This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: <modperl@apache.org>
From: "Jeremy Howard" <jh_lists@fastmail.fm>
Subject: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 13:43:17 +1100
Igor Sysoev mentioned recently on this list that he has written a module
called 'mod_accel' that provides a caching HTTP accelerator, as well as a
mod_gzip replacement called 'mod_deflate'. These modules are both used on
Kaspersky labs' busy sites, as well as at the popular portal
http://www.rambler.ru. mod_deflate is used at around 700 sites.
So why haven't we heard more of them? Because the docs are only in Russian,
and almost all implementations have occured on Russian sites. Well, the good
news is that I've now implemented a mod_accel/mod_deflate front-end on
http://www.fastmail.fm, allowing me to announce a substantial speedup to our
users:
http://www.emailaddresses.com/forum/showthread.php?threadid=1603
You may notice in the linked announcement that I mention "I've been able to
remove the restriction that attachments have to be downloaded within an
hour". We previously had this restriction because even with mod_proxy as a
front-end, uploads larger than the TCP buffer get fed through bit by bit,
keeping the mod_perl handler open the whole time... So we had code like:
----
|| my $oldalarm=alarm(0);
|| alarm 3600;
|| my $Status = $R->parse;
|| alarm $oldalarm;
----
Without that, the backend app server can hang around for ever serving one
client. We had similar code for downloads, as well as uploads. BTW, Joe
Schaefer has posted a mod_proxy patch to this list that fixes this for POST
uploads.
Well, mod_accel gets around this problem by automatically buffering large
uploads and downloads onto the filesystem! :-) In fact, mod_accel reads the
backend response and sends it to client asynchronously, so the client sees
the first part of the response even before the backend has completed the
request. But the backend is never blocked by the client, since it is
buffered to the file-system as required.
mod_deflate works really well with mod_accel so that both dynamic forwarded
requests and static requests are compressed. mod_deflate also has lots of
intelligence to avoid compressing content to buggy browsers that can't
handle it.
OK, enough evangelism. On to practical matters. Many of the following
snippets and comments were provided to me by Igor in private email, so thank
him, not me. Firstly, here's how to compile everything (including mod_ssl on
the front-end) and install it into /usr/local/apache_accel:
----
tar -zxvf mod_accel-1.0.7.tar.gz
tar -zxvf mod_deflate-1.0.9.tar.gz
tar -zxvf mm-1.1.3.tar.gz
cd mm-1.1.3
./configure --disable-shared
make
cd ../mod_ssl-2.8.5-1.3.22
./configure --with-apache=../apache_1.3.22_accel/ \
--with-crt=/INSERT_APPROPRIATE_PATH.crt \
--with-key=/INSERT_APPROPRIATE_PATH.key
cd ../mod_accel-1.0.7
./configure --with-apache=../apache_1.3.22_accel/ \
--with-eapi=../mod_ssl-2.8.5-1.3.22/pkg.eapi/
make
cd ../mod_deflate-1.0.9
./configure --with-apache=../apache_1.3.22_accel/
make
cd ../apache_1.3.22_accel/
EAPI_MM=../mm-1.1.3 SSLBASE=SYSTEM ./configure --enable-rule=EAPI \
--prefix=/usr/local/apache_accel --disable-rule=EXPAT \
--enable-module=most \
--enable-module=rewrite \
--activate-module=src/modules/accel/libaccel.a \
--activate-module=src/modules/extra/mod_deflate.o
make
make install
mkdir /var/accelcache
chown nobody:nobody /var/accelcache/
/usr/local/apache_accel/bin/apachectl startssl
----
Now, in /usr/local/apache_accel/conf/httpd.conf, append the following:
----
AccelCacheRoot /var/accelcache 1
AccelNoCache on
AccelPass /mail/ http://127.0.0.1:8080/mail/
AccelWaitBeforeBodyRead 100
AccelUnlinkNoCached off
AccelSetXHost on
AccelSetXRealIP on
AccelSetXURL on
----
This creates an HTTP accelerator without any caching. I don't know much
about the caching directives and haven't tried them out, so I can't provide
any guidance there.
