tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Apache httpd reverse proxy setup
Date Tue, 06 Nov 2012 04:12:52 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marko,

On 10/31/12 3:55 PM, Marko Asplund wrote:
> There are at least 3 different approaches for configuring Apache
> httpd 2.2 to act as a reverse proxy for Tomcat 7.0:
> 
> a) mod_proxy_http b) mod_proxy_ajp c) mod_jk
> 
> There's been quite a lot of discussion about the differences of
> each one but a lot of that discussion appears to be either not very
> analytical or outdated.
> 
> What are the current differences and tradeoffs with using these 
> alternatives?

I recently updated http://wiki.apache.org/tomcat/FAQ/Connectors#Q2. YMMV.

> Quite a few writers appear recommend mod_jk if performance and HA
> features are critical. But Apache 2.2 mod_proxy supports some load
> balancing and failover features through mod_proxy_balancer.

mod_jk also supports lb and failover; just configured differently.

> Also, mod_cache can be used to offload static resource serving from
> the back-end to provide something similar to JkMount.

I suppose you are saying that they can be configured equivalently?

> Does mod_jk still have a lead when it comes to these features?

At this point, mod_proxy_ajp has pretty much achieved feature-parity
with mod_jk. If you want encryption between httpd and Tomcat,
mod_proxy_http (with an https:// backend-URL) is the easiest to
implement, but then you may have to manually-forward lots of the
original SSL information across the HTTP connection -- you get that
all for free with AJP (either mod_jk or mod_proxy_ajp).

> From a setup point of view, using mod_proxy_http/ajp is a lot
> simpler than mod_jk because e.g. on a Linux system you can
> typically install these using a system package manager.

+1

> For mod_jk you need to either have a compilation environment on
> your production system (which the sysops don't like) or compile and
> package the module on another machine with a compatible OS setup.

Correct.

My advice is for new projects to start with mod_proxy_ajp for the
reasons you have listed above (pretty much ease of both installation
and configuration). IMO there is no compelling reason for anyone using
one or the other to switch, unless you find that you can't get a
certain configuration to work (which was the case with me a long time
back): it's better to stick with a technology that you know how to
configure properly than to switch just because "it's easier" even
though you don't know what you're doing.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCYjkQACgkQ9CaO5/Lv0PA0QACgkeaV1OBdCNYV9i4mDNm31R8S
OfYAnRH1tVDfyQq4TF0At41baJByDVh/
=p6vx
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message