I am having problems will apache and stunnel being able to handle load. I am using stunnel to encrypt my ajp traffic from apache to jboss. This helps me bridge our internal firewall.
But during load testing the system starts breaking down. It takes about 1/5 the load to break down apache and stunnel, than directly against my jboss node.
Any performance tuning recommendations would be great.
I am using stunnel straight out of the box. I will place the configuration file below.
Thanks.
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode
;cert = /usr/local/stunnel/etc/stunnel/mail.pem
;key = /usr/local/stunnel/etc/stunnel/mail.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /usr/local/stunnel/var/lib/stunnel/
setuid = nobody
setgid = nogroup
; PID is created inside chroot jail
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
CApath = certificates
; It's often easier to use CAfile
CAfile = /usr/local/stunnel/etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /usr/local/stunnel/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7
output = stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[ajp]
accept = 8009
connect = xxxx2:8009
[sql]
accept = 1433
connect = XXXX1:443
************************************************************************* The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged.
If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system.
Thank you. *************************************************************************