在 Windows Server 2008 R2 上运行 Apache 2.4、mod_proxy_ajp、Tomcat 7.0.39 时 TCP/IP 连接时间较长（20-40 秒）

首次连接到 Apache HTTP Server 需要很长时间 (20-40 秒)，但后续连接非常快 (<50 毫秒)。我在四个集群 Tomcat 服务器前使用 mod_proxy_ajp 将 Apache HTTP Server 用作负载平衡器。

我尝试使用Fiddler2，结果如下（TCP / IP连接时间为42秒！）：

Request Count:   1
Bytes Sent:      553        (headers:553; body:0)
Bytes Received:  409        (headers:201; body:208)

ACTUAL PERFORMANCE
--------------
ClientConnected:    10:47:14.531
ClientBeginRequest: 10:47:14.538
GotRequestHeaders:  10:47:14.538
ClientDoneRequest:  10:47:14.538
Determine Gateway:  0ms
DNS Lookup:         0ms
TCP/IP Connect: 42017ms
HTTPS Handshake:    0ms
ServerConnected:    10:47:56.556
FiddlerBeginRequest:    10:47:56.556
ServerGotRequest:   10:47:56.557
ServerBeginResponse:    10:47:56.583
GotResponseHeaders: 10:47:56.584
ServerDoneResponse: 10:47:56.584
ClientBeginResponse:    10:47:56.584
ClientDoneResponse: 10:47:56.584

Overall Elapsed:    00:00:42.0460000

我有以下设置：

• 所有服务器均运行具有 8GB RAM 的 Windows Server 2008 R2。
• 1 Apache HTTP Server（2.4.4）使用 mod_proxy_ajp 充当负载平衡器。
• 4 个集群 Apache Tomcat (7.0.14) 服务器。

这是我的httpd配置文件：

# ServerRoot
ServerRoot "C:/Apache24"

# Listen on all interfaces on port 80
Listen 80

# Dynamic Shared Object (DSO) - bare minimum modules
LoadModule mime_module      modules/mod_mime.so
LoadModule dir_module       modules/mod_dir.so
LoadModule log_config_module    modules/mod_log_config.so
LoadModule authz_core_module    modules/mod_authz_core.so
LoadModule authz_host_module    modules/mod_authz_host.so

# ServerAdmin
ServerAdmin [email protected]

# ServerName
ServerName www.xxx.com:80

# Deny all access to filesystem
<Directory />
    AllowOverride none
    Require all denied
</Directory>

# DocumentRoot
DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
    Options -Indexes -Includes -ExecCGI -FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

# DirectoryIndex
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

# The following lines prevent .htaccess and .htpasswd files from being  viewed by Web clients. 
<Files ".ht*">
    Require all denied
</Files>

# ErrorLog
ErrorLogFormat "[%{cu}t] [%l|%m] [client %a] %M"
ErrorLog "|bin/rotatelogs.exe logs/error.%Y-%m-%d.log 86400"
LogLevel warn

<IfModule log_config_module>
    # The following directives define some format nicknames for use with a CustomLog directive (see below).
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    # The location and format of the access logfile (Common Logfile Format).
    CustomLog "|bin/rotatelogs.exe logs/access.%Y-%m-%d.log 86400" common
</IfModule>

<IfModule mime_module>
    # TypesConfig points to the file containing the list of mappings from filename extension to MIME-type.
    TypesConfig conf/mime.types
    # AddType allows you to add to or override the MIME configuration file specified in TypesConfig for specific file types.
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

# Defaults: Win32DisableAcceptEx (same), EnableMMAP On, EnableSendfile Off
AcceptFilter https none
AcceptFilter http none
EnableMMAP off
EnableSendfile off

# The following must be present to support starting without SSL on platforms with no /dev/random equivalent but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# Disable info versi server dan header http apache
ServerSignature Off
ServerTokens Prod

# Required Modules for SSL
LoadModule ssl_module       modules/mod_ssl.so
LoadModule setenvif_module      modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule rewrite_module       modules/mod_rewrite.so

