日志消息记录到 c:/tmp/foo_proxy.log 文件中。
  • BEA 建议使用 MatchExpression 语句,而不使用 <files> 块。

示例 weblogic.conf 配置文件

以下示例 weblogic.conf 文件可以用作模板,您可以对其进行修改以满足您的环境和服务器的需要。以 # 开始的行是注释。

使用 WebLogic 群集的示例
# 这些参数对于定向到当前模块 
# 的 URL 是常用的。如果要替换每个 URL 的这些参数,
# 可以在 <Location> 或 <Files> 模块中重新设置
# 它们。(WebLogicHost、
# WebLogicPort、 WebLogicCluster 和 CookieName 除外。)
<IfModule mod_weblogic.c>
  WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
  ErrorPage http://myerrorpage.mydomain.com
  MatchExpression *.jsp
</IfModule>
####################################################
使用多 WebLogic 群集的示例

在此示例中,用于表示文件名模式的 MatchExpression 参数语法、HTTP 请求应转发到的 WebLogic Server 主机以及各种其他参数如下所示:

MatchExpression [filename pattern] [WebLogicHost=host] | [paramName=value]

下面的第一个 MatchExpression 参数指定文件名模式 *.jsp,然后命名单个 WebLogicHost。管道符号后的 paramName=value 组合指定 WebLogic Server 用于监听连接请求的端口,同时激活“Debug”选项。第二个 MatchExpression 指定文件名模式 *.http 并标识 WebLogicCluster 主机及其端口。管道符号后的 paramName=value 组合指定群集的错误页。

# 这些参数对于定向到当前模块 
# 的 URL 是常用的。如果要替换每个 URL 的这些参数,
# 可以在 <Location> 或 <Files> 模块中重新设置
# 它们。
#(WebLogicHost、WebLogicPort、WebLogicCluster 和 CookieName 除外)
<IfModule mod_weblogic.c>
  MatchExpression *.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON
  MatchExpression *.html WebLogicCluster=myHost1:7282,myHost2:7283|ErrorPage=
    http://www.xyz.com/error.html
</IfModule>
不使用 WebLogic 群集的示例
# 这些参数对于定向到当前模块 
# 的 URL 是常用的。如果要替换每个 URL 的这些参数,
# 可以在 <Location> 或 <Files> 模块中重新设置
# 它们。
#(WebLogicHost、WebLogicPort、WebLogicCluster 和 CookieName 除外)
<IfModule mod_weblogic.c>
  WebLogicHost myweblogic.server.com
  WebLogicPort 7001
  MatchExpression *.jsp
</IfModule>
配置多个基于名称的虚拟主机的示例
# VirtualHost1 = localhost:80
<VirtualHost 127.0.0.1:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName localhost:80 <IfModule mod_weblogic.c>
#... WLS 参数 ...
WebLogicCluster localhost:7101,localhost:7201
# 示例:MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
</IfModule>
</VirtualHost>
# VirtualHost2 = 127.0.0.2:80
<VirtualHost 127.0.0.2:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName 127.0.0.2:80
<IfModule mod_weblogic.c>
#... WLS 参数 ...
WebLogicCluster localhost:7101,localhost:7201
# 示例:MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
#... WLS 参数 ...
</IfModule>
</VirtualHost> <IfModule mod_weblogic.c>

必须为“ServerName”定义唯一值,否则某些插件参数将不能按预期工作。

Apache HTTP Server httpd.conf 文件的模板

本部分包含 Apache 2.0 的示例 httpd.conf 文件。您可将此示例用作模板,并对其进行修改以满足您的环境和服务器的需要。以 # 开始的行是注释。

请注意,Apache HTTP Server 不区分大小写。

####################################################
APACHE-HOME/conf/httpd.conf file
####################################################
LoadModule weblogic_module   libexec/mod_wl_20.so
<Location /weblogic>
SetHandler weblogic-handler
PathTrim /weblogic
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<Location /servletimages>
SetHandler weblogic-handler
PathTrim /something
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<IfModule mod_weblogic.c>
  MatchExpression *.jsp
  WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
  ErrorPage http://myerrorpage.mydomain.com
</IfModule>

 


设置边界身份验证

使用边界身份验证可确保通过 Apache 插件访问的 WebLogic Server 应用程序的安全。

WebLogic 标识声明提供程序对来自访问 WebLogic Server 应用程序的外部系统的标记进行身份验证,包括对通过 Apache HTTP Server 插件访问 WebLogic Server 应用程序的用户进行身份验证。按照下列步骤,创建确保插件安全的标识声明提供程序:

  1. 在 WebLogic Server 应用程序上创建一个自定义标识声明提供程序。请参阅“开发 WebLogic Server 的安全提供程序”中的如何开发自定义标识声明提供程序
  2. 配置自定义标识声明提供程序以支持证书标记类型并使证书成为活动标记类型。请参阅“开发 WebLogic Server 的安全提供程序”中的如何创建新标记类型
  3. 在 Web 应用程序的 web.xml 部署描述符文件中将 clientCertProxy 设置为 True(如果使用群集,也可以选择在管理控制台中,依次选择“群集”-->“配置”-->“常规”选项卡,在该选项卡上对整个群集将 Client Cert Proxy Enabled 特性设置为 True)。clientCertProxy 特性可与第三方代理服务器(如负载平衡器或 SSL 加速器)一起使用以启用 2 向 SSL 身份验证。有关 clientCertProxy 特性的详细信息,请参阅“开发 WebLogic Server 的 Web 应用程序、Servlet 和 JSP”中的 context-param
  4. 设置了 clientCertProxy之后,请务必使用连接筛选器来确保 WebLogic Server 仅接受来自运行 Apache 插件的计算机的连接。请参阅“WebLogic 安全性编程”中的使用网络连接筛选器
  5. Web 服务器插件需要可信证书颁发机构文件才能在插件和 WebLogic Server 之间使用 SSL。使用 Sun Microsystems 的 Keytool 实用工具可从驻留在 BEA_HOME/weblogic92/server/lib 中的 DemoTrust.jks 密钥库文件中导出可信证书颁发机构文件。
    1. 例如,要解压缩 wlsdemoca 文件,可使用如下命令:
      keytool -export -file trustedcafile.der -keystore DemoTrust.jks -alias wlsdemoca

      更改别名以从密钥库中获得不同的可信 CA 文件。

      要查看密钥库中的所有可信 CA 文件,请使用如下命令:
      keytool -list -keystore DemoTrust.jks

      如果提示输入密码,请按 Enter 键。

    2. 要将证书颁发机构文件转换为 pem 格式,请使用如下命令:java utils.der2pem trustedcafile.der

请参阅“开发 WebLogic Server 的安全提供程序”中的标识声明提供程序

 


将 SSL 与 Apache 插件一起使用

可以使用安全套接口层(Secure Socket Layer,简称 SSL)协议保护 Apache HTTP Server 插件和 WebLogic Server 之间的连接。SSL 协议对 Apache HTTP Server 插件和 WebLogic Server 之间传递的数据提供机密性和完整性。