The AccelCacheRoot directive sets the number of levels of subdirectories in
the cache. 16 first level subdirectories named 0 .. f and 256 second level
subdirectories named 00 .. ff are used by default (i.e. "AccelCacheRoot
<path> 1 2"). Since I'm not caching, my config above does not specify any
directory hashing (i.e. "AccelCacheRoot <path> 1").
AccelNoCache simply turns off caching.
AccelPass specifies that I want everything under /mail/ forwarded to the
backend. You can also specify '/' for AccelPass, and then use something like
"AccelNoPass /download /images ~*\.jpg$" to create exceptions (uses
standard regex syntax).
Note that mod_accel can also be called by utilising the mod_rewrite [P]
directive, just like with mod_proxy.
AccelWaitBeforeBodyRead sets the time in milliseconds to wait between
receiving the response header and the first part of the body. It is useful
over Ethernet where packets are small. If mod_accel waits a little it can
read most of the body or even the whole body with one just one
select()/read() pair of syscalls. You can see the first read size and the
number of reads in the log with %{accel}x in a CustomLog directive. Igor
usually uses 100-200 milliseconds.
AccelSet* adds X-* headers to the request to the backend. This is useful to
know what the original request details were.
Now, some directives that I've left at the default in my config...
AccelSendSize sets the buffer size when sending the answer to the client.
AccelBkRcvSockBuffSize sets the kernel backend receive buffer size. It's the
same as mod_proxy's ProxyReceiveBufferSize. AccelBkRcvBuffSize sets the
mod_accel backend receive buffer size. If the response size is more then
this, then it is saved to a temporary file. AccelRequestBuffSize sets
mod_accel's client receive buffer size when receiving the
POST body. If the request body is more then this then it is saved to a
temporary file.
You can leave default values for all these buffers and increase
AccelBkRcvBuffSize and AccelRequestBuffSize only if you see many warnings in
the log. Igor suggests not setting these buffers to more then 1M. The
directives are all specified in kB (quick Russian lesson:
kB=='kilobajtah'!).
Here's the config for mod_deflate:
----
DeflateEnable On
DeflateMinLength 3000
DeflateCompLevel 1
DeflateProxied Off
DeflateHTTP 1.0
DeflateDisableRange "MSIE 4."
----
DeflateProxied Off means that anything with a 'Via' header is not
proxied--Igor says that some proxies are broken so this is best to be safe.
And MSIE 4 apparently is a bit broken too. By default only text/html is
compressed. DeflateCompLevel 1 provides adequate compression for text.
===
To: Jeremy Howard <jh_lists@fastmail.fm>
From: Philip Mak <pmak@animeglobe.com>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 07:04:50 -0500 (EST)
On Thu, 20 Dec 2001, Jeremy Howard wrote:
> Note that mod_accel can also be called by utilising the mod_rewrite [P]
> directive, just like with mod_proxy.
If I put [P] in a RewriteRule, how does Apache know whether I want it to
use mod_proxy or mod_accel?
> AccelSet* adds X-* headers to the request to the backend. This is useful to
> know what the original request details were.
In ftp://ftp.lexa.ru/pub/apache-rus/contrib/ (where I have been told to
download mod_accel/mod_deflate from before), I see another file called
mod_realip-1.0.tar.gz just released one week ago. From looking at the
keywords in the documentation, it looks like a module to be installed on
the backend httpd that will parse these X-* headers to retrieve the
original IP address.
> By default only text/html is compressed.
I think it's safe to compress text/plain by default, too; I've never seen
any browser problems with compressed text/plain (only text/js and
text/css).
