[stunnel-users] performance configuration for rehl3 & JBoss

This is a discussion on [stunnel-users] performance configuration for rehl3 & JBoss within the Stunnel Users forums, part of the Networking and Network Related category; This is a multi-part message in MIME format. --===============1068675988== Content-class: urn:content-classes:message Content-Type: multipart/alternative; ...

		Usenet Forums > Networking and Network Related > Stunnel Users
[stunnel-users] performance configuration for rehl3 & JBoss

LinkBack

Thread Tools

Display Modes

#1 (permalink)

12-01-2006

Jones Scott - sjones

Posts: n/a

[stunnel-users] performance configuration for rehl3 & JBoss

This is a multi-part message in MIME format.

--===============1068675988==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C71594.6393FE42"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C71594.6393FE42
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am having problems will apache and stunnel being able to handle load.
I am using stunnel to encrypt my ajp traffic from apache to jboss. This
helps me bridge our internal firewall.

=20

But during load testing the system starts breaking down. It takes about
1/5 the load to break down apache and stunnel, than directly against my
jboss node.

=20

Any performance tuning recommendations would be great.

I am using stunnel straight out of the box. I will place the
configuration file below.

=20

Thanks.

=20

; Sample stunnel configuration file by Michal Trojnara 2002-2006

; Some options used here may not be adequate for your particular
configuration

; Please make sure you understand them (especially the effect of chroot
jail)

=20

; Certificate/key is needed in server mode and optional in client mode

;cert =3D /usr/local/stunnel/etc/stunnel/mail.pem

;key =3D /usr/local/stunnel/etc/stunnel/mail.pem

=20

; Protocol version (all, SSLv2, SSLv3, TLSv1)

sslVersion =3D SSLv3

=20

; Some security enhancements for UNIX systems - comment them out on
Win32

chroot =3D /usr/local/stunnel/var/lib/stunnel/

setuid =3D nobody

setgid =3D nogroup

; PID is created inside chroot jail

pid =3D /stunnel.pid

=20

; Some performance tunings

socket =3D l:TCP_NODELAY=3D1

socket =3D r:TCP_NODELAY=3D1

;compression =3D rle

=20

; Workaround for Eudora bug

;options =3D DONT_INSERT_EMPTY_FRAGMENTS

=20

; Authentication stuff

;verify =3D 2

; Don't forget to c_rehash CApath

; CApath is located inside chroot jail

CApath =3D certificates

; It's often easier to use CAfile

CAfile =3D /usr/local/stunnel/etc/stunnel/certs.pem

; Don't forget to c_rehash CRLpath

; CRLpath is located inside chroot jail

;CRLpath =3D /crls

; Alternatively you can use CRLfile

;CRLfile =3D /usr/local/stunnel/etc/stunnel/crls.pem

=20

; Some debugging stuff useful for troubleshooting

;debug =3D 7

output =3D stunnel.log

=20

; Use it for client mode

client =3D yes

=20

; Service-level configuration

=20

[ajp]

accept =3D 8009

connect =3D xxxx2:8009

=20

[sql]

accept =3D 1433

connect =3D XXXX1:443

************************************************** ***********************
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.

If the reader of this message is not the intended recipient, you are=20
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank you.
************************************************** ***********************

------_=_NextPart_001_01C71594.6393FE42
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>

</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

I am having problems will apache and stunnel being able =
to
handle load.  I am using stunnel to encrypt my ajp traffic from apache=
to
jboss.  This helps me bridge our internal firewall.<o:p></o:p><=
/font>

<o:p> </o:p>

But during load testing the system starts breaking down.=
 It
takes about 1/5 the load to break down apache and stunnel, than directly
against my jboss node.<o:p></o:p>

<o:p> </o:p>

Any performance tuning recommendations would be great.<o=
:p></o:p>

I am using stunnel straight out of the box.  I will
place the configuration file below.<o:p></o:p>

