asg12.htm

apache技术手册

<BR>

<LI><A NAME="I299"></A>If you need user authentication, use any of the database-authentication modules that Apache provides. The dbm module provides incredible performance gains. If you have many users on your system (I would go to dbm for any number of users greater than 30, although you may not notice any improvements until you have 200+ users), using one of the database-authentication systems will provide a great speed enhancement over the inefficient flat-file version. A complete description of all user-authentication modules is given in <A HREF="asg15.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asg15.htm">Chapter 15</A>, &quot;Access Control and User Authentication.&quot; If you use one of these enhanced modules, the server will spend less time checking for permissions and serving pages. These savings can be considerable on very large htpasswd files.

<BR>

<BR>

<LI>Server-generated indexes are expensive. If the server needs to find out what files are on a directory before returning a list, this adds to the load. Create an index.html file instead, listing the contents you want to make available. If you absolutely need automatic directory indexing, you may consider writing a small program that can create an index page every so many hours versus having the server generate them on-the-fly.

<BR>

<BR>

<LI>Don't CGI unless you have to. If you need something that is generated on-the-fly, think about how often the data changes. There may be another way of providing an up-to-date result without having to build the page from a CGI every time. If you have some data that changes every few hours, or even every few minutes, prebuild a page that contains the same data. Requests will be fulfilled much more quickly, and the server load created by the CGI will be eliminated.

<BR>

<BR>

<LI>If you need to CGI, determine how server intensive your CGI is. Not all CGI programs are equal. The load generated by a Perl CGI script is several times greater than that generated by a C program. To access the load your program creates, run it by hand and use the UNIX time command to compute the resources. For more information, consult the time command in the first section of the manual. If you are using a csh, the time command is built-in. However, its output is a little different. Check your UNIX manual for more information on csh. 

<BR>

<BR>

<LI>If you are using server-side image maps, don't forget that Apache has a built-in module to handle them. Performance of the built-in module versus the CGI version is much better, and it's provided on the default Apache configuration free of charge. Even better, consider a client-side image map. However, note that client-side image maps have a different syntax from regular maps. For more information, please refer to <A HREF="asgxd.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asgxd.htm">Appendix D</A>, &quot;HTML Reference.&quot;

<BR>

<BR>

</UL>

<BR>

<A NAME="E69E140"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B> </B><A NAME="I300"></A><A NAME="I301"></A><A NAME="I302"></A><A NAME="I303"></A><A NAME="I304"></A><A NAME="I305"></A><A NAME="I306"></A><A NAME="I307"></A><A NAME="I308"></A><A NAME="I309"></A><A NAME="I310"></A><A NAME="I311"></A><A NAME="I312"></A><A NAME="I313"></A><A NAME="I314"></A><A NAME="I315"></A><A NAME="I316"></A><A NAME="I317"></A><A NAME="I318"></A><A NAME="I319"></A><B>TCP/IP </B><B>Tuning</B></FONT></CENTER></H4>

<BR>

<P>Your operating system's TCP/IP implementation determines the number of connections, the connection rate, and the maximum throughput that your system will achieve. Some of the default settings for your kernel may not be adequate for a high-traffic Web server.

<BR>

<P>Before you attempt to fix anything, you should try to determine whether your system has a problem. The netstat program provides a wealth of information that you can use to determine what is going on.

<BR>

<P>The following sections explain of the enhancements you'll need to do yourself, presented system by system.

<BR>

<BR>

<A NAME="E70E140"></A>

<H5 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Listen Backlog (</B><B>SOMAXCONN</B><B>)</B></FONT></CENTER></H5>

<BR>

<P>A frequent source to TCP/IP performance problems is attributed to the system call listen(). The listen() call is responsible for enabling incoming connections for a socket. The source of the problem is that the call sets a backlog parameter that specifies the maximum size that the queue of pending connections may reach. If the number of waiting connections grows beyond the defined size, the client will receive an error message that will prompt the client to issue a new request. Typically, the backlog parameter is set to 5, which is hopelessly inadequate.

