It is easier to follow the conversation if questions/responses follow in a logical order.
In other words, please do not "top-post".
Asha K S wrote:
> Hi,
>
> Thank you all for helping me in this regard. Can you please point me to documentation
which helps me configure https between Apache and Tomcat.
> Also in AJPv13 extensions proposal (http://tomcat.apache.org/connectors-doc/ajp/ajpv13ext.html)
one add on suggests "Basic authorisation system, where a shared secret key is present in web
server and servlet engine" do we know if this is still under consideration.
>
As far as I know, this exists already, at least with mod_jk.
Look at the documentation for the mod_jk connector , and at the AJP <Connector>
documentation in Tomcat.
I don't know about mod_proxy_ajp.
> Thanks,
> Asha
>
> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com]
> Sent: Wednesday, November 23, 2011 3:19 AM
> To: Tomcat Users List
> Subject: Re: tomcat http connector
>
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Asha,
>>
>> On 11/22/11 2:15 AM, Asha K S wrote:
>>> Is there any performance comparison document available already
>>> between http and AJP
>> It should be easy to test in your own environment.
>>
>> If you are using AJP through another web server, the overhead of the
>> server itself is obviously non-zero.
>>
>> If you're asking about connecting httpd and Tomcat via HTTP or AJP,
>> then you'll have to do your own testing. I'm not sure there are any
>> current performance comparisons out there.
>>
>> If you are using HTTPS in to Tomcat (that is, terminating SSL at
>> httpd, then using HTTPS between httpd and Tomcat) then you definitely
>> want to use the APR (aka "native") connector as it's crypto
>> implementation is much faster than the Java one.
>>
>
> Addendum : but if you do the above, and you are looking for performance, then you should
> at least think of what it means :
>
> browser (1) <-- HTTPS A --> (2) Apache (3) <-- HTTPS B --> (4) Tomcat
>
> (1) encryption (by the browser)
> (2) decryption (by Apache)
> (3) encryption (by Apache)
> (4) decryption (by Tomcat)
>
> encryption/decryption is a CPU-intensive process, so you will want to do it only where
it
> is necessary. If the link between Apache and Tomcat is "safe" (in other words, they
are
> both on the same host, or the link is a safe internal network), then you probably do
not
> want to use HTTPS there.
> Even if the link between Apache and Tomcat is unencrypted HTTP (or AJP), you can still
> pass information from Apache to Tomcat about the browser/Apache HTTPS connection, if
you
> need to.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|