Short introduction
I have Apache Superset and Apache2 server located on the same EC2 instance. Apache2 is acting as a proxy server. It accepts HTTPS requests and transfers them to Apache Superset. Apache Superset is run using gunicorn.
Problem
Requests to Apache Dremio data engine could take some time (< 60 seconds). When accessing dashboards on Superset, using DNS name with SSL, with proxy setup some dashboards parts (requests) are failing with the following error:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
Strangely, these errors can appear in a matter of seconds despite that default value for ProxyTimeout is quite high.
The problem doesn't occur if Superset is accessed by IP address.
Error message in apache2/error.log:
(20014) Internal error (specific information not available): [client 10.4.26.3:6969] AH01102: error reading status line from remote server localhost:8088, referer: ...
What was tried to solve a problem
Problem can be with proxy server timeout or with Superset web server dropping some connections. My Apache2 config:
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName dash.domain.com
ServerAlias dash.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/private/cert.crt
SSLCertificateChainFile /etc/ssl/certs/cert2.crt
SSLCertificateKeyFile /etc/ssl/private/key.key
ProxyPass / http://localhost:8088/ connectiontimeout=3600 timeout=3600
ProxyPassReverse / http://localhost:8088/
# things tried
# SetEnv force-proxy-request-1.0 1
# SetEnv proxy-nokeepalive 1
# SetEnv proxy-initial-not-pooled 1
# ProxyTimeout 3600
# TimeOut 3600
</VirtualHost>
Things tested (and not working):
Timeout and ProxyTimeout
connectiontimeout and timeout (as seen above)
Keepalive=On for ProxyPass
different SetEnv
superset_config.py -> ENABLE_PROXY_FIX, SUPERSET_WEBSERVER_TIMEOUT
In addition, similar proxy setup was build using nginx, error is similar to what is described here.
Any help or ideas would be appreciated. Thank you very much!
Useful information
Apache Superset version: 0.37.2
Apache Dremio version: 4.1.0
Apache2 server version: 2.4.29
EC2 instance type: t3.medium
OS version: Ubuntu 18.04
The problem was in dying gunicorn async workers. Too many requests were coming from the charts and workers were not able to handle them. Changing worker type from async to sync (default gunicorn type) solved the proxy problem.
I still don't know why direct access by IP was not producing the 502 proxy error.
Sorry for not including information about gunicorn in the question.
P.S Recommended type of workers for Apache Superset from their docs is async, but, for my case, sync were the better solution. In theory, sync workers are slower compare to async (in Superset context).
Following this detailed article: https://www.tessian.com/blog/how-to-fix-http-502-errors/
We have tried the suggested fix (based on AWS ALB default connection idle timeout = 60s setting ):
Gunicorn (Python)
As command line arguments:
--keep-alive 65
Works like a charm!
And to explain "why direct access by IP was not producing the 502 proxy error", check this Gunicorn settings doc:
https://docs.gunicorn.org/en/stable/settings.html#keepalive
Generally set in the 1-5 seconds range for servers with direct connection to the client (e.g. when you don’t have separate load balancer).
Since the default keepalive setting is 2 seconds, it works well on direct access by IP.
Related
I have installed Magento in my personal laptop with XAMP (windows 10) all looks good. Followed the same steps on another laptop and not able to get Magento running.
Found that port 80 is occupied in the new laptop and configured xamp with port 8090, Apache, Phymyadmin and all works good. Following is my configuration for virtual hosts file
<VirtualHost *:8090>
DocumentRoot "C:/M/xampp8.1/htdocs/magento2/pub"
ServerName kumar.magento245.com
</VirtualHost>
<VirtualHost *:8090>
DocumentRoot "C:/M/xampp8.1/htdocs"
ServerName localhost:8090
</VirtualHost>
Following in windows hosts file
127.0.0.1:8090 kumar.magento245.com
XAMP Apache running on port 8090
when i enter kumar.magento245.com gives 404 error
I assure you the rest of the installation is in sync with my earlier laptop (that dont have any service running on port 80 and i dint changed the hosts file)
Kindly please advise what to be done..
Not planning to change/edit the service running on port 80 .
when i enter kumar.magento245.com gives 404 error.. it should got my local magento running ( installed at C:/M/xampp8.1/htdocs/magento2/pub )
I followed a response in the following thread #Raz0rwire and solved my issue.
Set up virtual hosts on Apache (XAMPP, Windows 10)
accessed the url like this kumar.magento245.com:8090 port number at the end..