Apache HTTP Server 插件不使用 HTTP 请求中(通常由浏览器)指定的传输协议(httphttps)来确定是否使用 SSL 协议来保护 Apache HTTP Server 插件和 WebLogic Server 之间的连接。

虽然可以在 HTTP 客户端和 Apache HTTP Server 之间使用双向 SSL,但请注意,在 Apache HTTP Server 和 WebLogic Server 之间使用的是单向 SSL。

配置 Apache HTTP Server 插件和 WebLogic Server 之间的 SSL

要在 Apache HTTP Server 插件和 WebLogic Server 之间使用 SSL 协议,请执行下列操作:

  1. 针对 SSL 配置 WebLogic Server。有关详细信息,请参阅配置 SSL
  2. 配置 WebLogic Server SSL 监听端口。有关详细信息,请参阅配置 SSL
  3. 在 Apache Server 中,将 httpd.conf 文件中的 WebLogicPort 参数设置为步骤 2 中配置的 WebLogic Server SSL 监听端口。
  4. 在 Apache Server 中,将 httpd.conf 文件中的 SecureProxy 参数设置为 ON
  5. httpd.conf 文件中设置可定义有关 SSL 连接的信息的任何其他参数。有关可以为插件配置的 SSL 参数的完整列表,请参阅 Web 服务器插件的 SSL 参数

SSL-Apache 配置的相关问题

配置 Apache 插件以使用 SSL 时会出现以下已知问题:

  • 要准备插件配置,请双击锁以进入证书路径:

    * 选择根 CA(在顶部)

    * 显示它

    * 查看详细信息,然后使用编码的“基本

    64 X509”选项将此证书复制到文件中

    * 例如,将文件保存到 MyWeblogicCAToTrust.cer(此文件也是

    PEM 文件)

  • 参数 PathTrim(请参见 Web 服务器插件的常规参数)必须在 <Location> 标记内配置。

    以下配置不正确

    <Location /weblogic>
    SetHandler weblogic-handler
    </Location>
    <IfModule mod_weblogic.c>
    WebLogicHost localhost
    WebLogicPort 7001
    PathTrim /weblogic
    </IfModule>

    以下配置是正确设置:

    <Location /weblogic>
    SetHandler weblogic-handler
    PathTrim /weblogic
    </Location>
  • Include 指令不能与 Apache SSL 一起使用。必须在 httpd.conf 文件中直接配置所有参数。使用 SSL 时请不要使用以下配置:
    <IfModule mod_weblogic.c>
    MatchExpression *.jsp
    Include weblogic.conf
    </IfModule>
  • WebLogic Server Apache 插件的当前实现不支持对 Apache SSL 使用多个证书文件。

 


连接错误和群集故障转移

当 Apache HTTP Server 插件尝试连接到 WebLogic Server 时,插件使用几个配置参数确定等待连接到 WebLogic Server 主机的时间长度,以及建立连接后插件等待响应的时间长度。如果插件无法连接或未收到响应,则插件将尝试连接到群集中的其他 WebLogic Server 实例并向其发送请求。如果连接失败或者没有来自群集中任何 WebLogic Server 的响应,则会发送错误消息。

图 3-1 说明插件如何处理故障转移。

连接失败的可能原因

WebLogic Server 主机无法响应连接请求可能表明下列问题:

  • 主机计算机的物理问题
  • 网络问题
  • 其他服务器故障

所有 WebLogic Server 实例都无法响应可能表明下列问题:

  • WebLogic Server 未运行或不可用
  • 服务器挂起
  • 数据库问题
  • 应用程序特定故障

调整以减少 Connection_Refused 错误

在有负载时,Apache 插件可能收到来自后端 WebLogic Server 实例的 CONNECTION_REFUSED 错误。可根据以下调整提示减少 CONNECTION_REFUSED 错误:

  • 提高WebLogic Server 域配置中的 AcceptBackLog 设置。
  • 在 Apache 2.0.x 上,将 httpd.conf 文件中的 KeepAlive 指令设置为 On。例如:
    # KeepAlive: Whether or not to allow persistent connections (more than
    # one request per connection). Set to "Off" to deactivate.
    #
    KeepAlive On

    请参阅位于 http://httpd.apache.org/docs-project/ 的 Apache HTTP Server 2.0 文档。

  • 减少等待时间间隔。此设置因使用的操作系统而异。例如:
    • 在 Windows NT 上,将代理和 WebLogic Server 服务器上的 TcpTimedWaitDelay 设置为较低的值。通过编辑 HKEY_LOCAL_MACHINE 下的注册表项来设置 Windows NT 中的 TIME_WAIT 时间间隔。
      SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay 

      如果此项不存在,则可以将其作为 DWORD 值创建。数字值是要等待的秒数,可将其设置为介于 30 和 240 之间的任意值。如果未设置,默认情况下 Windows NT 会将 TIME_WAIT 设置为 240 秒。

    • 在 Windows 2000 上,通过编辑 HKEY_LOCAL_MACHINE 下的注册表项降低 TcpTimedWaitDelay的值:
      SYSTEM\CurrentControlSet\Services\Tcpip\Parameters 
    • 在 Solaris 上,将设置 tcp_time_wait_interval 降低为一秒(如果可能,对 WebLogic Server 计算机和 Apache 计算机都进行此设置):
      $ndd /dev/tcp
         param name to set - tcp_time_wait_interval
         value=1000
  • 在您的计算机上提高打开文件描述符的限制。此限制因操作系统而异。使用 limit (.csh) 或 ulimit (.sh) 指令,可以制作一个脚本来提高此限制。例如:
    #!/bin/sh
    ulimit -S -n 100
    exec httpd 
  • 在 Solaris 上,提高 WebLogic Server 计算机上下列可调参数的值:
    • tcp_conn_req_max_q
    • tcp_conn_req_max_q0

单个非群集 WebLogic Server 的故障转移

如果仅运行一个 WebLogic Server 实例,则插件仅尝试连接到使用 WebLogicHost 参数定义的服务器。如果尝试失败,则会返回 HTTP 503 错误消息。插件继续尝试连接到该同一 WebLogic Server 实例,直到超出 ConnectTimeoutSecs。

动态服务器列表

使用 httpd.confweblogic.conf 文件中的 WebLogicCluster 参数指定 WebLogic Server 列表时,插件将该列表用作在群集成员之间进行负载平衡的起点。将第一个请求路由到这些服务器之一后,会返回一个动态服务器列表,其中包含群集中已更新的服务器列表。更新的列表添加群集中的任何新服务器并删除不再属于群集或无法响应请求的任何服务器。当群集中发生更改时,会使用 HTTP 响应自动更新此列表。

故障转移、Cookie 和 HTTP 会话

当请求包含存储在 Cookie 或 POST 数据中的会话信息或包含编码到 URL 中的会话信息时,会话 ID 会包含对最初建立会话的特定服务器实例(称为主服务器)的引用,并包含对复制原始会话的其他服务器(称为次级服务器)的引用。包含 Cookie 的请求会尝试连接到主服务器。如果该尝试失败,则会将该请求路由到次级服务器。如果主服务器和次级服务器均故障,则会话将丢失,插件将尝试与动态群集列表中的其他服务器建立新的连接。请参阅图 3-1 连接故障转移

