tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: tomcat http connector
Date Wed, 23 Nov 2011 12:29:37 GMT
It is easier to follow the conversation if questions/responses follow in a logical order.
In other words, please do not "top-post".

Asha K S wrote:
> Hi,
> Thank you all for helping me in this regard. Can you please point me to documentation
which helps me configure https between Apache and Tomcat.
> Also in AJPv13 extensions proposal (
one add on suggests "Basic authorisation system, where a shared secret key is present in web
server and servlet engine" do we know if this is still under consideration.

As far as I know, this exists already, at least with mod_jk.
Look at the documentation for the mod_jk connector , and at the AJP <Connector> 
documentation in Tomcat.
I don't know about mod_proxy_ajp.

> Thanks,
> Asha
> -----Original Message-----
> From: André Warnier [] 
> Sent: Wednesday, November 23, 2011 3:19 AM
> To: Tomcat Users List
> Subject: Re: tomcat http connector
> Christopher Schultz wrote:
>> Hash: SHA1
>> Asha,
>> On 11/22/11 2:15 AM, Asha K S wrote:
>>> Is there any performance comparison document available already
>>> between http and AJP
>> It should be easy to test in your own environment.
>> If you are using AJP through another web server, the overhead of the
>> server itself is obviously non-zero.
>> If you're asking about connecting httpd and Tomcat via HTTP or AJP,
>> then you'll have to do your own testing. I'm not sure there are any
>> current performance comparisons out there.
>> If you are using HTTPS in to Tomcat (that is, terminating SSL at
>> httpd, then using HTTPS between httpd and Tomcat) then you definitely
>> want to use the APR (aka "native") connector as it's crypto
>> implementation is much faster than the Java one.
> Addendum : but if you do the above, and you are looking for performance, then you should

> at least think of what it means :
> browser (1) <-- HTTPS A --> (2) Apache (3) <-- HTTPS B --> (4) Tomcat
> (1) encryption (by the browser)
> (2) decryption (by Apache)
> (3) encryption (by Apache)
> (4) decryption (by Tomcat)
> encryption/decryption is a CPU-intensive process, so you will want to do it only where
> is necessary.  If the link between Apache and Tomcat is "safe" (in other words, they
> both on the same host, or the link is a safe internal network), then you probably do
> want to use HTTPS there.
> Even if the link between Apache and Tomcat is unencrypted HTTP (or AJP), you can still

> pass information from Apache to Tomcat about the browser/Apache HTTPS connection, if
> need to.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message