Apache RewriteRule [P]和ProxyPass(ProxyPassMatch)指令的差别:
虽然都可以用来做代理转发,但是两者还是有不少细微的差别:
1.RewriteRule可以对URL重写可以实现更加灵活的处理;
2.ProxyPass*对重写能有更高的性能。在apache官方文档2.2版本中没有给出RewriteRule [P]详细说明,而2.4版本文档有更加具体的使用说明。主要是没法提供连接池从而实现多个Http请求复用TCP链接达到性能上的提升。具体可以用tcpdump或wireshark进行验证。
还需要注意一点是:如果使用
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
这两个指令也会导致没法使用keepalive connection。
系统环境:Redhat + Apache2.2.15 + Php
原因:
论坛服务器上发现大量TIME_WAIT状态的tcp链接(600-900),上服务器上netstat发现都是跟frontend服务器之间的链接。大量这种状态的链接还是消耗不少资源(主要是端口和内存),因此想办法降低。
frontend服务器大量使用RewriteRule对进行做代理转发,怀疑这个代理转发的动作没有复用tcp链接。通过tcpdump证实了这种想法,每个请求进来都是有tcp链接建立和断开的过程。httpd.apache.org中2.2版本文档仔细看了下RewriteRule P指令的说明好像没有讲到具体的信息。后来又跑到2.4版本中去看了下发现如下说明。调整frontend指令以后TIME_WAIT维持在100左右,而且大部分都是到Mysql的链接了。
P|proxy
Use of the [P] flag causes the request to be handled by mod_proxy, and handled via a proxy request. For example, if you wanted all image requests to be handled by a back-end image server, you might do something like the following:
RewriteRule /(.*)\.(jpg|gif|png)$ http://images.example.com/$1.$2 [P]
Use of the [P] flag implies [L] - that is, the request is immediately pushed through the proxy, and any following rules will not be considered.
You must make sure that the substitution string is a valid URI (typically starting with http://hostname) which can be handled by the mod_proxy. If not, you will get an error from the proxy module. Use this flag to achieve a more powerful implementation of the ProxyPass directive, to map remote content into the namespace of the local server.
Security Warning
Take care when constructing the target URL of the rule, considering the security impact from allowing the client influence over the set of URLs to which your server will act as a proxy. Ensure that the scheme and hostname part of the URL is either fixed, or does not allow the client undue influence.
Performance warning
Using this flag triggers the use of mod_proxy, without handling of persistent connections. This means the performance of your proxy will be better if you set it up withProxyPass or ProxyPassMatch
This is because this flag triggers the use of the default worker, which does not handle connection pooling.
Avoid using this flag and prefer those directives, whenever you can.
Note: mod_proxy must be enabled in order to use this flag.