The Virtual Traffic Manager is often used as an application delivery controller which passes HTTP traffic to backend nodes using the Apache HTTP Server. This guide aims to provide some general advice on tuning such a deployment.
A virtual server passing traffic to Apache backends can use a number of protocols including HTTP, Generic client first and SSL (if the website uses HTTPS). Of all these protocols HTTP (with SSL Decryption enabled if HTTPS is used) will provide the best experience:
The Traffic Manager offers two important per pool settings for controlling the connections to backend nodes:
By default Apache closes idle keep-alive connections after 5 seconds while the Traffic Manager will try to reuse them for up to 10 seconds (controlled by the global configuration key idle_connection_timeout). This can cause retries or even request failures when the Traffic Manager tries to reuse a connection at the exact moment when Apache decides to close it. To avoid this it is advisable to change Apache's timeout via the KeepAliveTimeout configuration directive to at least five second higher than the traffic manager's timeout.
Using SSL Encryption on a pool configured on the traffic manager should work with the combination of Apache and mod_ssl without any specific tuning. The following adjustments might however help to improve performance.
In the unlikely case that the Traffic Manager SSL settings suggested above cause connection failures changing the mod_ssl configuration as suggested below should fix the problems:
SSLCipherSuite HIGH SSLProtocol all -SSLv3
The SSL session cache is also disabled in the Apache HTTP server by default although Linux distributions often enabled it in the distributed configuration file. Please refer to the documentation of the SSLSessionCache configuration directive for information how to enable and size the session cache.
For optimal performance is also advisable to use a Linux distribution which ships version 2.4 or newer of the Apache HTTP server and OpenSSL version 1.0.2 or newer (for example Debian 9 or newer or Ubuntu 16.04 or newer).