Welcome to SO #kumar2023,
There could be multiple possibilities for resolving this issue,
in this case, I would prefer the below steps :
Try running Magento with the direct browser URL ie. https://yourmagnetopath/pub and ensure at least my Magento has been installed
correctly
Try removing the default ports and their entries, in my case well I am using ubuntu hence there could be a case of caching if you tried multiple times with the same URL.
Try with the incognito browser or I would prefer a new browser where you haven't tried to run this URL.
Just give a try with the newer domain (again there could be a reason for caching)
I have an apache/2.4.18 ubuntu server and I want to host my spring application on it. I generated a JAR file and can run it on the server. It starts an embedded tomcat server on port 8090.
However when i navigate to 'my-site-ip:8090' the connection times out.
I have zero experience deploying web applications so any help would be appreciated.
I've created a TCP rule for port 8090 and still no joy.
The solution was adding a proxy to the Myapp.conf file as below:
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://localhost:8090/
ProxyPassReverse / http://localhost:8090/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
It´s very hard to explain all the steps in one answer but you can follow these steps to get into the full configuration by your own. I did the same on my 1&1 cloud server.
First of all you need root access to your server.
Normally, on your server the port 80 and 443 should already be open. Else you can define that in the 1&1 Admin Portal. If your Server already has the apache configuration you should be able to see the apache site if you go to your server address. You can find details and the full setup if you dont have an apache installed for this step here:
How To Install the Apache Web Server on Ubuntu
The second step would be to configure a virtual host on your apache webserver.
This is cool because you can define multiple domains and there applications on your server. So http://yourServer.com(port 80 or 443 from extern) goes to yourApp1. (port 8090 from intern).
In this step you will tell apache if your enter your url to go to your app with port 8090
How To Set Up Apache Virtual Hosts on Ubuntu
The last step would be to install your spring-boot app as a service on your machine. The docs of Spring describes it very well.
Installation as an init.d Service
If you install the app as a service you are able to start and stop the app with the service command.
service myapp start
And dont forget to add the plugin for maven or gradle to your pom.xml. This is necessary to run the app as a service.
If you follow these Steps you should be able to reach you app without specify a port and be ready to go with your app in production if necessary.
The best approach for this would be to use the apache proxy. This should get it done.
https://blog.marcnuri.com/running-apache-tomcat-and-apache-httpd-on-port-80-simultaneously/
I've got a very strange issue with Apache:
I'm running Apache/2.2.22 + with PHP 5.5.27 (dotdeb.org) under Debian 7.8.
I made an upgrade of PHP, I'm not sure if it's related but I restarted Apache and suddenly all HTTP stuff ceased to work, only HTTPS requests are correctly handled, VirtualHost config of port 80 is no more working correctly, it seems like Apache is not getting the right DocumentRoot (403 on / and file not found for subfolders and files) if I use a HTTP URL (OK for HTTPS stuff).
sites-available/default syntax is OK, suexec and open_basedir paths updates didn't help.
It's not related to IP (it's not fail2ban, checked on other devices)
It's not the permissions or an Apache running user problem (I tried everything).
I even uninstalled (purge) and reinstalled libapache2-mod-php5.
Nothing worked.
Any clue ?
Thanks
Ok I figured it out, it's not PHP, it's the virtualhosts I created using Virtualmin, here's the fix:
Disable the NameVirtualHost lines in /etc/apache2/apache2.conf
Replace <VirtualHost XX.XX.XX.XXX:80 [XXXX:XXXX:X:XXXX::]:80> by <VirtualHost *:80> in all /etc/apache2/backup/sites-available/ conf files
Add NameVirtualHost *:80 at the top of /etc/apache2/sites-available/default file
I want to host two odoo instances or database (?), in order to be sure that everything is separated, on a rented VPS for my wife firm and mine.
We both have a domain name.
I need the following thing :
- Browsing www.mywifedomainname.tld leads to my wife's odoo
- Browsing www.myowndomainname.tld leads to my odoo instance
Can you advise me what to do :
1 - Do I need a reverse proxy to have multi domains leading to multi instances ?
2 - In case the reverse proxy is the solution, do you know a good tutorial on how to setup it on Debian (or another distribution) ?
3 - Should I have 2 instances of Odoo or only 2 databases ?
Thanks for you interest :)
yes i have realized this on my server.
to achieve that goal I have tested two ways. It's up to you wich one is better to feet on your needs
1 method is odoo+wsgi+appache2
2 method is odoo+nginx+SSL
both cases required the proxy reverse.
so lest go on.
I assume that you know how to install odoo and postgress
mandatory requirement:
you should have hardware that can handle odoo postgress and webserver for more than one instance. As of every instance of odoo creates it's own processes. My server (6 core CPU, 3 gb Ram, and i have cpu load around 5% and RAM for 40%, i have 6 different instances rub=ning on this server with different domain names)
for each instance you should have different user created for odoo and for PostgreSQL
in case of using first method odoo+wsgi+appach you don't ned to configure openerp-server.conf file and sturtuo script as of we gonna use openerp-wsgi.py file as a configuration and the appache to sturt odoo.
/YOUR_ODOO1_PATH/openerp-wsgi.py modification with your data:
conf['addons_path'] = 'LINK TO YOUR ODOO1 ADDONS FULL PATH FROM THE ROOT'
admin_passwd = 'ODOO1 MASTR ADMIN PASSWORD'
conf['db_user'] = 'ODOO1_POSTGRESQL_USER_NAME'
conf['db_password'] = 'ODOO1_POSTGRESQL_USER_PASSWORD'
bind = '0.0.0.0:8070'
pidfile = '.gunicorn.pid'
workers = 4
timeout = 240
max_requests = 2000
conf['logfile'] = '/var/log/ODOO1/wsgi-pyton.log'
THAT WILL RUN YOUR ODOO1 instance on port 8070
for each instance you should use DIFFERENT PORT
now it is time to configure appache server:
I assume that you have installed apache server
but in any case, to do that use
sudo apt-get install apache2
and for mod WSGI
sudo apt-get install libapache2-mod-wsgi
Enable required apache modules:
sudo a2enmod proxy_http headers rewrite wsgi
If the system miss some of them you should install this modules first then enable them. More you will find in the Apache website.
Create Configuration file in apache for reverse proxy for site odoo1.com:
sudo nano /etc/apache2/sites-available/odoo1.conf
<VirtualHost *:80>
ServerName odoo1.com
ErrorLog /var/log/odoo1/openerp-error.log
CustomLog /var/log/odoo1/openerp-access.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / **odoo1_full_URL**
ProxyPassReverse / **odoo1_full_URL**
ProxyVia On
LogLevel warn
</VirtualHost>
odoo1_full_URL replace with http : // odoo1.com: 8070 (for me it is not allowed to post more than 2 url, that way i have write in this way without spaces)
5. Create Site Configuration file to run WSGI script
sudo nano /etc/apache2/site-available/odoo1-wsgi.conf
With following content
<VirtualHost *:80>
ServerName odoo1.com
WSGIScriptAlias / /YOUR_ODOO1_PATH/openerp-wsgi.py
WSGIDaemonProcess oe user=ODOO1_USER group=ODOO1_USER processes=2 pythonpath=/YOUR_ODOO1_Path/ display-name=apache-ODOO1USER
WSGIProcessGroup oe
ErrorLog /var/log/ODOO1/odoo1-wsgi-error.log
CustomLog /var/log/ODOO1/odoo1-wsgi-access.log combined
<Directory /YOUR_ODOO1_PATH>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
finaly enable your odoo1 and odoo1-wsgi configuration sites and restart apache server
sudo a2ensite odoo1-wsgi.conf odoo1.conf
sudo service apache2 restart
that's all by typing in the url the odoo1.com you will be able to see your database without port number in the address bar.
do the same for any other instance and enjoy.
Let me know if you will have questions.
teh second method I will explain in my next post.
I have just upgraded from Sonar 3.2.1 to Sonar 3.6. I was able to configure Sonar 3.2.1 to use https by placing a jetty.xml file in SONAR_HOME. The same approach does not seem to work for Sonar 3.6 and from looking at the source for org.sonar.application.JettyEmbedder I think the https port is hard-coded to 8443. FYI, The embedded jetty version is 7.6.11.
The relevant Sonar FAQ reads thus :
Can SonarQube run in HTTPS mode
No. But you can run SonarQube in a standard HTTPS infrastructure using reverse proxy (in this case the reverse proxy must be configured to set the value 'X_FORWARDED_PROTO: https' in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP).
If this is true then Sonar has taken a step backwards security-wise. Is there an alternative way to configure Sonar/Jetty to run on https ?
You can install Apache on the same machine and set reverse proxy.
Your http://your-sonar-host.com address needs to run on port 80. Apache will forward it to 9000 (sonar runs on port 9000)
After installing Apache, open the configuration and type the following:
<Location />
ProxyPass http://your-sonar-host.com:9000/
ProxyPassReverse http://your-sonar-host.com:9000/
RequestHeader set X_FORWARDED_PROTO 'https'
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
There is nothing else you need to do.