tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian H" <>
Subject Apache 2.0.54/Tomcat 5.5 connector: SSL configuration and performance
Date Tue, 28 Nov 2006 21:30:31 GMT
Hello all,

Thank you for taking a moment to read this...I'm up to my eyeballs
in content from google search results.  I'm learning as quickly as I can,
but could use a hand straightening a few things out.

I have Apache and Tomcat running on the same W2K server, and am trying to
troubleshoot and tweak it's performance.

The setup should be:
  Internet -> Apache -> Tomcat -> Servlet

Where HTTPS connections are handled by Apache.  Since both are running on
the same box, it seems to make sense that there's no point to Apache ->
Tomcat using SSL also, although I'm under the impression that that's how
it's been configured.

Issue 1:
  With this version of Tomcat, I'm running into the known issue where it
sends Pragma: No-Cache and Cache-control: No-cache headers, interfering with
Internet Explorer's ability to launch files into 3rd party applications.
I've tried using the com.jspbook header filter with no success (tomcat's
still sending out the headers).  I have tried a variety of client side
measures (HTTP version 1.0 instead of 1.1, permitting caching of encrypted
pages, and registry entries to override browser behaviour), but only had
success on some systems -- I don't have access to the client machines, which
makes troubleshooting on that side rather awkward.  Access of the resources
over HTTP is fine, as expected.

Issue 2:
  There is an intermittent but significant performance hit that occurs using
HTTPS that just isn't present when using HTTP.  There's the usual SSL
overhead that results in responses being slower in general, however
occasionally it will be over 500% greater, rather than 20-40%.

I believe that the server has been configured to employ SSL in Apache ->
Tomcat communication, as well as Internet -> Apache.  I've been trying to
track down all of the ways that the Apache -> Tomcat portion may be set up
to use SSL, because I want to eliminate them.

I've been wondering if the performance "cap" with Tomcat and SSL still
exists at around 20 connections, and whether that could account for the
occasional performance spike.

I'm also wondering whether the Tomcat no-cache header issue would be
resolved if Apache -> Tomcat communications no longer used SSL.  (seems to
make sense, although I'm unsure whether protocol information is passed on to
Tomcat from Apache, even if their comms are unencrypted)  If so, wahoo!  If
not, any suggestion regarding other methods to eliminate these headers being
sent?  [At the moment, rolling back to Tomcat 4.x where this default
behaviour is absent doesn't seem to be an option]

There seem to be so many ways it could be done at the moment, any
suggestions will be very welcome.  In the mean time, I'll carry on google

Looking forward to any suggestions,

- Ian

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message