<BR>

<P>To determine whether your system is running into trouble because of the listen backlog, type the following command:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">netstat -n | grep SYN_RCVD</FONT></PRE>

<P>If you continually don't get any lines listed, the listen backlog issue is not causing you grief. However, if you regularly get six or seven lines, you may be running into trouble.

<BR>

<P>The only ways to fix this problem are to rebuild the kernel or to apply a runtime kernel patch that increases the value of the backlog variable. If your Web server is a busy one, you definitely want to address this problem. Please note that the valid ranges for each OS are different. The great majority of operating systems can only use 256 as the maximum value.

<BR>

<BLOCKQUOTE>

<BLOCKQUOTE>

<HR ALIGN=CENTER>

<BR>

<NOTE>If you rebuild your kernel, make sure you have a backup of your old kernel plus any necessary files, such as /vmunix. That way, in case of trouble, you can boot your computer using the old kernel. For more information on rebuilding your kernel, look at your system documentation. If you make changes to your kernel and do not have the hardware resources to match your settings, it is very likely that your computer will boot to a kernel panic.</NOTE>

<BR>

<HR ALIGN=CENTER>

</BLOCKQUOTE></BLOCKQUOTE>

<BR>

<H6 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><A NAME="I320"></A><A NAME="I321"></A><A NAME="I322"></A><A NAME="I323"></A><A NAME="I324"></A><A NAME="I325"></A><A NAME="I326"></A><A NAME="I327"></A><A NAME="I328"></A><A NAME="I329"></A><A NAME="I330"></A><A NAME="I331"></A><A NAME="I332"></A><A NAME="I333"></A><A NAME="I334"></A><A NAME="I335"></A><A NAME="I336"></A><A NAME="I337"></A><A NAME="I338"></A><B>Apple UNIX (A/UX)</B></FONT></CENTER></H6>

<BR>

<P>A/UX has a hardwired SOMAXCONN. You will need the patch BNET-somax.tar.gz, available from ftp://ftp1.jagunet.com/pub/aux/.

<BR>

<P>This patch is just a simple ksh script that patches the runtime kernel using adb. The documentation included in the patch specifies how to install it at system startup time.

<BR>

<BR>

<H6 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><A NAME="I339"></A><A NAME="I340"></A><A NAME="I341"></A><A NAME="I342"></A><A NAME="I343"></A><A NAME="I344"></A><A NAME="I345"></A><A NAME="I346"></A><A NAME="I347"></A><A NAME="I348"></A><A NAME="I349"></A><A NAME="I350"></A><A NAME="I351"></A><A NAME="I352"></A><A NAME="I353"></A><A NAME="I354"></A><A NAME="I355"></A><A NAME="I356"></A><A NAME="I357"></A><B>BSDI and FreeBSD</B></FONT></CENTER></H6>

<BR>

<P>Look for the SOMAXCONN definition:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">#define SOMAXCONN 5</FONT></PRE>

<P>which is typically found in

<BR>

<PRE>

<FONT COLOR="#000080">/usr/include/sys/socket.h

/usr/src/sys/sys/socket.h</FONT></PRE>

<P><A NAME="I358"></A>Change the value from 5 to 32. After you make your changes, you will have to rebuild your kernel and reboot your system.

<BR>

<BR>

<H6 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><A NAME="I359"></A><A NAME="I360"></A><A NAME="I361"></A><A NAME="I362"></A><A NAME="I363"></A><A NAME="I364"></A><A NAME="I365"></A><A NAME="I366"></A><A NAME="I367"></A><A NAME="I368"></A><A NAME="I369"></A><A NAME="I370"></A><A NAME="I371"></A><A NAME="I372"></A><A NAME="I373"></A><A NAME="I374"></A><A NAME="I375"></A><A NAME="I376"></A><A NAME="I377"></A><B>Digital UNIX</B></FONT></CENTER></H6>

<BR>

<P>You need to patch the kernel's global variable somaxconn using dbx -x. The default value is set to 8, but you can bump it up all the way to 32767. Servers with high traffic shouldn't even consider values that are less than 2048. Digital's Alta Vista servers get 5 million hits per day, and they probably have set theirs to 32767.

