Author |
|
rjung
Joined: 26 Aug 2015 Posts: 13
|
Posted: Fri 11 Mar '22 16:44 Post subject: mod_qos for Apache on Windows: Patch and build recipe |
|
|
Hi there,
I managed to build mod_qos with a relatively simple code patch. I proposed the patch for inclusion in the upstreanm source code. Maybe it could be added to the modules ApacheLounge provides, once a mod_qos release includes that patch.
For details see:
https://sourceforge.net/p/mod-qos/bugs/41/
Another trivial patch is needed, which is good independent of the platform:
https://sourceforge.net/p/mod-qos/bugs/40/
Note: above links are not working (anymore).
Feedback welcome!
Rainer |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3089 Location: Hilversum, NL, EU
|
Posted: Fri 11 Mar '22 18:56 Post subject: |
|
|
That is good news. We can add it.
Build with Visual Studio ?
Runs with PCRE2 ?
Let us know when it is included in the source code |
|
Back to top |
|
rjung
Joined: 26 Aug 2015 Posts: 13
|
Posted: Fri 11 Mar '22 19:05 Post subject: |
|
|
Cool Steffen!
I did build it with the tools from Visual Studio latest but just used two command line calls for cl und link, which are generic fpr modules and which I have found in one of your forum threads:
set APACHE_HOME=C:\path\to\Apache24
set OPENSSL_HOME=C:\path\to\openssl-1.1.1m
cl -nologo -MD -W3 -O2 -c -DWIN32 -D_WINDOWS -DNDEBUG -I%APACHE_HOME%\include -I%OPENSSL_HOME%\include mod_qos.c
link /nologo /dll /subsystem:windows /machine:x64 /libpath:%APACHE_HOME%\lib kernel32.lib ws2_32.lib libhttpd.lib libapr-1.lib libaprutil-1.lib libssl.lib libcrypto.lib libpcre.lib /out:mod_qos.so mod_qos.obj
The Apache binary in APACHE_HOME was installed from an ApacheLounge download. OpenSSL and PCRE were compiled before, because ApacheLounge currently only provides httpd header files, but not the ones for OpenSSL and PCRE, and also not the needed library variants for linking.
Currently mod_qos does its own PCRE call, not via httpd. And they do not yet have support for PCRE2, but I guess that will be doable.
I will post again, once a release with the compatibility patch is out.
Thanks and regards,
Rainer |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3089 Location: Hilversum, NL, EU
|
Posted: Fri 11 Mar '22 19:45 Post subject: |
|
|
With 2.4.53+ all is build with PCRE2. For third-party modules (like mod_security) that cannot build with pcre2, pcre.dll is in /bin
What about OpenSSL 3
Steffen |
|
Back to top |
|
rjung
Joined: 26 Aug 2015 Posts: 13
|
Posted: Sat 12 Mar '22 14:52 Post subject: |
|
|
The module only uses very basic crypto functions from OpenSSL to encrypt and decrypt cookies used in optional features. It does compile and link fine against OpenSSL 1.1.1 and 3.0.0. Did not try others.
For PCRE it is currently limited to PCRE 1 (8.x) just like mod_security. |
|
Back to top |
|
rjung
Joined: 26 Aug 2015 Posts: 13
|
Posted: Sun 13 Mar '22 19:13 Post subject: |
|
|
The new version 11.71 of mod_qos is out and it builds on Windows now out-of-the-box.
Here's my simple build recipe:
set APACHE_HOME=C:\path\to\Apache24
set OPENSSL_HOME=C:\path\to\openssl-1.1.1m
set PCRE_HOME=C:\path\to\pcre-win-build
set PCRE_BUILD=build-VS2022\x64\Release
cl -nologo -MD -W3 -O2 -c -DWIN32 -D_WINDOWS -DNDEBUG -I%OPENSSL_HOME%\include -I%PCRE_HOME%\include -I%APACHE_HOME%\include mod_qos.c
link /nologo /dll /subsystem:windows /machine:x64 /libpath:%OPENSSL_HOME%\lib /libpath:%PCRE_HOME%\%PCRE_BUILD% /libpath:%APACHE_HOME%\lib kernel32.lib ws2_32.lib libhttpd.lib libapr-1.lib libaprutil-1.lib libcrypto.lib pcre.lib /out:mod_qos.so mod_qos.obj
As already mentioned, compiling with OpenSSL 3.0 works as well, bur for PCRE it currently has to be PCRE 1 (8.x).
The include path for PCRE and OpenSSL is used to find pcre.h and the openssl header files openssl/rand.h, openssl/evp.h and openssl/hmac.h. The libpath for PCRE and OpenSSL finds pcre.lib and libcrypto.lib. AFAIK currently pcre and openssl header files are not bundled with the ApacheLounge httpd distribution. In addition for pcre and libcrypto only the dll files are bundled, not the "*.lib". That's why I had to first build PCRE and OpenSSL. If the header and lib files were included, one would just habve to issue the single cl and link command for the mod_qos module.
Thanks and regards!
Rainer |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3089 Location: Hilversum, NL, EU
|
Posted: Mon 14 Mar '22 12:55 Post subject: |
|
|
Thank you !
Buid recipe looks fine.
First 2.4.53 and then I give it a try. |
|
Back to top |
|
rjung
Joined: 26 Aug 2015 Posts: 13
|
Posted: Mon 14 Mar '22 13:19 Post subject: |
|
|
Cool!
For a very simple smoke test:
LoadModule qos_module modules/mod_qos.so
QS_LocRequestLimitDefault 2
That would limit the allowed concurrency to 2.
Now you can fire up ab: For example
ab -k -n 10000 -c 2 http://localhost:80
should show no error, but
ab -k -n 10000 -c 3 http://localhost:80
and
ab -k -n 100000 -c 50 http://localhost:80
should both show many errors.
After an ab run with high concurrency, another
ab -k -n 10000 -c 2 http://localhost:80
should again show no errors.
Adding
<Location /qos-status>
SetHandler qos-viewer
</Location>
shows some infos about mod_qos under the URI /qos-status. |
|
Back to top |
|
puertoblack2003
Joined: 31 Jul 2009 Posts: 121 Location: U.S
|
Posted: Wed 16 Mar '22 17:02 Post subject: |
|
|
can you suggest the best configuration for windows Apache server? |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3089 Location: Hilversum, NL, EU
|
Posted: Wed 16 Mar '22 19:27 Post subject: |
|
|
Google gives some:
Code: | <IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256 (old, not working)
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule> |
|
|
Back to top |
|