最近发现有人用黑客类工具恶意点击网站,或发送大量垃圾包,具体是什么不清楚,但是很明显是故意的,造成80端口无法正常访问,或访问速度极慢。
用netstat -an >>c:\temp\aaa.txt 命令查看了当时情况,发现某几个ip的连接数量巨大,是不正常的。
不管是访问量大,还是有黑客骚扰,我想还是试试看把resin优化一下。
首先要在访问量巨大的时候进行观察。
先将resin.conf文件中的thread-min,thread-max,thread-keepalive三个参数设置的比较大,分别写上,1000,3000,1000,当然这是根据你的机器情况和可能同时访问的数量决定的,如果你的网站访问量很大的,应该再适当放大。
然后观察任务管理器中的java线程变化情况,看看到底是线程达到多大的时候,java进程当掉的。我的是在379左右当掉。
然后将thread-min,thread-max,thread-keepalive分别写为150,400,300;,也就是将当掉的时候的最大值稍微放大点,作为thread-max的值,因为该系统一般不会超过这个值。然后其他两个参数根据情况设置一下。
这只是我的估计值,根据机器性能和访问量不同,应该有所不同。
然后将accept-buffer-size值设置的较大,我设置到10000以上,这样可以让java能使用到更多的内存资源。
这样的设置基本上能够满足resin的正常运行,当掉resin服务的情况大大减少,本设置适合于中小型网站。
| Resin Threads |
Resin will automatically allocate and free threads as the load requires. Since the threads are pooled, Resin can reuse old threads without the performance penalty of creating and destroying the threads. When the load drops, Resin will slowly decrease the number of threads in the pool until is matches the load.
Most users can set to something large (200 or greater) and then forget about the threading. Some ISPs dedicate a JVM per user and have many JVMs on the same machine. In that case, it may make sense to reduce the to throttle the requests.
Since each servlet request gets its own thread, determines the maximum number of concurrent users. So if you have a peak of 100 users with slow modems downloading a large file, you'll need a of at least 100. The number of concurrent users is unrelated to the number of active sessions. Unless the user is actively downloading, he doesn't need a thread (except for "keepalives").
| Keepalives |
Keepalives make HTTP and srun requests more efficient. Connecting to a TCP server is relatively expensive. The client and server need to send several packets back and forth to establish the connection before the first data can go through. HTTP/1.1 introduced a protocol to keep the connection open for more requests. The srun protocol between Resin and the web server plugin also uses keepalives. By keeping the connection open for following requests, Resin can improve performance.
<resin ...>
<thread-pool>
<thread-max>250</thread-max>
</thread-pool>
<server>
<keepalive-max>500</keepalive-max>
<keepalive-timeout>120s</keepalive-timeout>
...
|
Timeouts
Requests and keepalive connections can only be idle for a limited time before Resin closes them. Each connection has a read timeout, . If the client doesn't send a request within the timeout, Resin will close the TCP socket. The timeout prevents idle clients from hogging Resin resources.
... <thread-pool> <thread-max>250</thread-max> </thread-pool> <server> <http port="8080" read-timeout="30s" write-timeout="30s"/> ... |
...
<thread-max>250</thread-max>
<server>
<cluster>
<client-live-time>20s</client-live-time>
<srun id="a" port="6802" read-timeout="30s"/>
</cluster>
...
|
In general, the read-timeout and keepalives are less important for Resin standalone configurations than Apache/IIS/srun configurations. Very heavy traffic sites may want to reduce the timeout for Resin standalone.
Since will close srun connections, its setting needs to take into consideration the setting for mod_caucho or isapi_srun. is the time the plugin will keep a connection open. must always be larger than , otherwise the plugin will try to reuse a closed socket.
下一篇:没有了