注意: 如果 POST 数据大于 64K,插件将不会对 POST 数据进行解析以获取会话 ID。因此,如果您将会话 ID 存储在 POST 数据中,插件无法将请求路由到正确的主服务器或次级服务器,从而可能导致会话数据的丢失。
图 3-1 连接故障转移

连接故障转移

在上图中,红圈中允许的最大重试次数等于 ConnectTimeoutSecs 除以 ConnectRetrySecs


安装和配置 Apache HTTP Server 插件

posted @ 2007-11-13 13:08 不需要解释 阅读(3077) | 评论 (0)编辑 收藏

在很多应用下都可能有需要将用户的真实IP记录下来,这时就要获得用户的真实IP地址,在JSP里,获取客户端的IP地址的方法是:request.getRemoteAddr(),这种方法在大部分情况下都是有效的。但是在通过了Apache,Squid等反向代理软件就不能获取到客户端的真实IP地址了。

  这段时间在做IP统计的程序设计,由于服务器作了集群,使用了反向代理软件,将http://192.168.1.110:2046/的URL反向代理为http://www.xxx.com/的URL时,用request.getRemoteAddr()方法获取的IP地址是:127.0.0.1 或 192.168.1.110,而并不是客户端的真实IP。这是什么原因呢?

  这是反向代理的原因。经过代理以后,由于在客户端和服务之间增加了中间层,因此服务器无法直接拿到客户端的IP,服务器端应用也无法直接通过转发请求的地址返回给客户端。但是在转发请求的HTTP头信息中,增加了X-FORWARDED-FOR信息。用以跟踪原有的客户端IP地址和原来客户端请求的服务器地址。当我们访问http://www.xxx.com/index.jsp/时,其实并不是我们浏览器真正访问到了服务器上的index.jsp文件,而是先由代理服务器去访问http://192.168.1.110:2046/index.jsp,代理服务器再将访问到的结果返回给我们的浏览器,因为是代理服务器去访问index.jsp的,所以index.jsp中通过request.getRemoteAddr()的方法获取的IP实际上是代理服务器的地址,并不是客户端的IP地址。

  于是可得出获得客户端真实IP地址的方法一:

1 public String getIpAddr(HttpServletRequest request) {
2      String ip = request.getHeader("x-forwarded-for");
3      if(ip == null || ip.length() == 0{
4            ip = request.getRemoteAddr();
5        }

6        return ip;
7    }

  可是当我访问http://www.xxx.com/index.jsp/时,返回的IP地址始终是unknown,也并不是如上所示的127.0.0.1 或 192.168.1.110了,而我访问http://192.168.1.110:2046/index.jsp时,则能返回客户端的真实IP地址,写了个方法去验证。

  
 1<%@ page import="java.util.*" %>
 2<table border=1 cellspacing=0 cellpadding=0 align=center> 
 3<tr> 
 4<th>Name</th> 
 5<th>Value</th> 
 6</tr> 
 7<% 
 8Enumeration enumNames; 
 9String strName,strValue; 
10
11enumNames = request.getHeaderNames(); 
12while(enumNames.hasMoreElements()){ 
13    strName = (String)enumNames.nextElement(); 
14    strValue = request.getHeader(strName); 
15    
%> 
16    <tr> 
17    <td><%=strName%></td> 
18    <td><%=strValue%></td> 
19    </tr> 
20    <% 
21
22
%>
23<tr>
24</table>
25


  出来的结果:X-Forwarded-For: unknown 。X-Forwarded-For确实存在,但其值却为unknown,继续找原因。上网搜了搜,原因出在了Squid上。

squid.conf 的配制文件 forwarded_for 项默认是为on,如果 forwarded_for 设成了 off  则:

X-Forwarded-For: unknown

一查,发现forwarded_for 项设为了off,原因找到了,把forwarded_for 项设为了on,重启后,访问http://www.xxx.com/index.jsp/ 获得的IP是客户端的真实IP。

  于是可得出获得客户端真实IP地址的方法二:

 1    public String getIpAddr(HttpServletRequest request) {
 2        String ip = request.getHeader("x-forwarded-for");
 3        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
 4            ip = request.getHeader("Proxy-Client-IP");
 5        }

 6        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
 7            ip = request.getHeader("WL-Proxy-Client-IP");
 8        }

 9        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
10            ip = request.getRemoteAddr();
11        }

12        return ip;
13    }

14



  可是,如果通过了多级反向代理的话,X-Forwarded-For的值并不止一个,而是一串Ip值,究竟哪个才是真正的用户端的真实IP呢?

  答案是取X-Forwarded-For中第一个非unknown的有效IP字符串。

  如:
  X-Forwarded-For:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100
  用户真实IP为: 192.168.1.110

posted @ 2007-11-13 12:52 不需要解释 阅读(623) | 评论 (0)编辑 收藏

High Performance Web Sites: The Importance of Front-End Performance

In 2004, I started the Exceptional Performance group at Yahoo!. We're a small team chartered to measure and improve the performance of Yahoo!'s products. Having worked as a back-end engineer most of my career, I approached this as I would a code optimization project - I profiled web performance to identify where there was the greatest opportunity for improvement. Since our goal is to improve the end-user experience, I measured response times in a browser over various bandwidth speeds. What I saw is illustrated in the following chart showing HTTP traffic for http://www.yahoo.com.

In the figure above, the first bar, labeled "html", is the initial request for the HTML document. In this case, only 5% of the end-user response time is spent fetching the HTML document. This result holds true for almost all web sites. In sampling the top ten U.S. websites, all but one spend less than 20% of the total response time getting the HTML document. The other 80+% of the time is spent dealing with what's in the HTML document, namely, the front-end. That's why the key to faster web sites is to focus on improving front-end performance.

There are three main reasons why front-end performance is the place to start.

  1. There is more potential for improvement by focusing on the front-end. Cutting it in half reduces response times by 40% or more, whereas cutting back-end performance in half results in less than a 10% reduction.
  2. Front-end improvements typically require less time and resources than back-end projects (redesigning application architecture and code, finding and optimizing critical code paths, adding or modifying hardware, distributing databases, etc.).
  3. Front-end performance tuning has been proven to work. Over fifty teams at Yahoo! have reduced their end-user response times by following our performance best practices, often by 25% or more.

Our performance golden rule is: optimize front-end performance first, that's where 80% or more of the end-user response time is spent.

Discuss the Importance of Front-End Performance

1: Minimize HTTP Requests

80% of the end-user response time is spent on the front-end. Most of this time is tied up in downloading all the components in the page: images, stylesheets, scripts, Flash, etc. Reducing the number of components in turn reduces the number of HTTP requests required to render the page. This is the key to faster pages.

One way to reduce the number of components in the page is to simplify the page's design. But is there a way to build pages with richer content while also achieving fast response times? Here are some techniques for reducing the number of HTTP requests, while still supporting rich page designs.