===
To: "Philip Mak" <pmak@animeglobe.com>
From: "Jeremy Howard" <jh_lists@fastmail.fm>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 23:20:47 +1100
Philip Mak wrote:
> In ftp://ftp.lexa.ru/pub/apache-rus/contrib/ (where I have been told to
> download mod_accel/mod_deflate from before), I see another file called
> mod_realip-1.0.tar.gz just released one week ago. From looking at the
> keywords in the documentation, it looks like a module to be installed on
> the backend httpd that will parse these X-* headers to retrieve the
> original IP address.
>
Correct. This is a simple module that fills out $R->connection->ip with the
X- header added by mod_deflate.
===
To: Philip Mak <pmak@animeglobe.com>
From: Igor Sysoev <is@rambler-co.ru>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 15:47:04 +0300 (MSK)
On Thu, 20 Dec 2001, Philip Mak wrote:
> On Thu, 20 Dec 2001, Jeremy Howard wrote:
>
> > Note that mod_accel can also be called by utilising the mod_rewrite [P]
> > directive, just like with mod_proxy.
Even more. You can use mod_accel/mod_rewrite/mod_include:
RewriteRule ^/one.html$ http://backend/$1 [P]
<!--#include virtual="/one.html?arg=some" -->
> If I put [P] in a RewriteRule, how does Apache know whether I want it to
> use mod_proxy or mod_accel?
mod_proxy and mod_accel can work together expect one case - mod_rewrite [P].
You can disable mod_accel's [P] with --without-mod_rewrite mod_accel
configure parameter.
> > AccelSet* adds X-* headers to the request to the backend. This is useful to
> > know what the original request details were.
>
> In ftp://ftp.lexa.ru/pub/apache-rus/contrib/ (where I have been told to
> download mod_accel/mod_deflate from before), I see another file called
> mod_realip-1.0.tar.gz just released one week ago. From looking at the
> keywords in the documentation, it looks like a module to be installed on
> the backend httpd that will parse these X-* headers to retrieve the
> original IP address.
Yes, it can set IP using "X-Real-IP" header (default) or "X-Forwarde-For"
header. Also mod_realip set IP in one of three phases - postread, header
and fixups.
> > By default only text/html is compressed.
>
> I think it's safe to compress text/plain by default, too; I've never seen
> any browser problems with compressed text/plain (only text/js and
> text/css).
There is no text/js type - application/x-javascript instead.
Macromedia FlashPlayer 4.x-5.x doesn't understand compressed text files
received via loadVariables() function. These files can have any type
but usually they have text/plain. If you site doesn't use such flash
movies - you can safely compress text/plain:
DeflateTypes text/plain
Igor Sysoev
===
To: Jeremy Howard <jh_lists@fastmail.fm>
From: Igor Sysoev <is@rambler-co.ru>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 16:07:25 +0300 (MSK)
On Thu, 20 Dec 2001, Jeremy Howard wrote:
Thank you, Jeremy.
Here is some comments.
> OK, enough evangelism. On to practical matters. Many of the following
> snippets and comments were provided to me by Igor in private email, so thank
> him, not me. Firstly, here's how to compile everything (including mod_ssl on
> the front-end) and install it into /usr/local/apache_accel:
> ----
> tar -zxvf mod_accel-1.0.7.tar.gz
> tar -zxvf mod_deflate-1.0.9.tar.gz
> tar -zxvf mm-1.1.3.tar.gz
> cd mm-1.1.3
> ./configure --disable-shared
> make
>
> cd ../mod_ssl-2.8.5-1.3.22
> ./configure --with-apache=../apache_1.3.22_accel/ \
> --with-crt=/INSERT_APPROPRIATE_PATH.crt \
> --with-key=/INSERT_APPROPRIATE_PATH.key
>
> cd ../mod_accel-1.0.7
> ./configure --with-apache=../apache_1.3.22_accel/ \
> --with-eapi=../mod_ssl-2.8.5-1.3.22/pkg.eapi/
> make
You don't need to use mod_ssl but you need EAPI distributed with mod_ssl.
