Limit connections for static site Apache workers

We've noticed that our static sites will semi-regularly have
problems due to stale SSL certs served by Apache workers which
predate the latest certificate replacement and haven't terminated
(graceful restart only ends the running workers once they have no
remaining connections). Limit the impact of this by recycling
workers automatically after a reasonable (large) number of

This implementation is shamelessly stolen from that used in
Ic377f48d1a5a3eecbcb183327c9255134c4364ab for our mirror sites.

Change-Id: I2e5c0bdf012184ebbfccb086b967008bf12582ab
Co-Authored-By: Clark Boylan <>
This commit is contained in:
Jeremy Stanley 2020-06-23 20:06:00 +00:00
parent e863120cd3
commit ab50b54169
3 changed files with 29 additions and 1 deletions

View File

@ -0,0 +1,14 @@
# worker MPM
# MaxConnectionsPerChild: maximum number of requests a server process serves
# We've noticed that our mirrors occasionally have stale workers. This leads
# to ssl certs not being refreshed properly after reload and we've also seen
# ssl connections to round robin backend services have trouble. Restarting
# the workers so that they load up new info seems to fix this. Try and force
# that to happen regularly with a connections limit per worker.
<IfModule mpm_worker_module>
MaxConnectionsPerChild 8192
<IfModule mpm_event_module>
MaxConnectionsPerChild 8192

View File

@ -1,4 +1,9 @@
- name: Reload apache2
name: apache2
state: reloaded
state: reloaded
- name: Restart apache2
name: apache2
state: restarted

View File

@ -61,6 +61,15 @@
state: present
name: headers
- name: Copy apache tuning
src: apache-connection-tuning
dest: /etc/apache2/conf-enabled/connection-tuning.conf
owner: root
group: root
mode: 0644
notify: Restart apache2
- name: Make sure packaged default site disabled
command: a2dissite 000-default.conf