<o:p> </o:p>

<div style=3D'mso-element:para-border-div;border:none;border-bottom:dotted =
windowtext 3.0pt;
padding:0in 0in 1.0pt 0in'>

Thanks.<o:p></o:p></fon=
t>

</div>

<o:p> </o:p>

; Sample stunnel configuration file by Michal Trojnara
2002-2006<o:p></o:p>

; Some options used here may not be adequate for your
particular configuration<o:p></o:p>

; Please make sure you understand them (especially the
effect of chroot jail)<o:p></o:p>

<o:p> </o:p>

; Certificate/key is needed in server mode and optional =
in
client mode<o:p></o:p>

;cert =3D /usr/local/stunnel/etc/stunnel/mail.pem<o:p></=
o:p>

;key =3D /usr/local/stunnel/etc/stunnel/mail.pem<o:p></o=
:p>

<o:p> </o:p>

; Protocol version (all, SSLv2, SSLv3, TLSv1)<o:p></o:p>=


sslVersion =3D SSLv3<o:p></o:p>

<o:p> </o:p>

; Some security enhancements for UNIX systems - comment =
them
out on Win32<o:p></o:p>

chroot =3D /usr/local/stunnel/var/lib/stunnel/<o:p></o:p=
>

setuid =3D nobody<o:p></o:p>

setgid =3D nogroup<o:p></o:p>

; PID is created inside chroot jail<o:p></o:p></f=
ont>

pid =3D /stunnel.pid<o:p></o:p>

<o:p> </o:p>

; Some performance tunings<o:p></o:p>

socket =3D l:TCP_NODELAY=3D1<o:p></o:p>

socket =3D r:TCP_NODELAY=3D1<o:p></o:p>

;compression =3D rle<o:p></o:p>

<o:p> </o:p>

; Workaround for Eudora bug<o:p></o:p>

;options =3D DONT_INSERT_EMPTY_FRAGMENTS<o:p></o:p></spa=
n>

<o:p> </o:p>

; Authentication stuff<o:p></o:p>

;verify =3D 2<o:p></o:p>

; Don't forget to c_rehash CApath<o:p></o:p></fon=
t>

; CApath is located inside chroot jail<o:p></o:p>=


CApath =3D certificates<o:p></o:p>

; It's often easier to use CAfile<o:p></o:p></fon=
t>

CAfile =3D /usr/local/stunnel/etc/stunnel/certs.pem<o:p>=
</o:p>

; Don't forget to c_rehash CRLpath<o:p></o:p></fo=
nt>

; CRLpath is located inside chroot jail<o:p></o:p></span=
>

;CRLpath =3D /crls<o:p></o:p>

; Alternatively you can use CRLfile<o:p></o:p></f=
ont>

;CRLfile =3D /usr/local/stunnel/etc/stunnel/crls.pem<o:p=
></o:p>

<o:p> </o:p>

; Some debugging stuff useful for troubleshooting<o:p></=
o:p>

;debug =3D 7<o:p></o:p>

output =3D stunnel.log<o:p></o:p>

<o:p> </o:p>

; Use it for client mode<o:p></o:p>

client =3D yes<o:p></o:p>

<o:p> </o:p>

; Service-level configuration<o:p></o:p></=
p>

<o:p> </o:p>

[ajp]<o:p></o:p>

accept =3D 8009<o:p></o:p>

connect =3D xxxx2:8009<o:p></o:p>

<o:p> </o:p>

[sql]<o:p></o:p>

accept =3D 1433<o:p></o:p>

connect =3D XXXX1:443<o:p></o:p>

</div>

<pre>********************************************* *************************=
***
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.

If the reader of this message is not the intended recipient, you are=20
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank you.
************************************************** ***********************
</pre></body>

</html>

------_=_NextPart_001_01C71594.6393FE42--

--===============1068675988==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

--===============1068675988==--

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are Off [IMG] code is Off HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

All times are GMT +1. The time now is 12:32 PM.