Image maps combine multiple images into a single image. The overall size is about the same, but reducing the number of HTTP requests speeds up the page. Image maps only work if the images are contiguous in the page, such as a navigation bar. Defining the coordinates of image maps can be tedious and error prone.

CSS Sprites are the preferred method for reducing the number of image requests. Combine all the images in your page into a single image and use the CSS background-image and background-position properties to display the desired image segment.

Inline images use the data: URL scheme to embed the image data in the actual page. This can increase the size of your HTML document. Combining inline images into your (cached) stylesheets is a way to reduce HTTP requests and avoid increasing the size of your pages.

Combined files are a way to reduce the number of HTTP requests by combining all scripts into a single script, and similarly combining all stylesheets into a single stylesheet. It's a simple idea that hasn't seen wide adoption. The ten top U.S. web sites average 7 scripts and 2 stylesheets per page. Combining files is more challenging when the scripts and stylesheets vary from page to page, but making this part of your release process improves response times.

Reducing the number of HTTP requests in your page is the place to start. This is the most important guideline for improving performance for first time visitors. As described in Tenni Theurer's blog Browser Cache Usage - Exposed!, 40-60% of daily visitors to your site come in with an empty cache. Making your page fast for these first time visitors is key to a better user experience.

Discuss Rule 1

2: Use a Content Delivery Network

The user's proximity to your web server has an impact on response times. Deploying your content across multiple, geographically dispersed servers will make your pages load faster from the user's perspective. But where should you start?

As a first step to implementing geographically dispersed content, don't attempt to redesign your web application to work in a distributed architecture. Depending on the application, changing the architecture could include daunting tasks such as synchronizing session state and replicating database transactions across server locations. Attempts to reduce the distance between users and your content could be delayed by, or never pass, this application architecture step.

Remember that 80-90% of the end-user response time is spent downloading all the components in the page: images, stylesheets, scripts, Flash, etc. This is the Performance Golden Rule, as explained in The Importance of Front-End Performance. Rather than starting with the difficult task of redesigning your application architecture, it's better to first disperse your static content. This not only achieves a bigger reduction in response times, but it's easier thanks to content delivery networks.

A content delivery network (CDN) is a collection of web servers distributed across multiple locations to deliver content more efficiently to users. The server selected for delivering content to a specific user is typically based on a measure of network proximity. For example, the server with the fewest network hops or the server with the quickest response time is chosen.

Some large Internet companies own their own CDN, but it's cost-effective to use a CDN service provider, such as Akamai Technologies, Mirror Image Internet, or Limelight Networks. For start-up companies and private web sites, the cost of a CDN service can be prohibitive, but as your target audience grows larger and becomes more global, a CDN is necessary to achieve fast response times. At Yahoo!, properties that moved static content off their application web servers to a CDN improved end-user response times by 20% or more. Switching to a CDN is a relatively easy code change that will dramatically improve the speed of your web site.

Discuss Rule 2

3: Add an Expires Header

Web page designs are getting richer and richer, which means more scripts, stylesheets, images, and Flash in the page. A first-time visitor to your page may have to make several HTTP requests, but by using the Expires header you make those components cacheable. This avoids unnecessary HTTP requests on subsequent page views. Expires headers are most often used with images, but they should be used on all components including scripts, stylesheets, and Flash components.

Browsers (and proxies) use a cache to reduce the number and size of HTTP requests, making web pages load faster. A web server uses the Expires header in the HTTP response to tell the client how long a component can be cached. This is a far future Expires header, telling the browser that this response won't be stale until April 15, 2010.

      Expires: Thu, 15 Apr 2010 20:00:00 GMT

 

If your server is Apache, use the ExiresDefault directive to set an expiration date relative to the current date. This example of the ExpiresDefault directive sets the Expires date 10 years out from the time of the request.

      ExpiresDefault "access plus 10 years"

 

Keep in mind, if you use a far future Expires header you have to change the component's filename whenever the component changes. At Yahoo! we often make this step part of the build process: a version number is embedded in the component's filename, for example, yahoo_2.0.6.js.

Using a far future Expires header affects page views only after a user has already visited your site. It has no effect on the number of HTTP requests when a user visits your site for the first time and the browser's cache is empty. The impact of this performance improvement depends, therefore, on how often users hit your pages with a primed cache. (A "primed cache" already contains all of the components in the page.) We measured this at Yahoo! and found the number of page views with a primed cache is 75-85%. By using a far future Expires header, you increase the number of components that are cached by the browser and re-used on subsequent page views without sending a single byte over the user's Internet connection.

Discuss Rule 3

4: Gzip Components

The time it takes to transfer an HTTP request and response across the network can be significantly reduced by decisions made by front-end engineers. It's true that the end-user's bandwidth speed, Internet service provider, proximity to peering exchange points, etc. are beyond the control of the development team. But there are other variables that affect response times. Compression reduces response times by reducing the size of the HTTP response.

Starting with HTTP/1.1, web clients indicate support for compression with the Accept-Encoding header in the HTTP request.

      Accept-Encoding: gzip, deflate

If the web server sees this header in the request, it may compress the response using one of the methods listed by the client. The web server notifies the web client of this via the Content-Encoding header in the response.

      Content-Encoding: gzip

Gzip is the most popular and effective compression method at this time. It was developed by the GNU project and standardized by RFC 1952. The only other compression format you're likely to see is deflate, but it's less effective and less popular.

Gzipping generally reduces the response size by about 70%. Approximately 90% of today's Internet traffic travels through browsers that claim to support gzip. If you use Apache, the module configuring gzip depends on your version: Apache 1.3 uses mod_gzip while Apache 2.x uses mod_deflate.

There are known issues with browsers and proxies that may cause a mismatch in what the browser expects and what it receives with regard to compressed content. Fortunately, these edge cases are dwindling as the use of older browsers drops off. The Apache modules help out by adding appropriate Vary response headers automatically.

Servers choose what to gzip based on file type, but are typically too limited in what they decide to compress. Most web sites gzip their HTML documents. It's also worthwhile to gzip your scripts and stylesheets, but many web sites miss this opportunity. In fact, it's worthwhile to compress any text response including XML and JSON. Image and PDF files should not be gzipped because they are already compressed. Trying to gzip them not only wastes CPU but can potentially increase file sizes.

Gzipping as many file types as possible is an easy way to reduce page weight and accelerate the user experience.

Discuss Rule 4

5: Put Stylesheets at the Top

While researching performance at Yahoo!, we discovered that moving stylesheets to the document HEAD makes pages load faster. This is because putting stylesheets in the HEAD allows the page to render progressively.

Front-end engineers that care about performance want a page to load progressively; that is, we want the browser to display whatever content it has as soon as possible. This is especially important for pages with a lot of content and for users on slower Internet connections. The importance of giving users visual feedback, such as progress indicators, has been well researched and documented. In our case the HTML page is the progress indicator! When the browser loads the page progressively the header, the navigation bar, the logo at the top, etc. all serve as visual feedback for the user who is waiting for the page. This improves the overall user experience.

