Apache httpd は毎回新しいセッションを作成します (2.2.16 および 2.4.6)

tag-icon tag-icon apache-2.2 proxy httpd session sticky-sessions
Apache httpd は毎回新しいセッションを作成します (2.2.16 および 2.4.6)

私はDebian 6.0.7上でApahce httpd 2.2.16を実行しているサーバーを持っています

私はプロキシバランサディレクティブを使用して、AJPプロトコルを使用してトラフィックをTomcatバックエンドにリバースプロキシします。

<Proxy balancer://tomcatapp-cluster>
    BalancerMember ajp://server-01.siminn.is:8000 route=tomcatapp-01 loadfactor=50 connectiontimeout=10
    BalancerMember ajp://server-02.siminn.is:8000 route=tomcatapp-02 loadfactor=50 connectiontimeout=10
</Proxy>
ProxyPass /app balancer://tomcatapp-cluster/app stickysession=JSESSIONID|jsessionid
ProxyPassReverse /app balancer://tomcatapp-cluster/app stickysession=JSESSIONID|jsessionid

別のバックエンドで新しいセッションが開始された場合、セッションの存続期間中にアプリケーションに送信されるリクエスト

GET /app/gsm/prepaid/buy HTTP/1.1
Cookie: JSESSIONID=C20AE8FC06F2A9A7136179FCAA7043FD.tomcatapp-02; _ga=GA1.2.1159250103.1389354702; __utma=159157733.1159250103.1389354702.1389606393.1389609120.7; __utmz=159157733.1389362294.3.2.utmcsr=siminn.is|utmccn=(referral)|utmcmd=referral|utmcct=/; userstyles=off; __utmc=159157733; __utmmobile=0xd4b5e4e4320505f5; __utmb=159157733.21.10.1389609120; is_returning=1; autoLogin.disabled=true; s_cc=true; s_sq=siminnliveinnri%3D%2526pid%253Dfors%2525u00ED%2525F0a%2526pidt%253D1%2526oid%253DInnskr%2525u00E1%2526oidt%253D3%2526ot%253DSUBMIT; USER_CACHE_KEY=D6D0DCFD773406CA8EE5D690A4AF1368.tomcattf-02
Set-Cookie: JSESSIONID=A95480808617EA3ABB3C1A4FB079DD99.tomcatapp-01; Path=/app/; Secure; HttpOnly

GET /app/site.jsp&guid=ON HTTP/1.1
Cookie: JSESSIONID=A95480808617EA3ABB3C1A4FB079DD99.tomcatapp-01; _ga=GA1.2.1159250103.1389354702; __utma=159157733.1159250103.1389354702.1389606393.1389609120.7; __utmz=159157733.1389362294.3.2.utmcsr=siminn.is|utmccn=(referral)|utmcmd=referral|utmcct=/; userstyles=off; __utmc=159157733; __utmmobile=0xd4b5e4e4320505f5; __utmb=159157733.21.10.1389609120; is_returning=1; autoLogin.disabled=true; s_cc=true; s_sq=siminnliveinnri%3D%2526pid%253Dfors%2525u00ED%2525F0a%2526pidt%253D1%2526oid%253DInnskr%2525u00E1%2526oidt%253D3%2526ot%253DSUBMIT; USER_CACHE_KEY=D6D0DCFD773406CA8EE5D690A4AF1368.tomcattf-02
Set-Cookie: JSESSIONID=26097E35B6B0C9B6652A7A6F8FF77992.tomcatapp-02; Path=/app/; Secure; HttpOnly
Set-Cookie: __utmmobile=x; Expires=Wed, 13-Jan-2016 11:34:06 GMT; Path=/

GET /app/gsm/prepaid/buy HTTP/1.1
Cookie: JSESSIONID=26097E35B6B0C9B6652A7A6F8FF77992.tomcatapp-02; _ga=GA1.2.1159250103.1389354702; __utma=159157733.1159250103.1389354702.1389606393.1389609120.7; __utmz=159157733.1389362294.3.2.utmcsr=siminn.is|utmccn=(referral)|utmcmd=referral|utmcct=/; userstyles=off; __utmc=159157733; __utmmobile=0xd4b5e4e4320505f5; __utmb=159157733.21.10.1389609120; is_returning=1; autoLogin.disabled=true; s_cc=true; s_sq=siminnliveinnri%3D%2526pid%253Dfors%2525u00ED%2525F0a%2526pidt%253D1%2526oid%253DInnskr%2525u00E1%2526oidt%253D3%2526ot%253DSUBMIT; USER_CACHE_KEY=D6D0DCFD773406CA8EE5D690A4AF1368.tomcattf-02
Set-Cookie: JSESSIONID=1C5A65534437F3F3E4D252B8671650A6.tomcatapp-01; Path=/app/; Secure; HttpOnly

しかし、時々、新しい JSESSIONID でリクエストが届くたびに Apache サーバーが新しいセッションを開始するため、この問題は Web サーバーを再起動することで一時的に解決されます。

LogLevel Debughttpd 2.4.6 でも同じ動作が発生します。単一の要求クライアントのエラー ログ:

[client IP:56456] AH01964: Connection to child 714 established (server www.x.com:443)
[client IP:56456] AH02043: SSL virtual host for servername www.x.com found
[client IP:56456] AH02041: Protocol: TLSv1, Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)

[client IP:56456] AH02034: Initial (No.1) HTTPS request received for child 714 (server www.x.com:443), referer: http://www.x.com/
[client IP:56456] AH01628: authorization result: granted (no directives), referer: http://www.x.com/
[client IP:56456] AH01160: Found value (J2EE4847100)ID1435349250DBfa8033a3ce4db1f64ba8d682cf8c5736533dc780End for stickysession JSESSIONID, referer: http://www.x.com/
[client IP:56456] AH01172: balancer://ssl-cluster: worker (ajp://tomcat1.x.com:9108) rewritten to ajp://tomcat1.x.com:9108/vefsms/, referer: http://www.x.com/
[client IP:56456] AH01143: Running scheme balancer handler (attempt 0), referer: http://www.x.com/
[client IP:56456] AH01113: HTTP: declining URL ajp://tomcat1.x.com:9108/vefsms/, referer: http://www.x.com/
[client IP:56456] AH00895: serving URL ajp://tomcat1.x.com:9108/vefsms/, referer: http://www.x.com/
[client IP:56456] AH00944: connecting ajp://tomcat1.x.com:9108/vefsms/ to tomcat1.x.com:9108, referer: http://www.x.com/
[client IP:56456] AH00947: connected /vefsms/ to tomcat1.x.com:9108, referer: http://www.x.com/
[client IP:56456] AH00872: APR_BUCKET_IS_EOS, referer: http://www.x.com/
[client IP:56456] AH00873: data to read (max 8186 at 4), referer: http://www.x.com/
[client IP:56456] AH00875: got 0 bytes of data, referer: http://www.x.com/
[client IP:56456] AH01384: Zlib: Compressed 2299 to 988 : URL /vefsms/, referer: http://www.x.com/
[client IP:56456] AH00892: got response from x.15:9108 (tomcat1.x.com), referer: http://www.x.com/
[client IP:56456] AH01176: proxy_balancer_post_request for (balancer://ssl-cluster), referer: http://www.x.com/

[client IP:56457] AH01964: Connection to child 707 established (server www.x.com:443)

[client IP:56456] AH02034: Subsequent (No.2) HTTPS request received for child 714 (server www.x.com:443), referer: https://www.x.com/vefsms/
[client IP:56456] AH01628: authorization result: granted (no directives), referer: https://www.x.com/vefsms/

[client IP:56457] AH02043: SSL virtual host for servername www.x.com found
[client IP:56457] AH02041: Protocol: TLSv1, Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)

[client IP:56457] AH02034: Initial (No.1) HTTPS request received for child 707 (server www.x.com:443), referer: https://www.x.com/vefsms/
[client IP:56457] AH01628: authorization result: granted (no directives), referer: https://www.x.com/vefsms/

[client IP:56456] AH01160: Found value 4A0775A9DDFBFB1FE2B6AE14F62C5904.tomcat2 for stickysession JSESSIONID, referer: https://www.x.com/vefsms/
[client IP:56456] AH01161: Found route tomcat2, referer: https://www.x.com/vefsms/
[client IP:56456] AH01172: balancer://ssl-cluster: worker (ajp://tomcat2.x.com:9108) rewritten to ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/interface/Controller.js, referer: https://www.x.com/vefsms/
[client IP:56456] AH01143: Running scheme balancer handler (attempt 0), referer: https://www.x.com/vefsms/
[client IP:56456] AH01113: HTTP: declining URL ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/interface/Controller.js, referer: https://www.x.com/vefsms/
[client IP:56456] AH00895: serving URL ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/interface/Controller.js, referer: https://www.x.com/vefsms/
[client IP:56456] AH00944: connecting ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/interface/Controller.js to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/
[client IP:56456] AH00947: connected /vefsms-portlets/dwr/interface/Controller.js to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/
[client IP:56456] AH00872: APR_BUCKET_IS_EOS, referer: https://www.x.com/vefsms/
[client IP:56456] AH00873: data to read (max 8186 at 4), referer: https://www.x.com/vefsms/
[client IP:56456] AH00875: got 0 bytes of data, referer: https://www.x.com/vefsms/

[client IP:56457] AH01160: Found value 4A0775A9DDFBFB1FE2B6AE14F62C5904.tomcat2 for stickysession JSESSIONID, referer: https://www.x.com/vefsms/
[client IP:56457] AH01161: Found route tomcat2, referer: https://www.x.com/vefsms/
[client IP:56457] AH01172: balancer://ssl-cluster: worker (ajp://tomcat2.x.com:9108) rewritten to ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/
[client IP:56457] AH01143: Running scheme balancer handler (attempt 0), referer: https://www.x.com/vefsms/
[client IP:56457] AH01113: HTTP: declining URL ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/
[client IP:56457] AH00895: serving URL ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/
[client IP:56457] AH00944: connecting ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/
[client IP:56456] AH01384: Zlib: Compressed 1999 to 349 : URL /vefsms-portlets/dwr/interface/Controller.js, referer: https://www.x.com/vefsms/

[client IP:56457] AH00947: connected /vefsms-portlets/dwr/engine.js to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/

[client IP:56456] AH00892: got response from x.16:9108 (tomcat2.x.com), referer: https://www.x.com/vefsms/
[client IP:56456] AH01176: proxy_balancer_post_request for (balancer://ssl-cluster), referer: https://www.x.com/vefsms/

[client IP:56457] AH00872: APR_BUCKET_IS_EOS, referer: https://www.x.com/vefsms/
[client IP:56457] AH00873: data to read (max 8186 at 4), referer: https://www.x.com/vefsms/
[client IP:56457] AH00875: got 0 bytes of data, referer: https://www.x.com/vefsms/
[client IP:56457] AH01384: Zlib: Compressed 45758 to 11910 : URL /vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/
[client IP:56457] AH00892: got response from x.16:9108 (tomcat2.x.com), referer: https://www.x.com/vefsms/
[client IP:56457] AH01176: proxy_balancer_post_request for (balancer://ssl-cluster), referer: https://www.x.com/vefsms/
[client IP:56457] AH02034: Subsequent (No.2) HTTPS request received for child 707 (server www.x.com:443)
[client IP:56457] AH01628: authorization result: granted (no directives)
[client IP:56457] AH01160: Found value (J2EE4847100)ID1435349250DBfa8033a3ce4db1f64ba8d682cf8c5736533dc780End for stickysession JSESSIONID
[client IP:56457] AH01172: balancer://ssl-cluster: worker (ajp://tomcat1.x.com:9108) rewritten to ajp://tomcat1.x.com:9108/favicon.ico
[client IP:56457] AH01143: Running scheme balancer handler (attempt 0)
[client IP:56457] AH01113: HTTP: declining URL ajp://tomcat1.x.com:9108/favicon.ico
[client IP:56457] AH00895: serving URL ajp://tomcat1.x.com:9108/favicon.ico
[client IP:56457] AH00944: connecting ajp://tomcat1.x.com:9108/favicon.ico to tomcat1.x.com:9108
[client IP:56457] AH00947: connected /favicon.ico to tomcat1.x.com:9108
[client IP:56457] AH00872: APR_BUCKET_IS_EOS
[client IP:56457] AH00873: data to read (max 8186 at 4)
[client IP:56457] AH00875: got 0 bytes of data
[client IP:56457] AH00892: got response from x.15:9108 (tomcat1.x.com)
[client IP:56457] AH01176: proxy_balancer_post_request for (balancer://ssl-cluster)
[client IP:56457] AH02034: Subsequent (No.3) HTTPS request received for child 707 (server www.x.com:443), referer: https://www.x.com/vefsms/
[client IP:56457] AH01628: authorization result: granted (no directives), referer: https://www.x.com/vefsms/
[client IP:56457] AH01160: Found value (J2EE4847100)ID1435349250DBfa8033a3ce4db1f64ba8d682cf8c5736533dc780End for stickysession JSESSIONID, referer: https://www.x.com/vefsms/
[client IP:56457] AH01172: balancer://ssl-cluster: worker (ajp://tomcat2.x.com:9108) rewritten to ajp://tomcat2.x.com:9108/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber, referer: https://www.x.com/vefsms/
[client IP:56457] AH01143: Running scheme balancer handler (attempt 0), referer: https://www.x.com/vefsms/
[client IP:56457] AH01113: HTTP: declining URL ajp://tomcat2.x.com:9108/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber, referer: https://www.x.com/vefsms/
[client IP:56457] AH00895: serving URL ajp://tomcat2.x.com:9108/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber, referer: https://www.x.com/vefsms/
[client IP:56457] AH00944: connecting ajp://tomcat2.x.com:9108/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/
[client IP:56457] AH00947: connected /vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/
[client IP:56457] AH00873: data to read (max 8186 at 4), referer: https://www.x.com/vefsms/
[client IP:56457] AH00875: got 1 bytes of data, referer: https://www.x.com/vefsms/
[client IP:56457] AH01384: Zlib: Compressed 3032 to 1232 : URL /vefsms/, referer: https://www.x.com/vefsms/
[client IP:56457] AH00892: got response from x.16:9108 (tomcat2.x.com), referer: https://www.x.com/vefsms/
[client IP:56457] AH01176: proxy_balancer_post_request for (balancer://ssl-cluster), referer: https://www.x.com/vefsms/

