tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Wall" <d.w...@computer.org>
Subject Re: TC 5 production use -- iptables to make it work without root
Date Mon, 09 Feb 2004 17:59:33 GMT
> I'm curious, why don't you use Apache and JK
> connector?
>
> Evgeny Gesin

We currently do, but we're creating a new simpler version for smaller
offices and corporate departmental computing.  The fewer running parts the
better, and the fewer things that need to be patched going forward, the
easier to troubleshoot, etc..  Apache has lots of capabilities that are not
in Tomcat, and some believe that doing SSL in Apache, even with the added
overhead of the JK, is more efficient.  It's even nice when Apache runs on a
front-end web server connected to the Internet and Tomcat runs on a backend
app server that's not directly connected to the Internet.

However, if Tomcat does everything you need, it's a good platform.  By
running it as a normal user, the idea of starting/stopping as 'root' and
having to deal with Apache's security issues (nothing bad, but every
component connected is another component that can be exploited) makes things
simpler for our end customers.

There's nothing wrong with Apache+JK in my opinion.

David


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message