# Required Modules for Load Balancing using mod_proxy_ajp
LoadModule status_module        modules/mod_status.so
LoadModule proxy_module         modules/mod_proxy.so
LoadModule proxy_ajp_module     modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

# Konfigurasi SSL
Include conf/extra/httpd-ssl.conf 

# Konfigurasi mpm
Include conf/extra/httpd-mpm.conf 

# Konfigurasi Distributed load balancer
Include conf/extra/httpd-proxy-load-balancer.conf

这是httpd-mpm.conf：

# Server-Pool Management (MPM specific)

# PidFile: The file in which the server should record its process identification number when it starts.
<IfModule !mpm_netware_module>
    PidFile "logs/httpd.pid"
</IfModule>

# WinNT MPM
<IfModule mpm_winnt_module>
    #
    ThreadsPerChild         1500    
    # RAM / 1000?
    MaxConnectionsPerChild  100000
    #
    ThreadStackSize         8242880 
</IfModule>

# The maximum number of free Kbytes that every allocator is allowed to hold without calling free(). 
<IfModule !mpm_netware_module>
    MaxMemFree            2048
</IfModule>

这是httpd-ssl.conf：

# This is the Apache server configuration file providing SSL support.

Listen 443

##  SSL Global Context

#   SSL Cipher Suite:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

#   Pass Phrase Dialog: Configure the pass phrase gathering process.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
SSLSessionCache        "shmcb:C:/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

## SSL Virtual Host Context
<VirtualHost _default_:443>

    #   General setup for the virtual host
    DocumentRoot "C:/Apache24/htdocs"
    ServerName www.xxx.com:443
    ServerAdmin [email protected]

    ErrorLog "|bin/rotatelogs.exe logs/error-ssl.%Y-%m-%d.log 86400"
    TransferLog "|bin/rotatelogs.exe logs/access-ssl.%Y-%m-%d.log 86400"

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   Server Certificate:
    SSLCertificateFile "C:/Apache24/ssl/keystore/exported-pem.crt"

    #   Server Private Key:
    SSLCertificateKeyFile "C:/Apache24/ssl/keystore/exported.key"

    #   Server Certificate Chain:
    SSLCertificateChainFile "C:/Apache24/ssl/intermediate.crt"

    #   SSL Engine Options: Set various options for the SSL engine.
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "C:/Apache24/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    #   Per-Server Logging:
    CustomLog "C:/Apache24/logs/ssl_request.log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  

这是httpd-代理-负载均衡器.conf：

# Reverse Proxy
<Proxy balancer://ajsjava>
    BalancerMember ajp://128.21.32.15:8009 route=128.21.32.15 keepalive=On ttl=60
    BalancerMember ajp://128.21.34.15:8009 route=128.21.34.15 keepalive=On ttl=60
    BalancerMember ajp://128.21.32.16:8009 route=128.21.32.16 keepalive=On ttl=60
    BalancerMember ajp://128.21.34.16:8009 route=128.21.34.16 keepalive=On ttl=60
</Proxy>

ProxyPass /status !
ProxyPass / balancer://ajsjava/ stickysession=JSESSIONID|jsessionid
ProxyPassReverse / balancer://ajsjava/ stickysession=JSESSIONID|jsessionid

# Forward Proxy
ProxyRequests Off

<Proxy *>
    Require all granted
</Proxy>

# Balancer-manager, for monitoring
<Location /balancer>
    SetHandler balancer-manager 

    #localhost
    Require ip 127.0.0.1 
</Location>     

# Server-status, for monitoring
<Location /status>
    SetHandler server-status

    #localhost
    Require ip 127.0.0.1 
</Location>

一切都运行完美：负载平衡、Tomcat 集群、粘性和会话复制、SSL。

以前有人遇到过这种问题吗？似乎初始连接（TCP/IP Connect）时间很长（20-40 秒）。

附录：按照@Prasenjit Purohit 的建议，我将每个主机名更改为静态 IP，以避免 DNS 查找，但问题仍然存在。