Quick note on what I did to RIAForge
I thought I'd give folks an update on what I did to RIAForge yesterday. First, huge thanks to Jeff Coughlin for his help. Considering all the crap I give him in regards to FarCry (which is a good CMS, but I do like to tease him about it!) I'm surprised he offered to help anyway!
Anyway, the first thing I tried to do was separate the SVN HTTP service away from the rest of the web sites on the box (RIAForge also runs Jason Delmore's blog, Kristen's blog, coldfusionportal.org). It is easy enough to set up a second Apache service using another config file, but stupid me - I forgot that you can't have two services trying to use the same port. I considered - briefly, just putting SVN up on port 81. But I didn't want to tick off my project owners by making them reset up their connections.
After speaking with Jeff, I figured this may be a good chance to just upgrade everything. So I updated Apache to the latest version, and updated the Subversion server as well. Lastly, I installed ServersAlive. ServersAlive is a good program, but the UI is the suck, and it goes out of it's way to make it hard to install over RDP, which is sad because I can see a lot of people getting turned off by that. SA is set up to automatically restart the Apache service if it fails.
So far so good, and as always, I'll let folks know if things change. To be honest, I think RIAForge needs a full time developer on it. I'd love to quit my day job but I think the bank may have an issue with that. ;)
Comments
@MD: Do you mean ports? The issue I had was with both Apaches trying to use 80. It didn't care about the IP.
As I said, I could have easily pushed SVN to 81, but then I'd probably piss off the owners. Shoot, as far as I know, there is no easy way to tell Subclipse that project X, which was at URL Y, is not at Y:81.
As I said, I could have easily pushed SVN to 81, but then I'd probably piss off the owners. Shoot, as far as I know, there is no easy way to tell Subclipse that project X, which was at URL Y, is not at Y:81.
# Posted By Raymond Camden
| 12/3/08 9:49 AM
I was wondering what was going on yesterday. Thanks for the update, and the site is greatly appreciated. I have found several good tools on the site, and having a specific focus (e.g., Adobe related technologies) helps greatly. One isn't lost in the myriad of other projects, like on SourceForge, Codeplex, Google Code, etc.
# Posted By Thomas Case
| 12/3/08 9:51 AM
@Ray: No, I do mean IP's I havent tried it but it should be like IIS in that respect... that you can have multiple IP's pointing to multiple Apache Instances
Ray, from the apache's httpd.conf
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Of course, you would then need multiple IP's...
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Of course, you would then need multiple IP's...
I'm not arguing that I could do N IPs. I'm arguing that I could have N apache services using 1 port. The issue I had was with the Apache service crashing. It would show as running but not return requests. That's why I wanted to try 2 Apache services. If SVN died, it would only bring down that server.
# Posted By Raymond Camden
| 12/3/08 10:02 AM
What about name based virtual hosts (http://httpd.apache.org/docs/2.2/vhosts/name-based...)? This is something I currently use on my local machine and on the shared development server in the office.
The last line of my httpd.conf file has the following:
Include conf/vhosts/*.conf
Then in the vhosts folder I have a number of conf files, each corresponding to a separate application. Below you could have something like the following in the vhosts folder:
App1.conf:
<VirtualHost *:80>
ServerName app1.riaforge.org
DocumentRoot c:/inetpub/app1/wwwroot
ErrorLog c:/inetpub/logs/app1.log
ServerAlias App1
<Directory " c:/inetpub/app1/wwwroot ">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
App2.conf:
<VirtualHost *:80>
ServerName app2.riaforge.org
DocumentRoot c:/inetpub/app2/wwwroot
ErrorLog c:/inetpub/logs/app2.log
ServerAlias App2
<Directory " c:/inetpub/app2/wwwroot ">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
The end result will be a separate httpd.exe process (not Windows service) for each host all running off of the same ip address and port 80. In the above example you would have three httpd.exe processes, one for each conf file in the vhosts folder and one for the httpd.conf file.
Is this what you are trying to accomplish? I hope this is helpful.
The last line of my httpd.conf file has the following:
Include conf/vhosts/*.conf
Then in the vhosts folder I have a number of conf files, each corresponding to a separate application. Below you could have something like the following in the vhosts folder:
App1.conf:
<VirtualHost *:80>
ServerName app1.riaforge.org
DocumentRoot c:/inetpub/app1/wwwroot
ErrorLog c:/inetpub/logs/app1.log
ServerAlias App1
<Directory " c:/inetpub/app1/wwwroot ">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
App2.conf:
<VirtualHost *:80>
ServerName app2.riaforge.org
DocumentRoot c:/inetpub/app2/wwwroot
ErrorLog c:/inetpub/logs/app2.log
ServerAlias App2
<Directory " c:/inetpub/app2/wwwroot ">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
The end result will be a separate httpd.exe process (not Windows service) for each host all running off of the same ip address and port 80. In the above example you would have three httpd.exe processes, one for each conf file in the vhosts folder and one for the httpd.conf file.
Is this what you are trying to accomplish? I hope this is helpful.
# Posted By Matt Riley
| 12/3/08 11:33 AM
Mark is quite right, you can limit the IP/port "signature" that Apache uses. I believe that the default installation setting for the Listen directive only specifies a port number, like so:
Listen 80
This means it will bind to this port for all the IP addresses on the machine. So if you change the directive on the existing server to include the IP(s), you would then be able to configure a second instance of the server on another IP, still using port 80, e.g.:
First instance:
127.0.0.1:80
Second instance:
127.0.0.2:80
Also, while Matt's approach might help in *NIX environments (although I think there is a separate child process spawned for each request, not each virtual host), on Windows there are only two httpd.exe processes -- the child process multithreads to handle multiple requests.