<BR>

<P>Digital has also published some patches that address the listen backlog and other related performance issues regarding Web servers. The patch ID is 0SF350-146. This patch improves the performance of the network subsystem for machines used as Web servers.

<BR>

<BR>

<H6 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><A NAME="I378"></A><A NAME="I379"></A><A NAME="I380"></A><A NAME="I381"></A><A NAME="I382"></A><A NAME="I383"></A><A NAME="I384"></A><A NAME="I385"></A><A NAME="I386"></A><A NAME="I387"></A><A NAME="I388"></A><A NAME="I389"></A><A NAME="I390"></A><A NAME="I391"></A><A NAME="I392"></A><A NAME="I393"></A><A NAME="I394"></A><A NAME="I395"></A><A NAME="I396"></A><B>Linux</B></FONT></CENTER></H6>

<BR>

<P>Modify the following lines in /usr/src/linux/net/inet/af_inet.c:

<BR>

<PRE>

<FONT COLOR="#000080">...

if ((unsigned) backlog &gt; 5)

backlog = 5;

...</FONT></PRE>

<P>Replace both instances of 5 with the size of the listen queue you want. A valid number ranges from 0 to 255, but some experts suggest not exceeding 128. Then rebuild your kernel.

<BR>

<BR>

<H6 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><A NAME="I397"></A><A NAME="I398"></A><A NAME="I399"></A><A NAME="I400"></A><A NAME="I401"></A><A NAME="I402"></A><A NAME="I403"></A><A NAME="I404"></A><A NAME="I405"></A><A NAME="I406"></A><A NAME="I407"></A><A NAME="I408"></A><A NAME="I409"></A><A NAME="I410"></A><A NAME="I411"></A><A NAME="I412"></A><A NAME="I413"></A><A NAME="I414"></A><A NAME="I415"></A><B>Sun</B></FONT></CENTER></H6>

<BR>

<P>On Solaris 2.4 and 2.5, you can patch the running kernel using the ndd command. To patch SOMAXCONN, type

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max <I>N</I></FONT></PRE>

<P>where <I>N</I> is a number. On Solaris 2.4, the maximum value of <I>N</I> is 32. Solaris 2.5 defaults to 32, and the limit is 1024. You will probably want to patch this value automatically at system startup time. Do so in /etc/rc2.d/s69inet, putting the preceding command at the end of the file. For more information on ndd, check the man page.

<BR>

<P>Under SunOS 4.1.3, things are not as easy. Unless you have licensed the kernel code, you will have to patch the object code file that defines those values. The object code file is

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">/sys/sun4m/OBJ/uipc_socket.o</FONT></PRE>

<BLOCKQUOTE>

<BLOCKQUOTE>

<HR ALIGN=CENTER>

<BR>

<NOTE>Of course, you should make a backup of the uipc_socket.o file before you proceed.</NOTE>

<BR>

<HR ALIGN=CENTER>

</BLOCKQUOTE></BLOCKQUOTE>

<P>These modifications involve changing a value stored at octal locations 0727, 0737, and 0753 in the preceding file. You can change these values using the following program:

<BR>

<PRE>

<FONT COLOR="#000080">/*This program was originally developed by Mark Morley (mark@islandnet.com), and was copied with permission*/

#include &lt;stdio.h&gt;

main()

{

 FILE* fp;

 fp = open(&quot;/sys/sun4m/OBJ/uipc_socket.o&quot;, &quot;r+&quot;);

 if (fp != NULL){

 fseek(fp, 0727, 0 );

 putc( 128, fp );

 fseek( fp, 0737, 0 );

 putc( 128, fp );

 fseek (fp, 0757, 0 );