tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Asha K S <a...@adobe.com>
Subject RE: tomcat http connector
Date Wed, 23 Nov 2011 10:53:01 GMT
Hi,

Thank you all for helping me in this regard. Can you please point me to documentation which
helps me configure https between Apache and Tomcat.
Also in AJPv13 extensions proposal (http://tomcat.apache.org/connectors-doc/ajp/ajpv13ext.html)
one add on suggests "Basic authorisation system, where a shared secret key is present in web
server and servlet engine" do we know if this is still under consideration.

Thanks,
Asha

-----Original Message-----
From: André Warnier [mailto:aw@ice-sa.com] 
Sent: Wednesday, November 23, 2011 3:19 AM
To: Tomcat Users List
Subject: Re: tomcat http connector

Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Asha,
> 
> On 11/22/11 2:15 AM, Asha K S wrote:
>> Is there any performance comparison document available already
>> between http and AJP
> 
> It should be easy to test in your own environment.
> 
> If you are using AJP through another web server, the overhead of the
> server itself is obviously non-zero.
> 
> If you're asking about connecting httpd and Tomcat via HTTP or AJP,
> then you'll have to do your own testing. I'm not sure there are any
> current performance comparisons out there.
> 
> If you are using HTTPS in to Tomcat (that is, terminating SSL at
> httpd, then using HTTPS between httpd and Tomcat) then you definitely
> want to use the APR (aka "native") connector as it's crypto
> implementation is much faster than the Java one.
> 

Addendum : but if you do the above, and you are looking for performance, then you should 
at least think of what it means :

browser (1) <-- HTTPS A --> (2) Apache (3) <-- HTTPS B --> (4) Tomcat

(1) encryption (by the browser)
(2) decryption (by Apache)
(3) encryption (by Apache)
(4) decryption (by Tomcat)

encryption/decryption is a CPU-intensive process, so you will want to do it only where it

is necessary.  If the link between Apache and Tomcat is "safe" (in other words, they are 
both on the same host, or the link is a safe internal network), then you probably do not 
want to use HTTPS there.
Even if the link between Apache and Tomcat is unencrypted HTTP (or AJP), you can still 
pass information from Apache to Tomcat about the browser/Apache HTTPS connection, if you 
need to.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message