Hi Graham,
Thanks already for your pearls of wsgi-wisdom!
>> How much traffic does each site receive?
A lot of these will stay inactive for a long time. At a single time, only at most 5 to 10 of the apps will have active users.
Ideally I'd like to launch the mod_wsgi daemon process only upon receiving the first request in an app. I managed to avoid the preload but not the daemon process itself.
>> What sort of traffic do they receive? Are they short lived requests less than 500ms, or long lived requests that could last seconds?
On an active application, the request can last seconds indeed (due to complex sql-queries, complex data validation, ...)
And an active user can easily generate a series of such requests. Hence the
>> What Apache MPM are you using (prefork/worker/event) and what are the Apache MPM settings for that MPM?
We're using event MPM (which is the default on our ubuntu 18 server).
The settings are currently:
ServerLimit 90
StartServers 2
MinSpareThreads 30
MaxSpareThreads 60
ThreadLimit 30
ThreadsPerChild 30
MaxRequestWorkers 800
MaxConnectionsPerChild 0
We're using the mod_wsgi version 4.5 packaged with ubuntu 18. After listening to your talk, I'll try out with the latest 4.9 version.
>>For 150 sites I would suggest you are adding too much capacity for each. Even one process with 5 threads can handle a lot of concurrent requests if requests are short lived. If you are trying to support sites which all have long running requests for file uploads etc, you are asking for trouble. The request timeout is ridiculously large, which suggests you might be trying to handle long running file uploads, which as I said is a bad idea.
I hear you... and will reduce that request timeout.
>>
WSGIRestrictEmbedded On
Already have that one indeed.
>> WSGIApplicationGroup %{GLOBAL}
>> This ensures the Python application runs in the main interpreter context and not a sub interpreter. Various Python packages do not work properly in sub interpreters. Ensuring main interpreter context is used will also save a bit of memory as well since don't have the main interpreter context there doing nothing when using a sub interpreter.
Don't have that one yet.
For security reasons, I'd like to keep the python processes for each tenant 100% separated. Does this option violate this?
Johan
Op zondag 16 januari 2022 om 22:42:42 UTC+1 schreef Graham Dumpleton: