On Thu, Jan 25, 2007 at 12:18:04PM +0000, Justin Mason wrote:
> I'd suggest running its own Apache instance, with a small number
> of servers, on some high port -- and then set up a reverse proxy,
> or an Apache mod_proxy, in front of that on port 80.
I'd be more careful about this. It's useful in some scenarios, like when
you want to isolate a vhost to run as a different user because you're
worried about people with upload access for that vhost crafting some
nasty PHP to tinker with others files or something - it's the best way
of enforcing that *nix permissions model.
It's also really good for managing load in some situations, I used to
have a reverse proxy setup like this for RedBrick, we had one front-end
server which was tiny and staticly compiled for serving just static
content, and then another one with different ulimits and compiled
dynamically to keep the memory usage and impact of the fork()'s down.
It works well for that.
But it won't help with the problem described here, it will actually make
it twice as bad. The backend instance, to which you reverse proxy, will
exhibit the same problem and continue to chew slots, and the front-end
will also chew the slots it needs to maintain the sockets to the
back-end open (ie the proxy sockets).
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!