The problem with putting stylesheets near the bottom of the document is that it prohibits progressive rendering in many browsers, including Internet Explorer. Browsers block rendering to avoid having to redraw elements of the page if their styles change. The user is stuck viewing a blank white page. Firefox doesn't block rendering, which means when the stylesheet is done loading it's possible elements in the page will have to be redrawn, resulting in the flash of unstyled content problem.

The HTML specification clearly states that stylesheets are to be included in the HEAD of the page: "Unlike A, [LINK] may only appear in the HEAD section of a document, although it may appear any number of times." Neither of the alternatives, the blank white screen or flash of unstyled content, are worth the risk. The optimal solution is to follow the HTML specification and load your stylesheets in the document HEAD.

Discuss Rule 5

6: Put Scripts at the Bottom

Rule 5 described how stylesheets near the bottom of the page prohibit progressive rendering, and how moving them to the document HEAD eliminates the problem. Scripts (external JavaScript files) pose a similar problem, but the solution is just the opposite: it's better to move scripts from the top to as low in the page as possible. One reason is to enable progressive rendering, but another is to achieve greater download parallelization.

With stylesheets, progressive rendering is blocked until all stylesheets have been downloaded. That's why it's best to move stylesheets to the document HEAD, so they get downloaded first and rendering isn't blocked. With scripts, progressive rendering is blocked for all content below the script. Moving scripts as low in the page as possible means there's more content above the script that is rendered sooner.

The second problem caused by scripts is blocking parallel downloads. The HTTP/1.1 specification suggests that browsers download no more than two components in parallel per hostname. If you serve your images from multiple hostnames, you can get more than two downloads to occur in parallel. (I've gotten Internet Explorer to download over 100 images in parallel.) While a script is downloading, however, the browser won't start any other downloads, even on different hostnames.

In some situations it's not easy to move scripts to the bottom. If, for example, the script uses document.write to insert part of the page's content, it can't be moved lower in the page. There might also be scoping issues. In many cases, there are ways to workaround these situations.

An alternative suggestion that often comes up is to use deferred scripts. The DEFER attribute indicates that the script does not contain document.write, and is a clue to browsers that they can continue rendering. Unfortunately, Firefox doesn't support the DEFER attribute. In Internet Explorer, the script may be deferred, but not as much as desired. If a script can be deferred, it can also be moved to the bottom of the page. That will make your web pages load faster.

Discuss Rule 6

7: Avoid CSS Expressions

CSS expressions are a powerful (and dangerous) way to set CSS properties dynamically. They're supported in Internet Explorer, starting with version 5. As an example, the background color could be set to alternate every hour using CSS expressions.

      background-color: expression( (new Date()).getHours()%2 ? "#B8D4FF" : "#F08A00" );

 

As shown here, the expression method accepts a JavaScript expression. The CSS property is set to the result of evaluating the JavaScript expression. The expression method is ignored by other browsers, so it is useful for setting properties in Internet Explorer needed to create a consistent experience across browsers.

The problem with expressions is that they are evaluated more frequently than most people expect. Not only are they evaluated when the page is rendered and resized, but also when the page is scrolled and even when the user moves the mouse over the page. Adding a counter to the CSS expression allows us to keep track of when and how often a CSS expression is evaluated. Moving the mouse around the page can easily generate more than 10,000 evaluations.

One way to reduce the number of times your CSS expression is evaluated is to use one-time expressions, where the first time the expression is evaluated it sets the style property to an explicit value, which replaces the CSS expression. If the style property must be set dynamically throughout the life of the page, using event handlers instead of CSS expressions is an alternative approach. If you must use CSS expressions, remember that they may be evaluated thousands of times and could affect the performance of your page.

Discuss Rule 7

8: Make JavaScript and CSS External

Many of these performance rules deal with how external components are managed. However, before these considerations arise you should ask a more basic question: Should JavaScript and CSS be contained in external files, or inlined in the page itself?

Using external files in the real world generally produces faster pages because the JavaScript and CSS files are cached by the browser. JavaScript and CSS that are inlined in HTML documents get downloaded every time the HTML document is requested. This reduces the number of HTTP requests that are needed, but increases the size of the HTML document. On the other hand, if the JavaScript and CSS are in external files cached by the browser, the size of the HTML document is reduced without increasing the number of HTTP requests.

The key factor, then, is the frequency with which external JavaScript and CSS components are cached relative to the number of HTML documents requested. This factor, although difficult to quantify, can be gauged using various metrics. If users on your site have multiple page views per session and many of your pages re-use the same scripts and stylesheets, there is a greater potential benefit from cached external files.

Many web sites fall in the middle of these metrics. For these properties, the best solution generally is to deploy the JavaScript and CSS as external files. The only exception I've seen where inlining is preferable is with home pages, such as Yahoo!'s front page (http://www.yahoo.com) and My Yahoo! (http://my.yahoo.com). Home pages that have few (perhaps only one) page view per session may find that inlining JavaScript and CSS results in faster end-user response times.

For front pages that are typically the first of many page views, there are techniques that leverage the reduction of HTTP requests that inlining provides, as well as the caching benefits achieved through using external files. One such technique is to inline JavaScript and CSS in the front page, but dynamically download the external files after the page has finished loading. Subsequent pages would reference the external files that should already be in the browser's cache.

Discuss Rule 8

9: Reduce DNS Lookups

The Domain Name System (DNS) maps hostnames to IP addresses, just as phonebooks map people's names to their phone numbers. When you type www.yahoo.com into your browser, a DNS resolver contacted by the browser returns that server's IP address. DNS has a cost. It typically takes 20-120 milliseconds for DNS to lookup the IP address for a given hostname. The browser can't download anything from this hostname until the DNS lookup is completed.

DNS lookups are cached for better performance. This caching can occur on a special caching server, maintained by the user's ISP or local area network, but there is also caching that occurs on the individual user's computer. The DNS information remains in the operating system's DNS cache (the "DNS Client service" on Microsoft Windows). Most browsers have their own caches, separate from the operating system's cache. As long as the browser keeps a DNS record in its own cache, it doesn't bother the operating system with a request for the record.

Internet Explorer caches DNS lookups for 30 minutes by default, as specified by the DnsCacheTimeout registry setting. Firefox caches DNS lookups for 1 minute, controlled by the network.dnsCacheExpiration configuration setting. (Fasterfox changes this to 1 hour.)

When the client's DNS cache is empty (for both the browser and the operating system), the number of DNS lookups is equal to the number of unique hostnames in the web page. This includes the hostnames used in the page's URL, images, script files, stylesheets, Flash objects, etc. Reducing the number of unique hostnames reduces the number of DNS lookups.

Reducing the number of unique hostnames has the potential to reduce the amount of parallel downloading that takes place in the page. Avoiding DNS lookups cuts response times, but reducing parallel downloads may increase response times. My guideline is to split these components across at least two but no more than four hostnames. This results in a good compromise between reducing DNS lookups and allowing a high degree of parallel downloads.

