tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pedro Stavrinides" <>
Subject Security and Performance Configuration
Date Mon, 25 Feb 2008 08:33:59 GMT
Hi all,

I know this topic, or at least bits and pieces of it, has been covered in
various posts, but just for clarification in my mind I would like the
opinions of experienced Tomcat and Unix/Linux experts about optimizing
performance and security configuration for Tomcat.

As a starting point our configuration is currently this:
- Debian based Linux
- JSVC with Tomcat 6 running Tomcat under a less privileged account
- Apache 2.x front to Tomcat, Tomcat remains on the secure port 8080
- mod_proxy with mod_rewrite for legacy integration and reverse proxy

We use the reverse proxy to integrate our name space, it also enables us to
perform cross site authentication via HTTP headers... please feel free to
comment here, but I see this configuration as not being optimal, Our Java
web applications are performing more and more asynchronous requests so
sooner or later we will have to look at running comet services. From what I
have read in other posts Running Apache in front would be a liability in
this case.

>From a security standpoint I don't see it as ideal either... two web servers
make for two targets, but nevertheless many people believe that Tomcat is
more secure behind Apache (I don't share this opinion), please share your


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message