httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject Re: [users@httpd] Apache HTTP Server and Tomcat Together
Date Fri, 02 May 2008 16:18:18 GMT
I run Tomcat behind HTTPD, and one of the things I like best about the
arrangement is admittedly trivial:  I don't have to fight with the
Java keytool to set up SSL.

There are some disadvantages:

o  Apache is a large pile of code.  If you are doing nothing but pass
   all requests through it, you are giving yourself more opportunities
   to misconfigure your service and an attacker more potential weak
   spots to probe for.

o  You have to configure and maintain two server products instead of one.

o  Passing requests and responses between two processes via the
   network stack is going to cost you a little performance.  (Although
   I would say that if that little hit is going to be noticed, your
   server is underconfigured.)

I should say that the reason I got started using these in tandem was
that it was difficult and messy to run Tomcat as a nonprivileged user
and yet make it visible on the standard ports (which are only
available to privileged users on most Unix-alikes).  Nowadays you can
use jsvc to start Tomcat with priv.s and then drop them after its
sockets are set up, so that is a less compelling argument.  If I only
wanted HTTPD for privilege separation, I might just do without today.

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

View raw message