Discuss Rule 9

10: Minify JavaScript

Minification is the practice of removing unnecessary characters from code to reduce its size thereby improving load times. When code is minified all comments are removed, as well as unneeded white space characters (space, newline, and tab). In the case of JavaScript, this improves response time performance because the size of the downloaded file is reduced. Two popular tools for minifying JavaScript code are JSMin and YUI Compressor.

Obfuscation is an alternative optimization that can be applied to source code. Like minification, it removes comments and white space, but it also munges the code. As part of munging, function and variable names are converted into smaller strings making the code more compact as well as harder to read. This is typically done to make it more difficult to reverse engineer the code. But munging can help performance because it reduces the code size beyond what is achieved by minification. The tool-of-choice is less clear in the area of JavaScript obfuscation. Dojo Compressor (ShrinkSafe) is the one I've seen used the most.

Minification is a safe, fairly straightforward process. Obfuscation, on the other hand, is more complex and thus more likely to generate bugs as a result of the obfuscation step itself. Obfuscation also requires modifying your code to indicate API functions and other symbols that should not be munged. It also makes it harder to debug your code in production. Although I've never seen problems introduced from minification, I have seen bugs caused by obfuscation. In a survey of ten top U.S. web sites, minification achieved a 21% size reduction versus 25% for obfuscation. Although obfuscation has a higher size reduction, I recommend minifying JavaScript code because of the reduced risks and maintenance costs.

In addition to minifying external scripts, inlined script blocks can and should also be minified. Even if you gzip your scripts, as described in Rule 4, minifying them will still reduce the size by 5% or more. As the use and size of JavaScript increases, so will the savings gained by minifying your JavaScript code.

Discuss Rule 10

11: Avoid Redirects

Redirects are accomplished using the 301 and 302 status codes. Here's an example of the HTTP headers in a 301 response:

      HTTP/1.1 301 Moved Permanently
Location: http://example.com/newuri
Content-Type: text/html

 

The browser automatically takes the user to the URL specified in the Location field. All the information necessary for a redirect is in the headers. The body of the response is typically empty. Despite their names, neither a 301 nor a 302 response is cached in practice unless additional headers, such as Expires or Cache-Control, indicate it should be. The meta refresh tag and JavaScript are other ways to direct users to a different URL, but if you must do a redirect, the preferred technique is to use the standard 3xx HTTP status codes, primarily to ensure the back button works correctly.

The main thing to remember is that redirects slow down the user experience. Inserting a redirect between the user and the HTML document delays everything in the page since nothing in the page can be rendered and no components can start being downloaded until the HTML document has arrived.

One of the most wasteful redirects happens frequently and web developers are generally not aware of it. It occurs when a trailing slash (/) is missing from a URL that should otherwise have one. For example, going to http://astrology.yahoo.com/astrology results in a 301 response containing a redirect to http://astrology.yahoo.com/astrology/ (notice the added trailing slash). This is fixed in Apache by using Alias or mod_rewrite, or the DirectorySlash directive if you're using Apache handlers.

Connecting an old web site to a new one is another common use for redirects. Others include connecting different parts of a website and directing the user based on certain conditions (type of browser, type of user account, etc.). Using a redirect to connect two web sites is simple and requires little additional coding. Although using redirects in these situations reduces the complexity for developers, it degrades the user experience. Alternatives for this use of redirects include using Alias and mod_rewrite if the two code paths are hosted on the same server. If a domain name change is the cause of using redirects, an alternative is to create a CNAME (a DNS record that creates an alias pointing from one domain name to another) in combination with Alias or mod_rewrite.

Discuss Rule 11

12: Remove Duplicate Scripts

It hurts performance to include the same JavaScript file twice in one page. This isn't as unusual as you might think. A review of the ten top U.S. web sites shows that two of them contain a duplicated script. Two main factors increase the odds of a script being duplicated in a single web page: team size and number of scripts. When it does happen, duplicate scripts hurt performance by creating unnecessary HTTP requests and wasted JavaScript execution.

Unnecessary HTTP requests happen in Internet Explorer, but not in Firefox. In Internet Explorer, if an external script is included twice and is not cacheable, it generates two HTTP requests during page loading. Even if the script is cacheable, extra HTTP requests occur when the user reloads the page.

In addition to generating wasteful HTTP requests, time is wasted evaluating the script multiple times. This redundant JavaScript execution happens in both Firefox and Internet Explorer, regardless of whether the script is cacheable.

One way to avoid accidentally including the same script twice is to implement a script management module in your templating system. The typical way to include a script is to use the SCRIPT tag in your HTML page.

      script type="text/javascript" src="menu_1.0.17.js"></script>

An alternative in PHP would be to create a function called insertScript.

      <?php insertScript("menu.js") ?>

In addition to preventing the same script from being inserted multiple times, this function could handle other issues with scripts, such as dependency checking and adding version numbers to script filenames to support far future Expires headers.

Discuss Rule 12

13: Configure ETags

Entity tags (ETags) are a mechanism that web servers and browsers use to determine whether the component in the browser's cache matches the one on the origin server. (An "entity" is another word for what I've been calling a "component": images, scripts, stylesheets, etc.) ETags were added to provide a mechanism for validating entities that is more flexible than the last-modified date. An ETag is a string that uniquely identifies a specific version of a component. The only format constraints are that the string be quoted. The origin server specifies the component's ETag using the ETag response header.

      HTTP/1.1 200 OK
Last-Modified: Tue, 12 Dec 2006 03:03:59 GMT
ETag: "10c24bc-4ab-457e1c1f"
Content-Length: 12195

 

Later, if the browser has to validate a component, it uses the If-None-Match header to pass the ETag back to the origin server. If the ETags match, a 304 status code is returned reducing the response by 12195 bytes for this example.

      GET /i/yahoo.gif HTTP/1.1
Host: us.yimg.com
If-Modified-Since: Tue, 12 Dec 2006 03:03:59 GMT
If-None-Match: "10c24bc-4ab-457e1c1f"
HTTP/1.1 304 Not Modified

 

The problem with ETags is that they typically are constructed using attributes that make them unique to a specific server hosting a site. ETags won't match when a browser gets the original component from one server and later tries to validate that component on a different server, a situation that is all too common on Web sites that use a cluster of servers to handle requests. By default, both Apache and IIS embed data in the ETag that dramatically reduces the odds of the validity test succeeding on web sites with multiple servers.

The ETag format for Apache 1.3 and 2.x is inode-size-timestamp. Although a given file may reside in the same directory across multiple servers, and have the same file size, permissions, timestamp, etc., its inode is different from one server to the next.

IIS 5.0 and 6.0 have a similar issue with ETags. The format for ETags on IIS is Filetimestamp:ChangeNumber. A ChangeNumber is a counter used to track configuration changes to IIS. It's unlikely that the ChangeNumber is the same across all IIS servers behind a web site.

The end result is ETags generated by Apache and IIS for the exact same component won't match from one server to another. If the ETags don't match, the user doesn't receive the small, fast 304 response that ETags were designed for; instead, they'll get a normal 200 response along with all the data for the component. If you host your web site on just one server, this isn't a problem. But if you have multiple servers hosting your web site, and you're using Apache or IIS with the default ETag configuration, your users are getting slower pages, your servers have a higher load, you're consuming greater bandwidth, and proxies aren't caching your content efficiently. Even if your components have a far future Expires header, a conditional GET request is still made whenever the user hits Reload or Refresh.

If you're not taking advantage of the flexible validation model that ETags provide, it's better to just remove the ETag altogether. The Last-Modified header validates based on the component's timestamp. And removing the ETag reduces the size of the HTTP headers in both the response and subsequent requests. This Microsoft Support article describes how to remove ETags. In Apache, this is done by simply adding the following line to your Apache configuration file:

      FileETag none

Discuss Rule 13

14: Make Ajax Cacheable

People ask whether these performance rules apply to Web 2.0 applications. They definitely do! This rule is the first rule that resulted from working with Web 2.0 applications at Yahoo!.

One of the cited benefits of Ajax is that it provides instantaneous feedback to the user because it requests information asynchronously from the backend web server. However, using Ajax is no guarantee that the user won't be twiddling his thumbs waiting for those asynchronous JavaScript and XML responses to return. In many applications, whether or not the user is kept waiting depends on how Ajax is used. For example, in a web-based email client the user will be kept waiting for the results of an Ajax request to find all the email messages that match their search criteria. It's important to remember that "asynchronous" does not imply "instantaneous".

To improve performance, it's important to optimize these Ajax responses. The most important way to improve the performance of Ajax is to make the responses cacheable, as discussed in Rule 3: Add an Expires Header. Some of the other rules also apply to Ajax:

 

However, Rule 3 is the most important for speeding up the user experience. Let's look at an example. A Web 2.0 email client might use Ajax to download the user's address book for autocompletion. If the user hasn't modified her address book since the last time she used the email web app, the previous address book response could be read from cache if that Ajax response was made cacheable with a future Expires header. The browser must be informed when to use a previously cached address book response versus requesting a new one. This could be done by adding a timestamp to the address book Ajax URL indicating the last time the user modified her address book, for example, &t=1190241612. If the address book hasn't been modified since the last download, the timestamp will be the same and the address book will be read from the browser's cache eliminating an extra HTTP roundtrip. If the user has modified her address book, the timestamp ensures the new URL doesn't match the cached response, and the browser will request the updated address book entries.

Even though your Ajax responses are created dynamically, and might only be applicable to a single user, they can still be cached. Doing so will make your Web 2.0 apps faster.

Discuss Rule 14

posted @ 2007-11-13 12:51 不需要解释 阅读(390) | 评论 (0)编辑 收藏

     摘要:   Jetspeed2.0最终release版本发布于2005年12月, 可以从以下网址下载源代码和捆绑tomcat的压缩文件: http://www.apache.org/dist/portals/jetspeed-2/   。 与Jetspeed1.x比较,Jetspeed2.0 (以下简称J2)的架构发生了很大变化, J1.x使用了Turbine,在J2中T...  阅读全文

posted @ 2007-11-13 11:10 不需要解释 阅读(5642) | 评论 (0)编辑 收藏

通常,软件的漏洞信息和特定版本是相关的,因此,版本号对黑客来说是最有价值的。
默认情况下,系统会把Apache版本模块都显示出来(http返回头)。如果列举目录的话,会显示域名信息(文件列表正文),去除Apache版本号的方法是修改配置文件/etc/httpd.conf。找到关键字ServerSignature,将其设定为:
ServerSignature Off
ServerTokens Prod

然后重新启动Apache服务器。
通过分析Web服务器的类型,大致可以推测出操作系统的类型,比如,Windows使用IIS来提供HTTP服务,而Linux中最常见的是Apache。
默认的Apache配置里没有任何信息保护机制,并且允许目录浏览。通过目录浏览,通常可以获得类似“Apache/1.3.27 Server at apache.linuxforum.net Port 80”或“Apache/2.0.49 (Unix) PHP/4.3.8”的信息。
通过修改配置文件中的ServerTokens参数,可以将Apache的相关信息隐藏起来。但是,Red Hat Linux运行的Apache是编译好的程序,提示信息被编译在程序里,要隐藏这些信息需要修改Apache的源代码,然后,重新编译安装程序,以替换里面的提示内容。
以Apache 2.0.50为例,编辑ap_release.h文件,修改“#define AP_SERVER_BASEPRODUCT \"Apache\"”为“#define AP_SERVER_BASEPRODUCT \"Microsoft-IIS/5.0\"”。编辑os/unix/os.h文件,修改“#define PLATFORM \"Unix\"”为“#define PLATFORM \"Win32\"”。修改完毕后,重新编译、安装Apache。
Apache安装完成后,修改httpd.conf配置文件,将“ServerTokens Full”改为“ServerTokens Prod”;将“ServerSignature On”改为“ServerSignature Off”,然后存盘退出。重新启动Apache后,用工具进行扫描,发现提示信息中已经显示操作系统为Windows。

posted @ 2007-11-13 10:50 不需要解释 阅读(343) | 评论 (0)编辑 收藏

Apache 2.XX中prefork.c模块和worker.c模块的比较

空闲子进程:是指没有正在处理请求的子进程。

1、prefork.c模块(一个非线程型的、预派生的MPM)
    prefork MPM 使用多个子进程,每个子进程只有一个线程。每个进程在某个确定的时间只能维持一个连接。在大多数平台上,Prefork MPM在效率上要比Worker MPM要高,但是内存使用大得多。prefork的无线程设计在某些情况下将比worker更有优势:它可以使用那些没有处理好线程安全的第三方模块,并且对于那些线程调试困难的平台而言,它也更容易调试一些。

<IfModule prefork.c>
ServerLimit  20000
StartServers  5
MinSpareServers  5
MaxSpareServers  10
MaxClients  1000
MaxRequestsPerChild 0
</IfModule>

ServerLimit     2000
//默认的MaxClient最大是256个线程,如果想设置更大的值,就的加上ServerLimit这个参数。20000是ServerLimit这个参数的最大值。如果需要更大,则必须编译apache,此前都是不需要重新编译Apache。
生效前提:必须放在其他指令的前面

StartServers  5
//指定服务器启动时建立的子进程数量,prefork默认为5。

MinSpareServers  5
//指定空闲子进程的最小数量,默认为5。如果当前空闲子进程数少于MinSpareServers ,那么Apache将以最大每秒一个的速度产生新的子进程。此参数不要设的太大。

MaxSpareServers  10
//设置空闲子进程的最大数量,默认为10。如果当前有超过MaxSpareServers数量的空闲子进程,那么父进程将杀死多余的子进程。此参数不要设的太大。如果你将该指令的值设置为比MinSpareServers小,Apache将会自动将其修改成"MinSpareServers+1"。

MaxClients  256
//限定同一时间客户端最大接入请求的数量(单个进程并发线程数),默认为256。任何超过MaxClients限制的请求都将进入等候队列,一旦一个链接被释放,队列中的请求将得到服务。要增大这个值,你必须同时增大ServerLimit 。

