tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: tomcat http connector
Date Wed, 23 Nov 2011 12:29:37 GMT
It is easier to follow the conversation if questions/responses follow in a logical order.
In other words, please do not "top-post".


Asha K S wrote:
> Hi,
> 
> Thank you all for helping me in this regard. Can you please point me to documentation
which helps me configure https between Apache and Tomcat.
> Also in AJPv13 extensions proposal (http://tomcat.apache.org/connectors-doc/ajp/ajpv13ext.html)
one add on suggests "Basic authorisation system, where a shared secret key is present in web
server and servlet engine" do we know if this is still under consideration.
> 

As far as I know, this exists already, at least with mod_jk.
Look at the documentation for the mod_jk connector , and at the AJP <Connector> 
documentation in Tomcat.
I don't know about mod_proxy_ajp.


> Thanks,
> Asha
> 
> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com] 
> Sent: Wednesday, November 23, 2011 3:19 AM
> To: Tomcat Users List
> Subject: Re: tomcat http connector
> 
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Asha,
>>
>> On 11/22/11 2:15 AM, Asha K S wrote:
>>> Is there any performance comparison document available already
>>> between http and AJP
>> It should be easy to test in your own environment.
>>
>> If you are using AJP through another web server, the overhead of the
>> server itself is obviously non-zero.
>>
>> If you're asking about connecting httpd and Tomcat via HTTP or AJP,
>> then you'll have to do your own testing. I'm not sure there are any
>> current performance comparisons out there.
>>
>> If you are using HTTPS in to Tomcat (that is, terminating SSL at
>> httpd, then using HTTPS between httpd and Tomcat) then you definitely
>> want to use the APR (aka "native") connector as it's crypto
>> implementation is much faster than the Java one.
>>
> 
> Addendum : but if you do the above, and you are looking for performance, then you should

> at least think of what it means :
> 
> browser (1) <-- HTTPS A --> (2) Apache (3) <-- HTTPS B --> (4) Tomcat
> 
> (1) encryption (by the browser)
> (2) decryption (by Apache)
> (3) encryption (by Apache)
> (4) decryption (by Tomcat)
> 
> encryption/decryption is a CPU-intensive process, so you will want to do it only where
it 
> is necessary.  If the link between Apache and Tomcat is "safe" (in other words, they
are 
> both on the same host, or the link is a safe internal network), then you probably do
not 
> want to use HTTPS there.
> Even if the link between Apache and Tomcat is unencrypted HTTP (or AJP), you can still

> pass information from Apache to Tomcat about the browser/Apache HTTPS connection, if
you 
> need to.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message