So if you don't use mod_ssl you need untar it only and set path to EAPI:
cd ../mod_accel-1.0.7
./configure --with-apache=../apache_1.3.22_accel/ \
--with-eapi=../mod_ssl-2.8.5-1.3.22/pkg.eapi/
make
But if use mod_ssl then you can not to specify EAPI path - mod_ssl's
configure set it on Apache source itself:
cd ../mod_accel-1.0.7
./configure --with-apache=../apache_1.3.22_accel/
make
> cd ../mod_deflate-1.0.9
> ./configure --with-apache=../apache_1.3.22_accel/
> make
>
> cd ../apache_1.3.22_accel/
> EAPI_MM=../mm-1.1.3 SSLBASE=SYSTEM ./configure --enable-rule=EAPI \
> --prefix=/usr/local/apache_accel --disable-rule=EXPAT \
> --enable-module=most \
> --enable-module=rewrite \
> --activate-module=src/modules/accel/libaccel.a \
> --activate-module=src/modules/extra/mod_deflate.o
> make
> make install
>
> mkdir /var/accelcache
> chown nobody:nobody /var/accelcache/
> /usr/local/apache_accel/bin/apachectl startssl
> ----
>
> Now, in /usr/local/apache_accel/conf/httpd.conf, append the following:
> ----
> AccelCacheRoot /var/accelcache 1
> AccelNoCache on
> AccelPass /mail/ http://127.0.0.1:8080/mail/
> AccelWaitBeforeBodyRead 100
> AccelUnlinkNoCached off
> AccelSetXHost on
> AccelSetXRealIP on
> AccelSetXURL on
> ----
>
> This creates an HTTP accelerator without any caching. I don't know much
> about the caching directives and haven't tried them out, so I can't provide
> any guidance there.
>
> The AccelCacheRoot directive sets the number of levels of subdirectories in
> the cache. 16 first level subdirectories named 0 .. f and 256 second level
> subdirectories named 00 .. ff are used by default (i.e. "AccelCacheRoot
> <path> 1 2"). Since I'm not caching, my config above does not specify any
> directory hashing (i.e. "AccelCacheRoot <path> 1").
AccelCacheRoot allow to set up to 3 levels of two type subdirectories -
named 0 .. f and 00 .. ff. Also AccelCacheRoot has parameter 'noauto'
that specify do not create automaticaly all nested subdirectories.
They shoud be created before with create_cache script.
> Here's the config for mod_deflate:
> ----
> DeflateEnable On
> DeflateMinLength 3000
> DeflateCompLevel 1
> DeflateProxied Off
This is default settings of DeflateCompLevel and DeflateProxied.
> DeflateHTTP 1.0
> DeflateDisableRange "MSIE 4."
> ----
>
> DeflateProxied Off means that anything with a 'Via' header is not
> proxied--Igor says that some proxies are broken so this is best to be safe.
is not compressed
> And MSIE 4 apparently is a bit broken too. By default only text/html is
> compressed. DeflateCompLevel 1 provides adequate compression for text.
Igor Sysoev
===
To: modperl@apache.org
From: Thomas Eibner <thomas@stderr.net>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 15:38:29 +0100
On Thu, Dec 20, 2001 at 07:04:50AM -0500, Philip Mak wrote:
> > AccelSet* adds X-* headers to the request to the backend. This is useful to
> > know what the original request details were.
>
> In ftp://ftp.lexa.ru/pub/apache-rus/contrib/ (where I have been told to
> download mod_accel/mod_deflate from before), I see another file called
> mod_realip-1.0.tar.gz just released one week ago. From looking at the
> keywords in the documentation, it looks like a module to be installed on
> the backend httpd that will parse these X-* headers to retrieve the
> original IP address.