Listen 80
This means it will bind to this port for all the IP addresses on the machine. So if you change the directive on the existing server to include the IP(s), you would then be able to configure a second instance of the server on another IP, still using port 80, e.g.:
First instance:
127.0.0.1:80
Second instance:
127.0.0.2:80
Also, while Matt's approach might help in *NIX environments (although I think there is a separate child process spawned for each request, not each virtual host), on Windows there are only two httpd.exe processes -- the child process multithreads to handle multiple requests.
# Posted By Ezra Parker
| 12/3/08 11:53 AM
@Matt - named based virtual hosts is what I have now. I wanted to move away from that to two services with the thought that - if SVN screwed up a service, it would only screw up its own service. Does that make sense now?
@Ezra - So if I had 2 IPs on the machine, I could run 2 instances of Apache, both on 80, but with different ports? If so, I can give that a try then if things continue to crap out on RIAForge.
Probably the _best_ solution would be a dedicated machine for SVN, but that would make config a bit harder. Right now we modify a SVN config file for Apache when you turn on SVN access, and we do a graceful restart of Apache to read it in.
@Ezra - So if I had 2 IPs on the machine, I could run 2 instances of Apache, both on 80, but with different ports? If so, I can give that a try then if things continue to crap out on RIAForge.
Probably the _best_ solution would be a dedicated machine for SVN, but that would make config a bit harder. Right now we modify a SVN config file for Apache when you turn on SVN access, and we do a graceful restart of Apache to read it in.
# Posted By Raymond Camden
| 12/3/08 1:14 PM
"Probably the _best_ solution would be a dedicated machine for SVN, but that would make config a bit harder. Right now we modify a SVN config file for Apache when you turn on SVN access, and we do a graceful restart of Apache to read it in."
Put something (oh, like, ColdFusion?) on the other box and communicate between boxes via webservice? or share a file between the two boxes and figure out how one box can restart the service of another? Plenty of options there. I'm sure you're aware of it.
Put something (oh, like, ColdFusion?) on the other box and communicate between boxes via webservice? or share a file between the two boxes and figure out how one box can restart the service of another? Plenty of options there. I'm sure you're aware of it.
# Posted By Todd Rafferty
| 12/3/08 5:02 PM
@Ray - Essentially, yes. Technically, the 2 separate instances would use the same port (80), but different IPs -- you just need to make sure that the primary instance isn't binding to 80 on all the IPs available to the box (by using the Listen directive without any IP specified).
As a side note, you'll probably want to have it listen on the loopback address as well, so I'm thinking that your primary config would have:
Listen 127.0.0.1:80
Listen 65.36.216.233:80
And the SVN config would listen only on the alternate IP:
Listen xxx.xxx.xxx.xxx:80
As a side note, you'll probably want to have it listen on the loopback address as well, so I'm thinking that your primary config would have:
Listen 127.0.0.1:80
Listen 65.36.216.233:80
And the SVN config would listen only on the alternate IP:
Listen xxx.xxx.xxx.xxx:80
# Posted By Ezra Parker
| 12/3/08 5:52 PM
@Ray, I think Ezra is right, although i never ran 2 instances of Apache, I know that on one of our boxes we are running IIS on port 80 and restricting it to a set of IP's and Apache is controlled by listening to a specific set of IP's. Both are running on port 80 and we have not had any issues with it at all.
# Posted By Hatem Jaber
| 12/3/08 7:09 PM
Thanks guys. Right now I'm taking a 'wait and see' approach. I'm hoping the shinier Apache/SVN will help alleviate the issues. If not, ServersAlive should do a good job of hiding it from me.
If Adobe wants more done, they can hire a server grunt. :)
If Adobe wants more done, they can hire a server grunt. :)
# Posted By Raymond Camden
| 12/3/08 8:38 PM
@ToddR: Yeah, I know I could do that - but I didn't want to make the connection so delicate. I know HTTP isn't delicate per se, but... do you get why I was a bit concerned? Right now there isn't good 'fallback' if something goes wrong. It is one of a large list of things I'd add to RIAForge given more time.
Hopefully - if things are better now, I can return to giving more power to comanagers.
Hopefully - if things are better now, I can return to giving more power to comanagers.
# Posted By Raymond Camden
| 12/4/08 6:27 AM
@Ray: Given that you could communicate via webservice, you should also be able to try/catch on the webservice and if it's not responding, then you can have it email you and tell you that the SVN service is down. You could also have the main box put up a small notice on projects that are using the SVN service "SVN Service is down currently, please be patient and try again... etc."
It may be more 'delicate,' but it can also be a little more proactive? Tossing it out as a suggestion. I'm certainly not telling you (or Adobe) what to do. :)
It may be more 'delicate,' but it can also be a little more proactive? Tossing it out as a suggestion. I'm certainly not telling you (or Adobe) what to do. :)
# Posted By Todd Rafferty
| 12/4/08 6:53 AM
Yeah. Let me just see how things play out. So far so good. I'd have to ask Adobe if they are willing to pay for another machine, but I assume they would be. I know they want RIAForge to succeed.
# Posted By Raymond Camden
| 12/4/08 7:10 AM
Keep up the good work sir!
on another note, I am sure you can have multiple apahe instances if they are listening to different IP's ?