tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yuval Perlov <>
Subject Re: httpd SSL -> Tomcat VS. Tomcat SSL standalone?
Date Mon, 28 Apr 2008 18:37:03 GMT
Out tomcat servers are handling around 30K SSL hits every 5 minutes  
with very little effort (10% cpu average on a dual core machine, good  
response time).
We tried to put in httpd in front thinking we can squeeze out better  
performance and memory consumption.
The system just couldn't handle the load and we had to roll back  
(quickly) to a tomcat only configuration.

Hope this helps...

Yuval Perlov

On Apr 28, 2008, at 6:27 PM, Larry Prikockis wrote:

I know the latest edition of the O'Reilly Tomcat book by Brittain and  
Darwin strongly advocates the use of standalone Tomcat as opposed to  
the traditional httpd->Tomcat approach, but this seems to be somewhat  
of a paradigm shift for most people.   I'm interested in hearing what  
the wider community thinks...

Specifically, we have a webapp on a Windows 2003 server that utilizes  
Apache 2.2 SSL as a frontend and mod_proxy_ajp to send requests to  
Tomcat 5.5.17 (on the same server).  By eliminating the Apache  
frontend and just using a Tomcat SSL connector directly, we saw  
performance increases that absolutely dwarfed (400+%) everything else  
we were achieving by tuning various connection parameters of Apache  
httpd and Tomcat.

While I would expect hitting Tomcat directly would be a little faster  
than going through the Apache proxy setup, we didn't expect such  
dramatic differences.  In fact, when comparing Apache w/o SSL ->  
Tomcat, the performance was only a little worse than hitting Tomcat  
HTTP  directly.

My questions:
1) Any thoughts on why the Apache SSL -> Tomcat combination should be  
so much slower?
2) Are there any security downsides to using Tomcat SSL directly as  
opposed to fronting it with Apache httpd?
3) anyone else have any similar (or contradictory?) experiences?

Larry Prikockis
Larry Prikockis
System Administrator
Phone: (240)737-2900

Vecna Technologies, Inc.
5004 Lehigh Rd
College Park, MD 20740-3821
Phone: (301) 864-7253
Fax: (301) 699-3180
240-737-1699 (office)

Better Technology, Better World (TM)

The contents of this message may be privileged and confidential.  
Therefore, if this message has been received in error, please delete  
it without reading it. Your receipt of this message is not intended to  
waive any applicable privilege. Please do not disseminate this message  
without the permission of the author.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message