[client IP:56456] AH02034: Subsequent (No.3) HTTPS request received for child 714 (server www.x.com:443), referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH01628: authorization result: granted (no directives), referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH01160: Found value 4A0775A9DDFBFB1FE2B6AE14F62C5904.tomcat2 for stickysession JSESSIONID, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH01161: Found route tomcat2, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH01172: balancer://ssl-cluster: worker (ajp://tomcat2.x.com:9108) rewritten to ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH01143: Running scheme balancer handler (attempt 0), referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH01113: HTTP: declining URL ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH00895: serving URL ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH00944: connecting ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/engine.js to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber
[client IP:56456] AH00947: connected /vefsms-portlets/dwr/engine.js to tomcat2.x.com:9108, referer: https://www.x.com/vefsms/?portal:componentId=1529&portal:type=action&portal:isSecure=false&portal:portletMode=view&action=phonenumber

プロキシバランサーの使用で同様の問題を経験した人はいますか?

答え1

あなたが説明しているようなことが起こるのは、実際にはかなり難しいようです。ルートは、受信クッキー/パラメータから解析されますが、これはかなり単純なようです。次に、バランス メンバーでルートが検索されます。ルートが見つからない場合にのみ、より複雑な負荷ベースのメンバー選択に入ります。そのため、メンバーがダウンして検索が失敗するか、httpd がバランス メンバーに関する知識を失う可能性があります。これは、httpd スレッド間の共有データに関係するため、常に問題の原因となる可能性があります。

標準を試してみるといいかもしれない2.2.26リリース、公平に言えば、バランサーまたはプロキシコードもっている2.2.16 以降に変更Debian には、主にセキュリティ関連のものが少しずつバックポートされているので、何か奇妙なことが起きている可能性があります。

httpd問題が発生している間に、 を正常に再起動できるかどうかを確認してくださいLogLevel debug。エラー状態が続く場合は、バランサー メンバーの選択に関する詳細な情報がエラー ログに大量に記録され、その下で何が起こっているかをより正確に把握できるようになります。

ログ記録に失敗した場合は、バランサー環境変数を定義に追加して、LogFormatに取り込むようにしてaccess.logください。これにより、何が起こっているかをより適切に追跡できる可能性があります。

\"%{BALANCER_NAME}e\"
\"%{BALANCER_WORKER_NAME}e\"
\"%{BALANCER_WORKER_ROUTE}e\"
\"%{BALANCER_SESSION_STICKY}e\"
\"%{BALANCER_SESSION_ROUTE}e\"
\"%{BALANCER_ROUTE_CHANGED}e\"

答え2

あなたのコメントに基づくと、実際の問題は、stickysession がクライアントに対して機能しないことがあるということです。

ここで動作します:

[client IP:56456] AH01160: Found value 4A0775A9DDFBFB1FE2B6AE14F62C5904.tomcat2 for stickysession JSESSIONID, referer: https://www.x.com/vefsms/
[client IP:56456] AH01161: Found route tomcat2, referer: https://www.x.com/vefsms/
[client IP:56456] AH01172: balancer://ssl-cluster: worker (ajp://tomcat2.x.com:9108) rewritten to ajp://tomcat2.x.com:9108/vefsms-portlets/dwr/interface/Controller.js, referer: https://www.x.com/vefsms/

ここでは機能しません(注:いいえFound route

[client IP:56456] AH01160: Found value (J2EE4847100)ID1435349250DBfa8033a3ce4db1f64ba8d682cf8c5736533dc780End for stickysession JSESSIONID, referer: http://www.x.com/
<------ no Found route here, so balancing decision happens instead ----->
[client IP:56456] AH01172: balancer://ssl-cluster: worker (ajp://tomcat1.x.com:9108) rewritten to ajp://tomcat1.x.com:9108/vefsms/, referer: http://www.x.com/

明らかに、原因は競合する Cookie であり(J2EE4847100)ID1435349250DBfa8033a3ce4db1f64ba8d682cf8c5736533dc780End、これはおそらくアプリケーション サーバー側で挿入されます。

関連情報