MaxRequestsPerChild 10000
//每个子进程在其生存期内允许伺服的最大请求数量,默认为10000.到达MaxRequestsPerChild的限制后,子进程将会结束。如果MaxRequestsPerChild为"0",子进程将永远不会结束。

将MaxRequestsPerChild设置成非零值有两个好处:
1.可以防止(偶然的)内存泄漏无限进行,从而耗尽内存。
2.给进程一个有限寿命,从而有助于当服务器负载减轻的时候减少活动进程的数量。

工作方式:
一个单独的控制进程(父进程)负责产生子进程,这些子进程用于监听请求并作出应答。Apache总是试图保持一些备用的(spare)或者是空闲的子进程用于迎接即将到来的请求。这样客户端就不需要在得到服务前等候子进程的产生。在Unix系统中,父进程通常以root身份运行以便邦定80端口,而Apache产生的子进程通常以一个低特权的用户运行。User和Group指令用于设置子进程的低特权用户。运行子进程的用户必须要对它所服务的内容有读取的权限,但是对服务内容之外的其他资源必须拥有尽可能少的权限。


2、worker.c模块(支持混合的多线程多进程的多路处理模块)
    worker MPM 使用多个子进程,每个子进程有多个线程。每个线程在某个确定的时间只能维持一个连接。通常来说,在一个高流量的HTTP服务器上,Worker MPM是个比较好的选择,因为Worker MPM的内存使用比Prefork MPM要低得多。但worker MPM也由不完善的地方,如果一个线程崩溃,整个进程就会连同其所有线程一起"死掉".由于线程共享内存空间,所以一个程序在运行时必须被系统识别为"每个线程都是安全的"。

<IfModule worker.c>
ServerLimit  50
ThreadLimit  200
StartServers  5
MaxClients  5000
MinSpareThreads  25
MaxSpareThreads  500
ThreadsPerChild  100
MaxRequestsPerChild 0
</IfModule>

ServerLimit 16
//服务器允许配置的进程数上限。这个指令和ThreadLimit结合使用设置了MaxClients最大允许配置的数值。任何在重启期间对这个指令的改变都将被忽略,但对MaxClients的修改却会生效。

ThreadLimit 64
//每个子进程可配置的线程数上限。这个指令设置了每个子进程可配置的线程数ThreadsPerChild上限。任何在重启期间对这个指令的改变都将被忽略,但对ThreadsPerChild的修改却会生效。默认值是"64".

StartServers 3
//服务器启动时建立的子进程数,默认值是"3"。

MinSpareThreads 75
//最小空闲线程数,默认值是"75"。这个MPM将基于整个服务器监视空闲线程数。如果服务器中总的空闲线程数太少,子进程将产生新的空闲线程。

MaxSpareThreads 250
//设置最大空闲线程数。默认值是"250"。这个MPM将基于整个服务器监视空闲线程数。如果服务器中总的空闲线程数太多,子进程将杀死多余的空闲线程。MaxSpareThreads的取值范围是有限制的。Apache将按照如下限制自动修正你设置的值:worker要求其大于等于MinSpareThreads加上ThreadsPerChild的和

MaxClients 400
//允许同时伺服的最大接入请求数量(最大线程数量)。任何超过MaxClients限制的请求都将进入等候队列。默认值是"400",16(ServerLimit)乘以25(ThreadsPerChild)的结果。因此要增加MaxClients的时候,你必须同时增加ServerLimit的值。

ThreadsPerChild 25
//每个子进程建立的常驻的执行线程数。默认值是25。子进程在启动时建立这些线程后就不再建立新的线程了。

MaxRequestsPerChild  0
//设置每个子进程在其生存期内允许伺服的最大请求数量。到达MaxRequestsPerChild的限制后,子进程将会结束。如果MaxRequestsPerChild为"0",子进程将永远不会结束。

将MaxRequestsPerChild设置成非零值有两个好处:
1.可以防止(偶然的)内存泄漏无限进行,从而耗尽内存。
2.给进程一个有限寿命,从而有助于当服务器负载减轻的时候减少活动进程的数量。
注意
对于KeepAlive链接,只有第一个请求会被计数。事实上,它改变了每个子进程限制最大链接数量的行为。

工作方式:
每个进程可以拥有的线程数量是固定的。服务器会根据负载情况增加或减少进程数量。一个单独的控制进程(父进程)负责子进程的建立。每个子进程可以建立ThreadsPerChild数量的服务线程和一个监听线程,该监听线程监听接入请求并将其传递给服务线程处理和应答。Apache总是试图维持一个备用(spare)或是空闲的服务线程池。这样,客户端无须等待新线程或新进程的建立即可得到处理。在Unix中,为了能够绑定80端口,父进程一般都是以root身份启动,随后,Apache以较低权限的用户建立子进程和线程。User和Group指令用于设置Apache子进程的权限。虽然子进程必须对其提供的内容拥有读权限,但应该尽可能给予它较少的特权。另外,除非使用了suexec ,否则,这些指令设置的权限将被CGI脚本所继承。


公式:
ThreadLimit >= ThreadsPerChild
MaxClients  <= ServerLimit * ThreadsPerChild  必须是ThreadsPerChild的倍数
MaxSpareThreads >= MinSpareThreads+ThreadsPerChild

硬限制:

ServerLimi和ThreadLimit这两个指令决定了活动子进程数量和每个子进程中线程数量的硬限制。要想改变这个硬限制必须完全停止服务器然后再启动服务器(直接重启是不行的)。

Apache在编译ServerLimit时内部有一个硬性的限制,你不能超越这个限制。
prefork MPM最大为"ServerLimit 200000"
其它MPM(包括work MPM)最大为"ServerLimit 20000

Apache在编译ThreadLimit时内部有一个硬性的限制,你不能超越这个限制。
mpm_winnt是"ThreadLimit 15000"
其它MPM(包括work prefork)为"ThreadLimit 20000

注意
使用ServerLimit和ThreadLimit时要特别当心。如果将ServerLimit和ThreadLimit设置成一个高出实际需要许多的值,将会有过多的共享内存被分配。当设置成超过系统的处理能力,Apache可能无法启动,或者系统将变得不稳定。

posted @ 2007-11-13 10:44 不需要解释 阅读(1737) | 评论 (0)编辑 收藏

仅列出标题
共4页: 上一页 1 2 3 4 
我实话告诉你们,我可是身经百战了.bbs我见的多了,哪个版我没灌过?你们要知道, 一塌糊 涂的triangle,PIC,SEX版,那比你们不知道厉害到哪里去了,我在那谈笑风声.你 们有一好就是无论在哪个版,什么话题都灌,但是灌来灌去的问题,都too simple, sometimes naive!你 们懂不懂呀?啊?所以说灌水啊,关键是要提高自己的知识水平.你 们啊,不要总想着弄个大坑,然后灌上十大,再把我羞辱一番……你们啊,naive!你们这 样灌是不行地!~那你問我支持 不支持灌水,我說支持,我常來這裡灌,你說支持不支持?