tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Georges <>
Subject RE: web hosting with tomcat
Date Fri, 01 Jul 2005 11:30:57 GMT
I agree it is the simplest, however I would not recommend it, for at least
2 reasons
1. You will have to run your apache server on a different port if you have
one, and tell everyone to connect to that port... not very practical and
not a standard port.
Apache offers a lot more features that are not existing in tomcat. If you
don't want or need these features, then this is an option.
2. As you mentioned, security. I would recommend to leave apache in front
of Tomcat. Even if tomcat is getting there in term of security, apache is
much more mature in that respect. Make sure you do not leave tomcat ports
to the outside world. 80 is enough [and 443 for HTTPS]. It will also be
harder to compromise tomcat if behind apache.

Hope this helps
Bruno Georges

Glencore International AG
Tel. +41 41 709 3204
Fax +41 41 709 3000

                      "Peter Crowther"                                                   
                      <Peter.Crowther@me         To:      "Tomcat Users List" <>
            >                cc:                                  
                                                 Subject: RE: web hosting with tomcat    
                      01.07.05 13:07                                                     
                      Please respond to  Distribute:                                     
                      "Tomcat Users      Personal?               |-------|               
                      List"                                      | [ ] x |               

> From: vishwam []
> can tomcat serve as  web server alone?


> Please can any one tell me the procedure what should be done ?

At the simplest, edit conf/server.xml to change port 8080 to port 80 and
restart Tomcat so that it reads the new port.  However, you may also
want to take further steps to harden Tomcat before exposing it on the
Internet - for example removing the standard applications and tightening
up the configuration options.  There was a discussion on-list about this
a while back if my memory isn't playing tricks on me; try an archive
search for securing or hardening Tomcat.

                         - Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message