I basically wrote something similar for the users of mod_proxy_add_forward
2-3 months ago, it's called mod_rpaf and sets r->connection->remote_ip
and moved the X-Host: headers into the incoming Host: header and then
updates the vhost structure so virtualhosting via mod_proxy_add_forward
works. The module can be found at: http://stderr.net/apache/rpaf/
===
To: Thomas Eibner <thomas@stderr.net>
From: Igor Sysoev <is@rambler-co.ru>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 18:52:51 +0300 (MSK)
On Thu, 20 Dec 2001, Thomas Eibner wrote:
> On Thu, Dec 20, 2001 at 07:04:50AM -0500, Philip Mak wrote:
> > > AccelSet* adds X-* headers to the request to the backend. This is useful to
> > > know what the original request details were.
> >
> > In ftp://ftp.lexa.ru/pub/apache-rus/contrib/ (where I have been told to
> > download mod_accel/mod_deflate from before), I see another file called
> > mod_realip-1.0.tar.gz just released one week ago. From looking at the
> > keywords in the documentation, it looks like a module to be installed on
> > the backend httpd that will parse these X-* headers to retrieve the
> > original IP address.
>
> I basically wrote something similar for the users of mod_proxy_add_forward
> 2-3 months ago, it's called mod_rpaf and sets r->connection->remote_ip
> and moved the X-Host: headers into the incoming Host: header and then
> updates the vhost structure so virtualhosting via mod_proxy_add_forward
> works. The module can be found at: http://stderr.net/apache/rpaf/
There is one drawback in setting r->connection->remote_addr.
If you want to disable direct access to backend then you can't do it
with mod_access - you need to configure firewall.
Igor Sysoev
===
To: Thomas Eibner <thomas@stderr.net>
From: Igor Sysoev <is@rambler-co.ru>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 18:57:52 +0300 (MSK)
On Thu, 20 Dec 2001, Igor Sysoev wrote:
> On Thu, 20 Dec 2001, Thomas Eibner wrote:
>
> > On Thu, Dec 20, 2001 at 07:04:50AM -0500, Philip Mak wrote:
> > > > AccelSet* adds X-* headers to the request to the backend. This is useful to
> > > > know what the original request details were.
> > >
> > > In ftp://ftp.lexa.ru/pub/apache-rus/contrib/ (where I have been told to
> > > download mod_accel/mod_deflate from before), I see another file called
> > > mod_realip-1.0.tar.gz just released one week ago. From looking at the
> > > keywords in the documentation, it looks like a module to be installed on
> > > the backend httpd that will parse these X-* headers to retrieve the
> > > original IP address.
> >
> > I basically wrote something similar for the users of mod_proxy_add_forward
> > 2-3 months ago, it's called mod_rpaf and sets r->connection->remote_ip
> > and moved the X-Host: headers into the incoming Host: header and then
> > updates the vhost structure so virtualhosting via mod_proxy_add_forward
> > works. The module can be found at: http://stderr.net/apache/rpaf/
>
> There is one drawback in setting r->connection->remote_addr.
> If you want to disable direct access to backend then you can't do it
> with mod_access - you need to configure firewall.
Sorry, I did not notice RPAFproxy_ips.
Igor Sysoev
===
To: Jeremy Howard <jh_lists@fastmail.fm>
From: Stas Bekman <stas@stason.org>
Subject: Re: Report on mod_accel and mod_deflate
Date: Thu, 20 Dec 2001 23:59:40 +0800
Jeremy Howard wrote:
> Igor Sysoev mentioned recently on this list that he has written a module
> called 'mod_accel' that provides a caching HTTP accelerator, as well as a
> mod_gzip replacement called 'mod_deflate'. These modules are both used on
> Kaspersky labs' busy sites, as well as at the popular portal
> http://www.rambler.ru. mod_deflate is used at around 700 sites.
Igor, sorry to tell you but httpd-2.0 has introduced mod_deflate as a
replacement for mod_gzip, so you are going to have a lot of confused
users when httpd 2.0 hits the streets. I suggest that you raise this
issue on the httpd dev list before it's too late. May be it's too late
already, since there was already a long discussion about why it should
be called deflate and not gzip (check the archives).
The modules is located here:
httpd-2.0/modules/experimental/mod_deflate.c
===